Difference between revisions of "Keytab Extraction"

Line 5: Line 5:
 
==Using Samba4==
 
==Using Samba4==
  
To use samba4, it needs to be a domain controller for your domain. If it's not the case check [[Samba4/HOWTO/Join_a_domain_as_a_DC| how to join Samba4 as domain controller]]
+
To use samba4, it needs to be a domain controller for your domain. If it's not already the case check [[Samba4/HOWTO/Join_a_domain_as_a_DC| how to join Samba4 as domain controller]].
 
 
net vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator
 
 
 
Or, for a recent GIT checkout (later than 2010/10/23):
 
 
 
samba-tool vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator
 
 
 
If everything is set up correctly, it should just work. If not, check /etc/krb5.conf in particular - ensure it can reach the KDC by setting:
 
 
 
[libdefaults]
 
dns_lookup_kdc = true
 
  
 
Then, to extract the keytab run  
 
Then, to extract the keytab run  
  
net export keytab PATH_TO_KEYAB
+
  samba-tool export keytab PATH_TO_KEYTAB
 
 
or:
 
 
 
  samba-tool export keytab PATH_TO_KEYAB
 
  
It will write out a keytab in the path specified, containing the current keys for every host.
+
It will write out a keytab in ''PATH_TO_KEYTAB'' containing the current keys for every host and user.
  
 
==Samba3==
 
==Samba3==

Revision as of 14:51, 19 June 2011

Once you have captured packets you can use Wireshark to analyze them in many case decryption of traffic is needed in order to analyze correctly an exchange.

How to Extract a keytab containing your domain's passwords

There are two ways to obtain a keytab from an Active Directory Domain with Samba:

Using Samba4

To use samba4, it needs to be a domain controller for your domain. If it's not already the case check how to join Samba4 as domain controller.

Then, to extract the keytab run

samba-tool export keytab PATH_TO_KEYTAB

It will write out a keytab in PATH_TO_KEYTAB containing the current keys for every host and user.

Samba3

To dump a keytab, join the domain and then run:

net rpc vampire keytab /path/to/keytab/file

Note that the path to the keytab file needs to be an absolute path.