Kerberos Takedown

[PoyBoy]

I have a question for you guys: What is the most effective way in your mind to take out a kerberos server? Doesnt matter what version or anything, im just wondering what are the merits of "disabling" certain parts. I was thinking that if there is a network time server, to make it go wonky and give out random times.

Any ideas?

(google's your friend people, dont bother posting. I just want an opinion.)

[Darren Kitchen]

catnip, or maybe some yarn.

[Garda]

catnip, or maybe some yarn.

hahahahahahahahahaha!!!!!!!!!!!

[PoyBoy]

lol, forgot about kerby

[1337n00b]

catnip, or maybe some yarn.

roflmfao, dude that was fucking great. :D

[PoyBoy]

allright. Serious posts only now please. Im looking for actual answers

[Jester]

ROTFLMAO

What a cute little server :) 8)

[PoyBoy]

Dyslexic hobos on acid in a tantrum cause terrible trouble. They also pwn noobs

Todays random message brought to you on behalf of Bunary Ninja

[spektormax]

This weeks episode of WTF is brought to you by hak5.org,unpluggedpodcast.com, and Kurby the cutest little server on the internet. BUt seriously you can do a buffer overflow just replace the beer with catnip

[cooper]

Well, the thing to remember is that Kerberos is an authentication mechanism. Like the lock on your door, it is designed to take a lot of abuse and it is (or should be) designed to fail gracefully should something not behave as expected. So unless you want to get your hands dirty and audit some source code that a lot of smart people already looked over (which has its merits, but makes no guarantees) hoping to find a scenario under which you can make it do something wrong.

My guess is the best you can achieve without a lot of research is a DOS on the system it authenticates for. Problem with that is that it's decidedly lame, and can and will be traced back to you in a relatively short amount of time aswell.

So, I'd say either get your hands dirty with the code, or don't bother.