[Samba] Keytab extraction for tshark analyze

Lapin Blanc fabien.toune at lapin-blanc.com
Sat May 12 14:28:52 UTC 2018


Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on
Centos 7).
I can't figure out how to extract keytab with password/keys.
I follow precisely the instructions at
https://wiki.samba.org/index.php/Keytab_Extraction
But it seems like I only get slot, kvno and principal, can't find a way to
get passwords or keys.
Any idea someone ?

ktutil:  rkt decode.keytab
ktutil:  l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
   1    1           Administrator at WONDERLAND.INFRA
   2    1           Administrator at WONDERLAND.INFRA
   3    1           Administrator at WONDERLAND.INFRA
   4    1           Administrator at WONDERLAND.INFRA
   5    1           Administrator at WONDERLAND.INFRA
   6    2                   alice at WONDERLAND.INFRA
   7    2                   alice at WONDERLAND.INFRA
   8    2                   alice at WONDERLAND.INFRA
   9    2                   alice at WONDERLAND.INFRA
  10    2                   alice at WONDERLAND.INFRA
  11    2             whiterabbit at WONDERLAND.INFRA
  12    2             whiterabbit at WONDERLAND.INFRA
...


More information about the samba mailing list