Kerberos Attack Kerberoasting
In this blog, Part 1 is about Kerberos and Part 2 is about Attack Kerberos Kerberoasting, in this part, I just wrote the basis of Kerberos.
Kerberos is an authentication protocol that provides secure authentication services between server and client over an insecure network. Ports are used by Kerberos UDP/88 and TCP/88 to send the packet and receive replies from the Kerberos server.
Kerberos uses symmetric-key cryptography and runs a third-party trusted server known as the Key Distribution Center (KDC) to authenticate and verify user identities. KDC is one of the main parts of Active Directory and it is responsible for issuing the tickets.
Several agents work together to provide authentication in Kerberos. These are the following:
- Client: A user who wants to access some service.
- KDC: Kerberos runs a third-party trusted server known as the Key Distribution Center (KDC) to authenticate and verify user identities and it contains a database of users & application hashes (key). KDC is one of the main parts of Active Directory and it is responsible for issuing the tickets.
- Applications Server: A dedicated server for a specific service.
- Ticket Granting Ticket (TGT) - a (TGT) is a user authentication token issued by the Key Distribution Center (KDC) that is used to request access tokens from the Ticket Granting Service (TGS).
- Ticket Granting Server (TGS) - A TGS validates the use of a ticket for a specified purpose, such as network service access.
- Service Ticket (ST) - This is a ticket granted to you by the **TGS **for authentication purposes against services.
- Client request to KDC for authentication ticket (TGT)
- The KDC verifies the TGT and sends back an encrypted TGT
- The client stores the TGT and when it expires the local session manager will request another TGT
- The client sends the current TGT to the TGS with the Service Principal Name (SPN) of the resource the client wants to access.
- TGS sends a valid session key for the service to the client
- Client forwards the session key to the service to prove the user has access, and the service grants access.
These basics steps are how Kerberos authenticates. This is a very short understandable explanation of kerberos. see the references for more about Kerberos and how works.