It is a great way to make a media server entirely yours and the only option for using plugins. That is why Jellyfin is so awesome compared to Plex and Emby. For Emby, plugins simply increase core functionality.
While Emby does allow plugins because Emby is close-sourced these plugins are not nearly as numerous or diverse. Unlike Plex, Jellyfin allows you to install plugins. Let’s look at an example.Jellyfin is often compared to Plex and Emby, but there is really only one thing these three have most in common. This of course is assuming they don’t have a real long complex one that your word list / password cracker combo cannot guess in a reasonable amount of time (but the same applies for the original GetNPUsers method when pre-auth is disabled too). Not always the easiest thing to do… but if you do ever find you’re in a situation where you can either capture network traffic between machines, or have something like a Wireshark packet capture file that contains some kerberos auth packets in it, then you can perform this kind of attack and get the user’s password. There is a big caveat to this though, and that is that we need to capture network packets of a user authenticating with Kerberos first before we have this encrypted data. It encrypts the current time and sends it to the server (as part of the initial kerberos AS-REQ packet) but it encrypts it using the user’s password as the encryption key.Īre you starting to see where this is going? We can just do the same thing we were doing before – brute force that encrypted data with a word list until we get valid data decrypted. Now think about what pre-authentication does. Then we are just brute forcing that encrypted data with a word list, until we find a password in that list that gives us valid data when we use it to decrypt the encrypted data. With pre-auth disabled we’re not actually getting the user’s password or even a hash of it sent to us – we’re just getting some data that was encrypted using the user’s password as the encryption key. Think about what we’re doing when we exploit pre-auth being disabled (watch my video if you’re unsure of how it works, linked below). However, the pre-auth feature itself actually gives us another avenue of attack. So in the real world, 99% of the time we’re probably going to come up against accounts where pre-auth is enabled and we can’t use something like the GetNPUsers script. I also mentioned in the video that in 8 years of Windows network admin in various organisations, I’ve never actually seen anyone disable kerberos pre-auth. If you’ve watched my video on Kerberos Pre-Authentication and how Impacket’s GetNPUsers script takes advantage of that being disabled, you’ll be aware that by default user accounts are not vulnerable to this kind of attack.
0 kommentar(er)
