winbindd version 3.0.20-0.1.CRO started. Copyright The Samba Team 2000-2004 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter name resolve order = wins bcast hosts doing parameter idmap gid = 16777216-33554431 doing parameter show add printer wizard = No doing parameter time server = No doing parameter wins proxy = No doing parameter netbios name = MSFS370 handle_netbios_name: set global_myname to: MSFS370 doing parameter cups options = raw doing parameter idmap uid = 16777216-33554431 doing parameter dos charset = 852 Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE doing parameter unix charset = ISO8859-2 Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE doing parameter workgroup = CROPRAHA doing parameter server signing = No doing parameter printcap name = /etc/printcap doing parameter security = domain doing parameter max log size = 50000 doing parameter log level = 1 doing parameter log file = /var/log/samba/%m.log doing parameter load printers = yes doing parameter csc policy = disable doing parameter smb ports = 139 445 doing parameter map acl inherit = Yes doing parameter map hidden = Yes doing parameter wins server = 192.168.10.51 doing parameter username map = /etc/samba/smbusers doing parameter interfaces = eth1 doing parameter domain master = no doing parameter winbind use default domain = yes doing parameter template shell = /bin/false doing parameter wins support = no doing parameter server string = Samba Server doing parameter syslog = 0 doing parameter preferred master = no doing parameter bind interfaces only = Yes doing parameter domain logons = no doing parameter guest account = nobody doing parameter map to guest = Bad User doing parameter name cache timeout = 0 Processing section "[printers]" add_a_service: Creating snum = 0 for printers doing parameter comment = All Printers doing parameter path = /var/spool/samba doing parameter browseable = no doing parameter guest ok = no doing parameter writable = no doing parameter printable = yes Processing section "[elev]" add_a_service: Creating snum = 1 for elev doing parameter comment = Elevove doing parameter path = /shares/elev doing parameter writable = yes doing parameter force create mode = 644 doing parameter create mask = 644 doing parameter guest ok = yes doing parameter public = yes doing parameter inherit owner = yes pm_process() returned Yes lp_servicenumber: couldn't find homes add_a_service: Creating snum = 2 for IPC$ adding IPC service add_a_service: Creating snum = 3 for ADMIN$ adding IPC service set_server_role: role = ROLE_DOMAIN_MEMBER Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE added interface ip=192.168.10.57 bcast=192.168.10.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="MSFS370" added interface ip=192.168.10.57 bcast=192.168.10.255 nmask=255.255.255.0 namecache_enable: disabling netbios name cache smb_register_idmap: Successfully added idmap backend 'ldap' smb_register_idmap: Successfully added idmap backend 'tdb' db_idmap_init: Opening tdbfile /var/cache/samba/winbindd_idmap.tdb fcntl_lock 6 13 0 1 1 fcntl_lock: Lock call successful Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Added domain CROPRAHA S-1-5-21-949343575-3825593073-2552048267 Added domain BUILTIN S-1-5-32 Added domain MSFS370 S-1-5-21-3946360834-781011617-747996661 open_winbindd_socket: opened socket fd 9 open_winbindd_priv_socket: opened socket fd 11 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 40 process_request: request fn INIT_CONNECTION Connection to for domain CROPRAHA has NULL cli! Using cleartext machine password get_sorted_dc_list: attempting lookup using [wins bcast hosts] internal_resolve_name: looking up CROPRAHA#1c Opening cache file at /var/cache/samba/gencache.tdb Returning expired cache entry: key = NBT/CROPRAHA#1C, value = 192.168.10.51:0, timeout = Wed Sep 14 11:13:55 2005 no entry for CROPRAHA#1C found. Deleting cache entry (key = NBT/CROPRAHA#1C) resolve_wins: Attempting wins lookup for name CROPRAHA<0x1c> Cache entry with key = WINS_SRV_DEAD/192.168.10.51,0.0.0.0 couldn't be found wins_srv_is_dead: 192.168.10.51 is alive Current wins server for tag '*' with source 0.0.0.0 is 192.168.10.51 Cache entry with key = WINS_SRV_DEAD/192.168.10.51,0.0.0.0 couldn't be found wins_srv_is_dead: 192.168.10.51 is alive resolve_wins: using WINS server 192.168.10.51 and tag '*' bind succeeded on port 0 Sending a packet of len 50 to (192.168.10.51) on port 137 read_udp_socket: lastip 192.168.10.51 