krbprincipalkey #2
Description
Hi, would you know on how to process the krbprincipalkey LDAP attributes to be able to brute force the original password?
Implementation of the key generation is here: https://github.com/jtux270/translate/blob/d242673d7f6cf787e086d7d89fa3291f814a95d8/FreeIPA/freeipa-3.0.0/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c#L105
The value of krbprincipalkey attribute is asn.1 encoded:
SEQUENCE (4 elem)
[0] (1 elem)
INTEGER 1
[1] (1 elem)
INTEGER 0
Offset: 10
Length: 2+1
Value:
0
[2] (1 elem)
INTEGER 1
[4] (1 elem)
SEQUENCE (2 elem)
SEQUENCE (1 elem)
[1] (1 elem)
SEQUENCE (2 elem)
[0] (1 elem)
INTEGER 18
[1] (1 elem)
OCTET STRING (60 byte) BB4755A5D7B553A9B40108E1...
SEQUENCE (1 elem)
[1] (1 elem)
SEQUENCE (2 elem)
[0] (1 elem)
INTEGER 23
[1] (1 elem)
OCTET STRING (44 byte) A6C72FB492C3C842CEEC3…
Seems the 18 and 23 refer to AES256 and RC4 encryptions type, but the string lengths are weird ...