👉 Overview
👀 What ?
Kerberos is a computer-network authentication protocol that allows nodes to securely identify each other in a non-secure network. It's used predominantly in Microsoft's Active Directory and uses the TCP/UDP port 88.
🧐 Why ?
Understanding Kerberos and its vulnerabilities is crucial because it's widely used in enterprise environments, particularly in Active Directory domains. Exploiting these vulnerabilities can lead to severe consequences such as unauthorized access and data breaches.
⛏️ How ?
Pentesting Kerberos involves various steps: \n1. Identifying the service: Use network scanning tools like Nmap to find the Kerberos service.\n2. Enumeration: Extract valuable information such as usernames using tools like Kerbrute.\n3. Exploitation: Perform attacks such as Pass-the-Ticket or Kerberoasting to gain unauthorized access.\n4. Post-Exploitation: After gaining access, further exploit the system to escalate privileges or exfiltrate data.
⏳ When ?
Kerberos was developed in the 1980s at MIT as part of the Athena Project. It has since become a standard protocol for network authentication, especially in Windows-based environments.
⚙️ Technical Explanations
Kerberos consists of a Key Distribution Center (KDC) which has two components: the Authentication Server (AS) and the Ticket Granting Server (TGS). When a client wants to access a service, it sends a request to the AS which responds with a Ticket Granting Ticket (TGT). This TGT is encrypted with a key derived from the password of the user. The client then sends this TGT to the TGS, which responds with a service ticket that the client can use to access the desired service. Vulnerabilities in this process can be exploited in various ways, such as replaying tickets (Pass the Ticket attack), or cracking the TGT's encryption (Kerberoasting).