Ethereal-users: [Ethereal-users] Fwd: Decode Kerberos PAC

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Xiaoguang Liu <syslxg@xxxxxxxxx>
Date: Fri, 25 Nov 2005 19:51:14 +0800
---------- Forwarded message ----------
From: Xiaoguang Liu <syslxg@xxxxxxxxx>
Date: Nov 25, 2005 7:49 PM
Subject: Decode Kerberos PAC
To: ethereal-users-bounces@xxxxxxxxxxxx


hi all,

is there any body who has decoded Kerboeros PAC (Privilege Attribute
Certificate) with Ethereal?

I notice that "kerberos.pac" is a valid filter. So Ethereal should be
able to do that.

I suppose the PAC can be found in the ticket of AS-reponse packet and
a keytab file should be gaven to decrypted the ticket.

I believe the KDC's master key on a Windows2003 Domain Controller is
the password hash of user accont, "krbtgt". I dumped the password hash
of that user and input it to a keytab. But I failed th decrypted the
ticket in AS-Resp.

Any one can give me a hand?

I may post the trace and keytab later.