[4101] in bugtraq
L0pht: Kerberos 4 Attack tool
daemon@ATHENA.MIT.EDU (owner-bugtraq@NETSPACE.ORG)
Thu Feb 27 19:38:43 1997
From: owner-bugtraq@NETSPACE.ORG
Date: Thu, 27 Feb 1997 17:28:29 -0500
To: BUGTRAQ@NETSPACE.ORG
A brief while ago l0pht released a Kerb4 advisory:
Release: 11/22/96
Application: Kerb4
Platforms: Sites running Kerb4
Severity: Remote users can dictionary crack kerberos user accounts without
needing to know the username or kerberos realm name.
Author: mudge@l0pht.com
We are pleased to be able to release the tool mentioned in the advisory
to the internet community. We had previously been asked not to release
the tool by a Friend of the L0pht. This Friend has now made it known to us
that their interest in said matter is done (bigger and better things I
guess).
As usual, standard disclamers apply: ie do not do _bad_ things with this
tool. We take no responsibility for problems, hardships, damages incurred,
etc. Caution: filling is hot.
The tool is available as a uuencoded compressed tar file off of the
URL http://www.l0pht.com/advisories.html under the Kerb4 advisory.
If people are unable to retrieve the file send me e-mail and I will dump
it to these mailing lists.
enjoy,
.mudge
