Keytab Extraction: Difference between revisions
From SambaWiki
No edit summary |
No edit summary |
||
Line 13: | Line 13: | ||
It will write out a keytab in ''PATH_TO_KEYTAB'' containing the current keys for every host and user. |
It will write out a keytab in ''PATH_TO_KEYTAB'' containing the current keys for every host and user. |
||
==Samba3== |
==Using Samba3== |
||
To dump a keytab, join the domain and then run: |
To dump a keytab, join the domain and then run: |
Revision as of 14:52, 19 June 2011
Once you have captured packets you can use Wireshark to analyze them in many case decryption of traffic is needed in order to analyze correctly an exchange.
How to Extract a keytab containing your domain's passwords
There are two ways to obtain a keytab from an Active Directory Domain with Samba:
Using Samba4
To use samba4, it needs to be a domain controller for your domain. If it's not already the case check how to join Samba4 as domain controller.
Then, to extract the keytab run
samba-tool export keytab PATH_TO_KEYTAB
It will write out a keytab in PATH_TO_KEYTAB containing the current keys for every host and user.
Using Samba3
To dump a keytab, join the domain and then run:
net rpc vampire keytab /path/to/keytab/file
Note that the path to the keytab file needs to be an absolute path.