skelsec
commented
5 years ago Hello.
Please submit the problematic LSASS dumps, if you can. Otherwise I'll not be able to assist you on the NT/LM issue.
CCACHE files can be loaded to MIT Kerberos for sure, there was an issue with the older versions of minikerberos library (that generates the CCACHE file) but the new version -from github, havent got time to package it yet- solves the issue, and I got a user verification that it indeed works with MIT Kerberos's klist and other tools. See issue here
Converting kirbi files to ccache and back can be done with minikerberos (it comes installed default when you install pypykatz). Use the ccache2kirbi.py and kirbi2ccache.py to do that.
Hi!
I have used pypykatz recently and noticed in a particular system that the NTML dumped was different from the one dumped with Mimikatz, I was curious if it could be this issue:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
I dumped the .kerbi and .ccache file and I wanted to use it on Linux, but the .ccaches is a integrated file and can't be used, the old and good kirbikator I can't find online anymore. I used the Kekeo to try convert but it does nothing. If I try to load with the latest version of MIT kerberos it says that the version of the ticket file is not supported when I call klist.
How do you do it?
Thanks.