Rex Kerberos Protocol

Useful resources

• MS-KILE - Microsoft's Kerberos Extensions

• Microsoft's Principal Name Canonicalization, with Realms and EncKDCRepPart changes to include encrypted-pa-data

• Newer Kerberos V5 spec

• Older Kerberos V5 spec - contains useful implementation details

• The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows

• IANA - Kerberos Parameters

• Kerberos Version 5 GSS-API Mechanism

• Using Kerberos with a service, such as SMB

API Gotchas

The API fields cname and client_name, as well as sname and server_name are not interchangeable. The cname and sname values are objects to be encoded into a Kerberos packet, but can be generated by specifying simpler client_name or server_name strings.

Development

Decrypting encrypted Kerberos blobs

The Kerberos protocol makes use of encrypted values which will show as an opaque blob of hex characters in Wireshark. Look at the module documentation in modules/auxiliary/admin/kerberos/keytab.md for ways to decrypt wireshark traffic using keytab files.