windows kerberos dump
Amit Portnoy
amit.portnoy at gmail.com
Mon Aug 20 14:03:49 MDT 2012
I was actually more interested to hear about HOW (or where in the code) you
read this information from windows active directory (not how to use the
samba tool).
I've just spend days trying to figure how to read this information...
microsoft's documentation seems very inaduqate (where do I get the
supplementalCredentials and how do I parse it??) and there aren't many
tools that use this information except samba and some protocol sniffing
tools (which aren't much help).
Any help is very appreciated, thanks again,
Amit
On Mon, Aug 20, 2012 at 6:55 PM, Stefan (metze) Metzmacher
<metze at samba.org>wrote:
> Am 20.08.2012 14:18, schrieb Andrew Bartlett:
> > On Mon, 2012-08-20 at 14:46 +0300, Amit Portnoy wrote:
> >> Hi,
> >>
> >> I found some old messages stating that samba can export principles data
> >> from windows active directory.
> >>
> >> I'm trying to figure out where is the code that does that?
> >>
> >> I need to get the AES keys used by the active directory's KDC (kerberos)
> >> when signing server tickets (documentation state that it is part of the
> >> supplementalCredentials structure.. but nothing on the structure
> internals
> >> or how to get it).
> >>
> >> (I'm not hacking, I have full privilege in the active directory server
> (and
> >> able to run as lsass.exe service))
> >
> > Join the domain with Samba4, then run 'samba-tool domain exportkeytab'.
> > (I figure keytab format is probably the easiest for you to apply to
> > whatever your task is).
> >
>
> net rpc vampire keytab -I <ip> -U<admin-account> /absolute/path/to/keytab
> of 3.6 oder higher would also eyport all keys. (you can also run this
> multiple times to just update the keytab.
> With this command there won't be a new DC object in the AD domain
> as it just runs as administrator.
>
> metze
>
>
More information about the samba-technical
mailing list