Nmap Development mailing list archives
Re: Kerberos probes for nmap
From: Patrik Karlsson <patrik () labb1 com>
Date: Mon, 28 Dec 2009 17:28:43 +0100
Here's a first attempt on that script. It tries to retrieve both the realm and the server time from the error message. I have tested it against W2K3 where it retrieves both and against Heimdal on Linux where it only extracts the time. The script name may be slightly misleading, but getting the realm name is what I initially wanted to do. As always, comments, suggestions and bug reports are welcome. /Patrik
Attachment:
kerberos-get-realm.nse
Description:
On 22 dec 2009, at 17.50, David Fifield wrote:
On Tue, Dec 22, 2009 at 08:40:13AM +0100, Patrik Karlsson wrote:Heimdal now returns an error "No client in request" while Windows is saying KDC_ERR_WRONG_REALM. When building my KrbGuess tool, that guesses valid usernames against a Kerberos server, I had to look into the details of the Kerberos protocol. I wrote some code that builds Kerberos packets, that unfortunately doesn't handle removing the stuff I have done now. So I have done it all by hand too.I've committed the new probe. Good job! I think we have a solid probe and match lines now. It's even possible to extract the server's clock setting from the error reply. It's a pity we can't use the probe that makes Windows disclose the realm. Out of curiosity, what were the contents of the reply? Maybe it can be made into an NSE script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Kerberos probes for nmap Patrik Karlsson (Nov 28)
- Re: Kerberos probes for nmap David Fifield (Dec 12)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 12)
- Re: Kerberos probes for nmap David Fifield (Dec 15)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 15)
- Re: Kerberos probes for nmap David Fifield (Dec 21)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 21)
- Re: Kerberos probes for nmap David Fifield (Dec 22)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 28)
- kerberos-get-realm.nse David Fifield (Dec 31)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 15)
- Re: Kerberos probes for nmap David Fifield (Dec 12)
- Re: Kerberos probes for nmap Patrik Karlsson (Dec 21)