{"id":222,"date":"2014-03-27T20:18:32","date_gmt":"2014-03-27T20:18:32","guid":{"rendered":"http:\/\/www.hackwhackandsmack.com\/?p=222"},"modified":"2014-04-07T09:59:56","modified_gmt":"2014-04-07T09:59:56","slug":"using-kerberos-authentication-without-using-a-pc-that-is-part-of-the-domain","status":"publish","type":"post","link":"https:\/\/www.hackwhackandsmack.com\/?p=222","title":{"rendered":"Using Kerberos Authentication without using a PC that is part of the Domain"},"content":{"rendered":"<p>Hi All,<\/p>\n<p>Recently I was doing some pentesting and needed to connect to a website using Integrated Windows Authentication (IWA) with only support for Kerberos allowed. At first I thought I was pretty much in a dead end because almost every post insinuates for Kerberos authentication to work your client machine needs to be added to the domain.<\/p>\n<p>Well In a Word You Don&#8217;t!!!<\/p>\n<p>It is possible to have your own Linux or Windows machine connect to a website using kerberos tickets. In order to set this up I needed to configure a few things.<\/p>\n<pre><strong>apt-get install krb5-config<\/strong>\r\n<strong>apt-get install libpam-krb5<\/strong>\r\n<strong>apt-get install krb5-kdc<\/strong>\r\n<strong>dpkg-reconfigure krb5-config<\/strong><\/pre>\n<pre><strong>kinit ben@HACME.NET (Must be uppercase as its a Kerberos REALM)<\/strong>\r\n<strong>klist (Shows all tickets granted)<\/strong><\/pre>\n<pre>klist\r\nTicket cache: FILE:\/tmp\/krb5cc_0\r\nDefault principal: ben@HACKME.COM\r\n\r\nValid starting     Expires            Service principal\r\n14\/03\/14 09:24:36  14\/03\/14 19:24:42  krbtgt\/HACKME.COM@HACKME.COM\r\n\trenew until 15\/03\/14 09:24:36\r\n14\/03\/14 09:28:33  14\/03\/14 19:24:42  HTTP\/win-lbak0qmafe8.hackme.com@\r\n\trenew until 15\/03\/14 09:24:36\r\n14\/03\/14 09:28:33  14\/03\/14 19:24:42  HTTP\/win-lbak0qmafe8.hackme.com@HACKME.COM\r\n\trenew until 15\/03\/14 09:24:36<\/pre>\n<pre>Once you have got a TGT from the KDC you can configure FireFox or Google Chrome or Even IE to get the HTTP ticket from the KDC.<\/pre>\n<h2>Allowing IE to Retrieve HTTP Tickets<\/h2>\n<pre>IE requires the site to be added to the Intranet and IWA enabled. For IE in Windows other tools must be used to get the Kerberos tickets, i.e. MIT tools<\/pre>\n<h3><a href=\"http:\/\/web.mit.edu\/kerberos\/\u200e\" target=\"_blank\" data-href=\"http:\/\/web.mit.edu\/kerberos\/\">Kerberos: The Network Authentication Protocol &#8211;\u00a0MIT<\/a><\/h3>\n<h2>Allowing Firefox to Retrieve HTTP Tickets<\/h2>\n<pre>Navigate to about:config\r\nSearch negotiate and add the following settings to have .hackme.com and restart firefox<\/pre>\n<pre>network.negotiate-auth.trusted-uris;<\/pre>\n<pre>network.negotiate-auth.delegation-uris;<\/pre>\n<h2>Allowing Chrome to Retrieve HTTP Tickets<\/h2>\n<pre><strong>Start google chrome like this, make sure you have all the dns pointing to the correct domain dns servers<\/strong>\r\n<strong>google-chrome --auth-server-whitelist=\"*.hackme.com\" --user-data-dir<\/strong>\r\n<strong><a href=\"http:\/\/win-lbak0qmafe8.hackme.com\/\" rel=\"nofollow\">http:\/\/win-lbak0qmafe8.hackme.com\/<\/a><\/strong><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Hi All, Recently I was doing some pentesting and needed to connect to a website using Integrated Windows Authentication (IWA) with only support for Kerberos allowed. At first I thought I was pretty much in a dead end because almost every post insinuates for Kerberos authentication to work your client machine needs to be added&hellip; <a class=\"more-link\" href=\"https:\/\/www.hackwhackandsmack.com\/?p=222\">Continue reading <span class=\"screen-reader-text\">Using Kerberos Authentication without using a PC that is part of the Domain<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/222"}],"collection":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=222"}],"version-history":[{"count":3,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions"}],"predecessor-version":[{"id":224,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions\/224"}],"wp:attachment":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}