lastport 137 read: 62 parse_nmb: packet id = 25141 Received a packet of len 62 from (192.168.10.51) port 137 nmb packet from 192.168.10.51(137) header: id=25141 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=CROPRAHA<1c> rr_type=32 rr_class=1 ttl=258260 answers 0 char .....3 hex E000C0A80A33 Got a positive name query response from 192.168.10.51 ( 192.168.10.51 ) remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 1 address for CROPRAHA#1c: 192.168.10.51:0 Adding cache entry with key = NBT/CROPRAHA#1C; value = 192.168.10.51:0 and timeout = Wed Sep 14 11:26:39 2005 (0 seconds in the past) internal_resolve_name: returning 1 addresses: 192.168.10.51:0 Adding 1 DC's from auto lookup remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an unordered list get_dc_list: 192.168.10.51:0 fcntl_lock 12 13 0 1 0 fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from MSFS370<00> to CROPRAHA<1c> IP 192.168.10.51 Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 name_status_find: looking up CROPRAHA#1c at 192.168.10.51 Cache entry with key = NBT/CROPRAHA#1C.20.192.168.10.51 couldn't be found namecache_status_fetch: no entry for NBT/CROPRAHA#1C.20.192.168.10.51 found. Deleting cache entry (key = NBT/CROPRAHA#1C.20.192.168.10.51) bind succeeded on port 0 Sending a packet of len 50 to (192.168.10.51) on port 137 read_udp_socket: lastip 192.168.10.51 lastport 137 read: 265 parse_nmb: packet id = 7225 Received a packet of len 265 from (192.168.10.51) port 137 nmb packet from 192.168.10.51(137) header: id=7225 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=CROPRAHA<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .MSDS1 hex 094D5344533120202020202020202020 answers 10 char .d.MSDS1 hex 0064004D534453312020202020202020 answers 20 char .d.MSDS1 hex 20200364004D53445331202020202020 answers 30 char d...__MSBRO hex 2020202020640001025F5F4D5342524F answers 40 char WSE__....CROPRAH hex 5753455F5F0201E40043524F50524148 answers 50 char A ...CROPR hex 412020202020202000E40043524F5052 answers 60 char AHA .d.CRO hex 414841202020202020201B640043524F answers 70 char PRAHA ...C hex 5052414841202020202020201CE40043 answers 80 char ROPRAHA .d hex 524F5052414841202020202020201D64 answers 90 char .CROPRAHA hex 0043524F505241484120202020202020 answers a0 char ................ hex 1EE40000000000000000000000000000 answers b0 char ................ hex 00000000000000000000000000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char . hex 00 MSDS1#00: flags = 0x64 MSDS1#03: flags = 0x64 MSDS1#20: flags = 0x64 __MSBROWSE__#01: flags = 0xe4 CROPRAHA#00: flags = 0xe4 CROPRAHA#1b: flags = 0x64 CROPRAHA#1c: flags = 0xe4 CROPRAHA#1d: flags = 0x64 CROPRAHA#1e: flags = 0xe4 name_status_find: name found, name MSDS1 ip address is 192.168.10.51 cm_get_ipc_userpass: No auth-user defined secrets_named_mutex: got mutex for MSDS1 write_socket(11,183) write_socket(11,183) wrote 183 got smb length of 127 size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=15702 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 7 (0x7) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 24 (0x18) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 7792 (0x1E70) smb_vwv[13]= 3470 (0xD8E) smb_vwv[14]=50617 (0xC5B9) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=15103 (0x3AFF) smb_bcc=58 [000] 6D 73 64 73 31 00 00 00 00 00 00 00 00 00 00 00 msds1... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=15702 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 7 (0x7) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 24 (0x18) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 7792 (0x1E70) smb_vwv[13]= 3470 (0xD8E) smb_vwv[14]=50617 (0xC5B9) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=15103 (0x3AFF) smb_bcc=58 [000] 6D 73 64 73 31 00 00 00 00 00 00 00 00 00 00 00 msds1... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE Serverzone is -7200 write_socket(11,92) write_socket(11,92) wrote 92 got smb length of 112 size=112 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=15702 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=71 [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 31 .b.a. .3 ...0...1 [020] 00 34 00 61 00 2D 00 30 00 2E 00 31 00 43 00 52 .4.a.-.0 ...1.C.R [030] 00 4F 00 00 00 43 00 52 00 4F 00 50 00 52 00 41 .O...C.R .O.P.R.A [040] 00 48 00 41 00 00 00 .H.A... size=112 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=15702 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=71 [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 31 .b.a. .3 ...0...1 [020] 00 34 00 61 00 2D 00 30 00 2E 00 31 00 43 00 52 .4.a.