Download v1.3d3 (for Windows 2000 / XP / 2003 / Vista)
Introduction
KerbCrack consists of two programs, kerbsniff and kerbcrack. The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a brute force attack or a dictionary attack.
Usage instructions
Download the zip file and extract the files inside. You must run them from a Command Prompt, and they give you short instructions when you run them without any arguments.
Q&A
Q: Where can I find dictionary files to use with KerbCrack?
A: A good place to look at is
ftp://ftp.ox.ac.uk/pub/wordlists/
Q: How fast is it?
A: It can work through a 1 million words dictionary file in slightly less than 10 minutes on a computer with a Celeron 533 MHz processor.
Q: Is it as fast as it can be?
A: Probably not. As always I've implemented the algorithms (MD4, MD5, HMAC-MD5 and RC4) myself from scratch which probably means that the code could be much faster.
Q: Which special characters are the special characters in the brute force?
A: They are all the ones you can find on an ordinary keyboard.
Q: Where do I find the output from the cracker?
A: In a file with extension ".crk" and the first part the same as the input capture file's name.
Q: How do I defend myself against this?
A: The easiest way is to use good passwords - as you always should. For example at least 8 characters long picked from a set of small and large letters, numbers and special characters.
Q: I get an error message telling me that KerbSniff only runs on Windows 2000 and above, code 10049, but I'm running Windows 2000 or above. What's wrong?
A: First make sure you have the most recent version of KerbSniff. If you still encounter the same problem then please let me know the complete error codes.
Q: I have a question that is not covered here. Where can I get help?
A:
Send me your question. I can't promise that I will have time to answer, but I'll do my best.