Download v1.3d3 (for Windows 2000 / XP / 2003 / Vista)


KerbCrack consists of two programs, kerbsniff and kerbcrack. The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a brute force attack or a dictionary attack.

Usage instructions

Download the zip file and extract the files inside. You must run them from a Command Prompt, and they give you short instructions when you run them without any arguments.


Q: Where can I find dictionary files to use with KerbCrack?

A: A good place to look at is ftp://ftp.ox.ac.uk/pub/wordlists/

Q: How fast is it?

A: It can work through a 1 million words dictionary file in slightly less than 10 minutes on a computer with a Celeron 533 MHz processor.

Q: Is it as fast as it can be?

A: Probably not. As always I've implemented the algorithms (MD4, MD5, HMAC-MD5 and RC4) myself from scratch which probably means that the code could be much faster.

Q: Which special characters are the special characters in the brute force?

A: They are all the ones you can find on an ordinary keyboard.

Q: Where do I find the output from the cracker?

A: In a file with extension ".crk" and the first part the same as the input capture file's name.

Q: How do I defend myself against this?

A: The easiest way is to use good passwords - as you always should. For example at least 8 characters long picked from a set of small and large letters, numbers and special characters.

Q: I get an error message telling me that KerbSniff only runs on Windows 2000 and above, code 10049, but I'm running Windows 2000 or above. What's wrong?

A: First make sure you have the most recent version of KerbSniff. If you still encounter the same problem then please let me know the complete error codes.

Q: I have a question that is not covered here. Where can I get help?

A: Send me your question. I can't promise that I will have time to answer, but I'll do my best.

© Arne Vidstrom. All rights reserved.