Category:Penetration-testing/Kerberos
Jump to navigation
Jump to search
What is Kerberos?
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
Kerberos vs NTLM
The Kerberos protocol is not a Microsoft invention, but Microsoft integrated their version of Kerberos in Windows2000, and it is now replacing NT Lan Manager (NTLM), which was a challenge-response authentication protocol.
Kerberos benefits from a stronger encryption, which improves the security as compared to NTLM.
Kerberos attacks
| Attack | Description | Tool |
|---|---|---|
| Pass-the-ticket | the process of forging a session key and presenting that forgery to the resource as credentials | |
| Pass-the-hash | authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. | Pass-The-Hash |
| Overpass The Hash/Pass The Key (PTK) | GetTGT | |
| Pass The Ticket (PTT) | mimikatz, rubeus, impacket | |
| Golden Ticket | A ticket that grants a user domain admin access | mimikatz, rubeus, impacket |
| Silver Ticket | A forged ticket that grants access to a service | mimikatz, rubeus, impacket |
| Brute force | automated continued attempts to guess a password | kerbrute, rubeus |
| Encryption downgrade with Skeleton Key Malware | A malware that can bypass Kerberos, but the attack must have Admin access | |
| DCShadow attack | a new attack where attackers gain enough access inside a network to set up their own DC to use in further infiltration | |
| ASREPRoast | AS-REP Roasting is an attack against Kerberos for user accounts that do not require preauthentication. | Impacket/GetNPUsers, rubeus |
| Kerberoasting | Kerberoasting is an attack method that allows an attacker to crack the passwords of service accounts in Active Directory offline and without fear of detection. (More info) | Impacket/GetUserSPNs, rubeus |
Pages in category "Penetration-testing/Kerberos"
The following 12 pages are in this category, out of 12 total.