Kerberos (88)

Clock Synchronization

KRB_AP_ERR_SKEW(Clock skew too great)

Detect clock skew automatically with nmap

$ nmap -sV -sC 10.10.10.10
clock-skew: mean: -1998d09h03m04s, deviation: 4h00m00s, median: -1998d11h03m05s

Compute yourself the difference between the clocks

nmap -sT 10.10.10.10 -p445 --script smb2-time -vv

Fix #1: Modify your clock

┌──(kali㉿kali)-[~]
└─$ sudo ntpdate dc.domain.local

rdate -n [IP of Target]

 sudo date -s "14 APR 2015 18:25:16" # Linux 
 net time /domain /set # Windows

Fix #2: Fake your clock

faketime -f '+8h' date

Fix #3: Disable the Network Time Protocol from auto-updating

timedatectl set-ntp off

Fixing the “Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)” Issue While KerberoastingMedium