echidna icon indicating copy to clipboard operation
echidna copied to clipboard
verified publisher icon CroweCybersecurity

krbprincipalkey

Open HynekPetrak opened this issue 6 years ago • 0 comments

Hi, would you know on how to process the krbprincipalkey LDAP attributes to be able to brute force the original password?

Implementation of the key generation is here: https://github.com/jtux270/translate/blob/d242673d7f6cf787e086d7d89fa3291f814a95d8/FreeIPA/freeipa-3.0.0/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c#L105

The value of krbprincipalkey attribute is asn.1 encoded:

 
SEQUENCE (4 elem)
  [0] (1 elem)
    INTEGER 1
  [1] (1 elem)
    INTEGER 0
Offset: 10
Length: 2+1
Value:
0
  [2] (1 elem)
    INTEGER 1
  [4] (1 elem)
    SEQUENCE (2 elem)
      SEQUENCE (1 elem)
        [1] (1 elem)
          SEQUENCE (2 elem)
            [0] (1 elem)
              INTEGER 18
            [1] (1 elem)
              OCTET STRING (60 byte) BB4755A5D7B553A9B40108E1...
      SEQUENCE (1 elem)
        [1] (1 elem)
          SEQUENCE (2 elem)
            [0] (1 elem)
              INTEGER 23
            [1] (1 elem)
              OCTET STRING (44 byte) A6C72FB492C3C842CEEC3…

Seems the 18 and 23 refer to AES256 and RC4 encryptions type, but the string lengths are weird ...

HynekPetrak avatar Sep 20 '19 15:09 HynekPetrak