Ethereal-users: Re: [Ethereal-users] Re: decrypt Kerberos data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Xiaoguang Liu <syslxg@xxxxxxxxx>
Date: Wed, 17 Aug 2005 21:27:18 +0800
Sure I will.
In fact, I went to the wiki before I sent mail to this list. I was
really a little bit sad when I could not find info about decryption
kerberos there. Now hope some one  can get some help from my post.



On 8/17/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> No worries.
> 
> 
> Good that it works for you now.
> 
> 
> Since you have already mailed both the keytab and the capture file to
> a public mailing list;
> 
> maybe you can add a small "decrypting kerberos" page to the wiki and
> attach the keytab and capture file to that page    so that others can
> test the feature as well?
> And some descruption on how to create a keytab file if you only know
> the password?
> 
> That would be a GREAT addition to the wiki!
> 
> 
> best regards
>   ronnie
> 
> On 8/17/05, Xiaoguang Liu <syslxg@xxxxxxxxx> wrote:
> > yes....... now I see it too.
> > that is to say, I already made it yesterday! But I failed to find out.
> > maybe I did some something stupid. Execuse my bothering. Thank you for
> > your time and effort.
> >
> >
> >
> > On 8/17/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > > Hm,
> > >
> > >
> > > It decrypts both des and rc4 just fine on my machine.
> > >
> > > See attached output for some of the packets.
> > >
> > >
> > > You have enabled  kerberos decryption in the preferences, right?
> > > And specified the proper path to the keytab file?
> > >
> > >
> > >
> > > On 8/16/05, Xiaoguang Liu <syslxg@xxxxxxxxx> wrote:
> > > > Hi all,
> > > >
> > > > When I know ethereal 0.10.12 can decrypt kerberos data, I was so
> > > > excitting. But after testing and research 20+ hours, I failed to work
> > > > this feature out. Now I am wondering what on earth did I do wrong.
> > > >
> > > > Below is my last test, after creating keytab and capture kerberos
> > > > traffic, I still can not see the decrypted kerbers info. Every things
> > > > looks the same as I did not specify a keytab file. ( I did enable the
> > > > "try to decrypt kerberos blob" option)
> > > > I also attach the keytab and cap trace file. Please help me check what
> > > > would be the problem.
> > > >
> > > > It will also be highly appricated if anyone can send me a sample of
> > > > keytab and cap file, so that I can have a look at this cool feature.
> > > >
> > > > OS: Fedora core 4
> > > > Ethereal: ethereal-0.10.12.SVN.15374-1.fc4.i386.rpm from
> > > > http://www.ethereal.com/distribution/buildbot-builds/rpm/
> > > >
> > > > KDC: windows 2003 (IP 10.5.3.1)
> > > > realm: DENYDC.COM
> > > > princ:
> > > > 1. u5@xxxxxxxxxx
> > > > dump NT hash by dumpwd3e.exe, then create keytab file by ktutil on FC4
> > > > ktutil:addent -key -p u5@xxxxxxxxxx -k 3 -e arcfour-hmac-md5
> > > > 2. des@xxxxxxxxxx (
> > > > create keytab file ktpass.exe on windows 2003
> > > >
> > > > file attached:
> > > > 816.key, contains keys for u5 and des
> > > > 816.cap, des and u5 login for a Windows XP
> > > > 816fc4.cap, des and u5 login from FC4 by "kinit -k -t 816.key
> > > > u5@xxxxxxxxxx"
> > > >
> > > >
> > >
> > >
> > > _______________________________________________
> > > Ethereal-users mailing list
> > > Ethereal-users@xxxxxxxxxxxx
> > > http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >
> > >
> > >
> > >
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>