In this exercise we will take a look at how to break a password captured from Kerberos. To perform this exercise, you must download the utility Cain from Here:
1. In the Cain software start the sniffer by clicking the sniffer icon on the toolbar.
2. When prompted, choose the interface to sniff on.
3. Select the Sniffer tab.
4. Click the blue + sign.
5. When presented with the dialog, click OK.
6. In the dialog that appears, enter the addresses of two hosts to be ARP poisoned, which means you are putting information into the ARP tables of the targeted systems. Choose two hosts other than the one you are running the attack from.
7. Click OK.
8. On the toolbar select the ARP poisoning icon and note that the status will change to state “poisoning.”
9. After a minute or two, click the Sniffer tab.
10. Click the Passwords tab.
11. Select MSKerb5-PreAuth Hashes.
12. Right-click and select Send To Cracker.
13. Click the Cracker tab.
14. Select Kerb5 PreAuth Hashes.
15. Right-click a password and select a crack. At this point, if everything has gone well you should be able to crack a Kerberos password. It is important to note that you may have to wait a while on networks that are not that active to actually collect a set of credentials.