search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.24k stars 13.79k forks source link

keytab file format is incompatible #18360

Closed nsvicp closed 7 months ago

nsvicp commented 9 months ago

I try to create keytab to decrypt kerberos traffic References:https://docs.metasploit.com/docs/pentesting/active-directory/kerberos/keytab.html

use auxiliary/gather/windows_secrets_dump
set smbuser administrator
set smbpass xxxxxxx
set rhost xxxxxxx
set domain xxxxxxx
run
use admin/kerberos/keytab
run action=EXPORT keytab_file=/root/msf.keytab

I get a keytab file but klist can't see the data

klist -ekt msf.keytab

image

msf can see the data

use auxiliary/admin/kerberos/keytab
set KEYTAB_FILE /root/msf.keytab
run
Keytab entries
==============

 kvno  type              principal                                   hash                                                              date
 ----  ----              ---------                                   ----                                                              ----
 1     23 (RC4_HMAC)     Administrator@                              cff60c5xxxxxxxxxxxxxxxxx3
Omit ....................

image

wireshark cannot decrypt any traffic using msf.keytab

adfoster-r7 commented 9 months ago

I haven't been able to replicate this; Unfortunately we'd need replication steps/an example keytab file to investigate

github-actions[bot] commented 9 months ago

It looks like there's not enough information to replicate this issue. Please provide any relevant output and logs which may be useful in diagnosing the issue.

This includes:

The easier it is for us to replicate and debug an issue means there's a higher chance of this issue being resolved.

github-actions[bot] commented 8 months ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] commented 7 months ago

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

adfoster-r7 commented 7 months ago

None of the dev team have been able to replicate this issue unfortunately, without an example file - we won't be able to debug and fix this