Comments (3)
Thanks for reporting - interesting case I hadn't considered.
It's definitely an error I can handle better - but I don't think it's as simple as treating it as a success either. From what I can tell, if the user's password is expired - ANY password will result in this KDC error. If we treated it as a success you'd get a lot of "false positives" thinking you got a valid login when you really don't.
One thing that may be possible is when that error is encountered is to attempt a password reset with the current password guess. I don't want this tool to actually change or reset any passwords, so I'll have to see if there's a way to "test" it and then abort before a reset actually happens.
from kerbrute.
Okay nevermind - it does only give that error if the password is correct. I was testing against a user who had pre-auth disabled (another edge case to deal with). I'll cut a new branch to handle both cases
from kerbrute.
Fixed in #12
I'll cut a new release shortly with this fix. Thanks!
from kerbrute.
Related Issues (20)
- Typo HOT 2
- [Feature Request] Pass the Hash Support HOT 3
- Please delete
- [feature request] decoy
- Kerbrute erroring out on some accounts HOT 1
- Error: accepts 1 arg(s), received 2 HOT 1
- Kerbrute running into Encoding Error HOT 6
- KDC ERROR - Wrong Realm.
- ARM version? HOT 5
- close
- Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated HOT 4
- kerbrute not working with aarch64 HOT 2
- Error execution
- [Feature Request] Semi-Safe mode
- Password spray attempt increase badPwd counter by 2 HOT 2
- ARM binary support HOT 1
- panic: runtime error: invalid memory address or nil pointer dereference
- Error ensure resolv.conf
- Realm gets uppercase'd which doesn't work with Linux Kerberos 5 implementation
- Error on redirection on the "release" link
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kerbrute.