-.0 ...1.C.R [030] 00 4F 00 00 00 43 00 52 00 4F 00 50 00 52 00 41 .O...C.R .O.P.R.A [040] 00 48 00 41 00 00 00 .H.A... Connected anonymously write_socket(11,78) write_socket(11,78) wrote 78 got smb length of 48 size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 13 (0xD) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... secrets_named_mutex: released mutex for MSDS1 write_socket(11,104) write_socket(11,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=57600 (0xE100) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 Bind RPC Pipe[73e1]: \PIPE\lsarpc Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 3919286a 0024 data : b10c 0026 data : 11d0 0028 data : 9b a8 002a data : 00 c0 4f d9 2e f5 0030 version: 00000000 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:73e1 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29665 (0x73E1) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... write_socket(11,158) write_socket(11,158) wrote 158 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 000053f0 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! 000000 ds_io_q_getprimdominfo 0000 level: 0001 create_rpc_request: opnum: 0x0 data_len: 0x1a create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001a 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000000a 0014 context_id: 0000 0016 opnum : 0000 rpc_api_pipe: fnum:73e1 size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29665 (0x73E1) smb_bcc=41 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 0A ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . write_socket(11,112) write_socket(11,112) wrote 112 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . rpc_check_hdr: rdata->data_size = 32 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000002 write_socket(11,45) write_socket(11,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=7 smt_wct=0 smb_bcc=0 Storing response for pid 15702, len 1300 Retrieving response for pid 15702 Received child initialization response for domain CROPRAHA client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 17 process_request: request fn LIST_TRUSTDOM [15700]: list trusted domains get_cache: Setting MS-RPC methods for domain CROPRAHA trusted_domains: [Cached] - doing backend query for info for domain CROPRAHA rpc: trusted_domains write_socket(11,104) write_socket(11,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=57856 (0xE200) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 Bind RPC Pipe[73e2]: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ab 0030 version: 00000000 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:73e2 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29666 (0x73E2) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... write_socket(11,158) write_socket(11,158) wrote 158 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000003 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 000053f0 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! init_lsa_sec_qos init_open_pol: attr:0 da:33554432 init_lsa_obj_attr 000000 lsa_io_q_open_pol 0000 ptr : 00000001 0004 system_name: 005c 000008 lsa_io_obj_attr 0008 len : 00000018 000c ptr_root_dir: 00000000 0010 ptr_obj_name: 00000000 0014 attributes : 00000000 0018 ptr_sec_desc: 00000000 001c ptr_sec_qos : 00000001 000020 lsa_io_obj_qos sec_qos 0020 len : 0000000c 0024 sec_imp_level : 0002 0026 sec_ctxt_mode : 01 0027 effective_only: 00 lsa_io_sec_qos: length c does not match size 8 0028 des_access: 02000000 create_rpc_request: opnum: 0x6 data_len: 0x44 create_rpc_request: data_len: 44 auth_len: 0 alloc_hint: 34 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000034 0014 context_id: 0000 0016 opnum : 0006 rpc_api_pipe: fnum:73e2 size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29666 (0x73E2) smb_bcc=83 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 04 00 00 00 34 .......D .......4 [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... write_socket(11,154) write_socket(11,154) wrote 154 got smb length of 104 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 60 EB 27 43 81 18 00 00 00 00 00 .....`.' C....... [030] 00 . size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 60 EB 27 43 81 18 00 00 00 00 00 .....