mailing list archives
L0pht: Kerberos 4 Attack tool
From: owner-bugtraq () netspace org (Gary McGraw)
Date: Thu, 27 Feb 1997 17:28:29 -0500
A brief while ago l0pht released a Kerb4 advisory:
Platforms: Sites running Kerb4
Severity: Remote users can dictionary crack kerberos user accounts without
needing to know the username or kerberos realm name.
Author: mudge () l0pht com
We are pleased to be able to release the tool mentioned in the advisory
to the internet community. We had previously been asked not to release
the tool by a Friend of the L0pht. This Friend has now made it known to us
that their interest in said matter is done (bigger and better things I
As usual, standard disclamers apply: ie do not do _bad_ things with this
tool. We take no responsibility for problems, hardships, damages incurred,
etc. Caution: filling is hot.
The tool is available as a uuencoded compressed tar file off of the
URL http://www.l0pht.com/advisories.html under the Kerb4 advisory.
If people are unable to retrieve the file send me e-mail and I will dump
it to these mailing lists.