Bugtraq mailing list archives
L0pht: Kerberos 4 Attack tool
From: owner-bugtraq () netspace org (Gary McGraw)
Date: Thu, 27 Feb 1997 17:28:29 -0500
A brief while ago l0pht released a Kerb4 advisory: Release: 11/22/96 Application: Kerb4 Platforms: Sites running Kerb4 Severity: Remote users can dictionary crack kerberos user accounts without needing to know the username or kerberos realm name. Author: mudge () l0pht com We are pleased to be able to release the tool mentioned in the advisory to the internet community. We had previously been asked not to release the tool by a Friend of the L0pht. This Friend has now made it known to us that their interest in said matter is done (bigger and better things I guess). As usual, standard disclamers apply: ie do not do _bad_ things with this tool. We take no responsibility for problems, hardships, damages incurred, etc. Caution: filling is hot. The tool is available as a uuencoded compressed tar file off of the URL http://www.l0pht.com/advisories.html under the Kerb4 advisory. If people are unable to retrieve the file send me e-mail and I will dump it to these mailing lists. enjoy, .mudge
Current thread:
- Re: BIG Security Hole in Solaris 2.X (X)passwd + exploit (fwd) Aggelos P. Varvitsiotis (Feb 27)
- Re: BIG Security Hole in Solaris 2.X (X)passwd + exploit (fwd) Casper Dik (Feb 27)
- L0pht: Kerberos 4 Attack tool Gary McGraw (Feb 27)