Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Golden ticket, pass the ticket mi tm kerberos attacks explained


Published on

Presenting the Kerberos protocol, flaws and mitigation

Published in: Technology
  • Be the first to comment

Golden ticket, pass the ticket mi tm kerberos attacks explained

  1. 1. Kerberos attacks explained ….somewhat By Peter Swedin
  2. 2. Easy authentication
  3. 3. • The user Alice logs on to her domain joined client. • Alice then accesses the intranet. • User is greeted with ”Welcome Alice!” without authenticating to the web service. • Kerberos SSO!
  4. 4. The handshake
  5. 5. Challenges • KDC validation • Replay attacks • Downgrade attacks • Pass-the-ticket attacks
  6. 6. MitM • An Attacker can trick the client into believing he is the KDC during the AS negotiation • But in order to create the Service Ticket the attacker has to know the shared secret between the client and the KDC…
  7. 7. The problem with AS_REQ • During password authentication, AS_REQ is encrypted with a key derived from the password. • Most of AS_REQ is sent in the clear (without server validation), making it possible for man-in- the middle attacks
  8. 8. The problem with ERR PREAUTH REQUIRED • A phony KDC can ask the client to use a weak encryption algorithm (downgrade etype attack) • DES and Windows ”export grade” RC4 are vulnerable to brute-forcing and dictionary attacks • The MITM attacker can manipulate the seed making the key easier to crack
  9. 9. Platforms vulnerable to etype downgrade attacks • MIT Kerberos v1.7 and below will accept any form of DES • Windows 2008 / Vista and prior will accept any form of DES
  10. 10. MitM • When a client computer joins the domain, there is no need for a Service Ticket The attacker can own the client and its identity by acting as a proxy between the real KDC and the client
  11. 11. Smart card Kerberos auth in pre- Windows 2008R2 domains is vulnerable to MiTM attacks • Windows clients will not check the DC certificate for the EKU (Enhanced Key Usage) id-pkinit-PKPKdc, unless told to do so. • For whatever reason the Server Authentication EKU is considered enough, making every client with a computer certificate a possible MiTM platform.
  12. 12. Pass-the-Ticket Attack The Attack The Pass-the-Ticket attack enables an attacker to authenticate to a Windows server using the Kerberos "ticket granting ticket" of a user recently logged into the domain. After previously compromising and gaining privileged access to a computer logged into the domain, the attacker extracts the Kerberos ticket granting ticket and uses it to access all servers the victim is authorized to access.
  13. 13. Pass-the-Ticket Attack Tools • Tools for the attack include: • Windows Credentials Editor (WCE), • KDE Replay, • Corelab Pass-the-Hash Toolkit, SMBShell • Mimikatz
  14. 14. The Golden Ticket • Using pass-the-ticket or pass-the-hash, gain Domain administrator privileges • Obtain the NTLM hash from the krbtgt user from a pre-2008R2 Domain Controller • Use Mimikatz to produce fake TGT for any user (even non existing users will work) • Pwnd
  15. 15. Risk asessment – Kerberos attacks Popularity Low Ease of Implementation Medium/easy Impact high Remotely Exploitable Yes Risk High
  16. 16. Hardening Microsoft Kerberos • Use ONLY Windows 2012R2 Domain Controllers • Use AES 256 • Disallow etype downgrade • Use Kerberos KDC certificates (requires a 2008 R2 Certificate Authority or later) • Enable the GPO ”Require strict KDC validation” • Only allow clients to join the domain from a separate, secure network segment
  17. 17. Pass-the-Ticket Defenses Very hard to detect, since it is a valid protocol doing valid things Change KRBTGT password, TWICE Upgrade to 2012R2 on ALL DCs Or apply patch KB 2871997 (A SIEM solution may be able to determine that the ticket granting ticket is being used inappropriately).
  18. 18. Questions?