krbpwguess is as the name suggests a Kerberos password guessing tool. It’s built against the Heimdal kerberos libraries and has been tested, and known to work on Snow Leopard and Ubuntu Linux.

The tool takes a file with user names against which a dictionary with passwords is guessed. When a match is found it is logged to screen or to a supplied outfile. Performance varies greatly between targets and tests have shown around 240 tries per second against Windows 2003 and 30 tries per second against Heimdal on Ubuntu 9.04. Both systems running on the same, not that over-dimensioned, virtualized hardware.

The tool relies on Kerberos being setup properly either through DNS or with appropriate entries in the krb5.conf configuration file. The following would be sufficient in krb5.conf in order to guess passwords against the LABB.LO realm using the KDC.

kdc =

The LABB.LO realm has to be specified using the -r parameter. The following command would start guessing users in the users.txt files, using the passwords in pass.txt against the LABB.LO realm and KDC. Output is written to screen and the labb_lo_output.txt file:

Both the user and the password file should contain a single entry per line and should work with both Unix and Windows line breaks. Testing the same password as username can be achieved by placing the following keyword in the password file: %username%

The tool won’t produce any output as long as it doesn’t successfully guess a password or detect errors, such as accounts as being locked out or problems communicating with the KDC. In order to get information regarding the current guessed password and some minimal statistics a key can be pressed during the time the tool is running.

In order to build the tool under Ubuntu the following packages need to be installed: make, gcc, build-essential and heimdal-dev. The 0.2 source can be downloaded below and should build on most systems by simply issuing:

I’ve also added pre-compiled binaries for Snow Leopard (Intel) and Ubuntu 9.04 64-bit

Version 0.2 source here
Version 0.2 for Ubuntu 64-bit here
Version 0.2 for Snow Leopard (Intel) here

krbpwguess was developed by Patrik Karlsson.