`.' C....... [030] 00 . rpc_check_hdr: rdata->data_size = 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 48 rpc_api_pipe: fragment first and last both set 000018 lsa_io_r_open_pol 000018 smb_io_pol_hnd 0018 data1: 00000000 001c data2: 00000001 0020 data3: 0000 0022 data4: 0000 0024 data5: 60 eb 27 43 81 18 00 00 002c status: NT_STATUS_OK init_q_enum_trust_dom 000000 lsa_io_q_enum_trust_dom 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 00000001 0008 data3: 0000 000a data4: 0000 000c data5: 60 eb 27 43 81 18 00 00 0014 enum_context : 00000000 0018 preferred_len: 00010000 create_rpc_request: opnum: 0xd data_len: 0x34 create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000024 0014 context_id: 0000 0016 opnum : 000d rpc_api_pipe: fnum:73e2 size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29666 (0x73E2) smb_bcc=67 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 05 00 00 00 24 .......4 .......$ [020] 00 00 00 00 00 0D 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 60 EB 27 43 81 18 00 00 00 00 00 00 00 ...`.'C. ........ [040] 00 01 00 ... write_socket(11,138) write_socket(11,138) wrote 138 got smb length of 96 size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 05 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 1A 00 00 80 ........ . size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 05 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 1A 00 00 80 ........ . rpc_check_hdr: rdata->data_size = 40 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 40 rpc_api_pipe: fragment first and last both set 000018 lsa_io_r_enum_trust_dom 0018 enum_context: 00000000 001c count: 00000000 0020 ptr: 00000000 0024 status: NT_STATUS_NO_MORE_ENTRIES Storing response for pid 15702, len 1300 Retrieving response for pid 15702 accepted socket 15 process_request: request fn INTERFACE_VERSION [ 0]: request interface version process_request: request fn WINBINDD_PRIV_PIPE_DIR [ 0]: request location of privileged pipe accepted socket 16 process_request: request fn PAM_AUTH [ 0]: pam auth CROPRAHA\uzivatel2 is_myname("CROPRAHA") returns 0 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 12 process_request: request fn PAM_AUTH [15700]: pam auth CROPRAHA\uzivatel2 is_myname("CROPRAHA") returns 0 Using cleartext machine password write_socket(11,108) write_socket(11,108) wrote 108 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=12 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=58112 (0xE300) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 Bind RPC Pipe[73e3]: \PIPE\NETLOGON Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 cf fb 0030 version: 00000001 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:73e3 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29667 (0x73E3) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... write_socket(11,158) write_socket(11,158) wrote 158 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000006 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 000053f0 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! cli_net_req_chal: LSA Request Challenge from MSFS370 to \\MSDS1 init_q_req_chal: 676 init_q_req_chal: 685 000000 net_io_q_req_chal 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 000020 smb_io_unistr2 0020 uni_max_len: 00000008 0024 offset : 00000000 0028 uni_str_len: 00000008 002c buffer : M.S.F.S.3.7.0... 00003c smb_io_chal 003c data: e2 3e 0b 68 47 33 49 ff create_rpc_request: opnum: 0x4 data_len: 0x5c create_rpc_request: data_len: 5c auth_len: 0 alloc_hint: 4c 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000004c 0014 context_id: 0000 0016 opnum : 0004 rpc_api_pipe: fnum:73e3 size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29667 (0x73E3) smb_bcc=107 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 07 00 00 00 4C .......\ .......L [020] 00 00 00 00 00 04 00 01 00 00 00 08 00 00 00 00 ........ ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 53 00 44 .......\ .\.M.S.D [040] 00 53 00 31 00 00 00 08 00 00 00 00 00 00 00 08 .S.1.... ........ [050] 00 00 00 4D 00 53 00 46 00 53 00 33 00 37 00 30 ...M.S.F .S.3.7.0 [060] 00 00 00 E2 3E 0B 68 47 33 49 FF ....>.hG 3I. write_socket(11,178) write_socket(11,178) wrote 178 got smb length of 92 size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 34 C4 76 3D 90 F4 CC ........ .4.v=... [020] 3E 00 00 00 00 >.... size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 34 C4 76 3D 90 F4 CC ........ .4.v=... [020] 3E 00 00 00 00 >.... rpc_check_hdr: rdata->data_size = 36 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0000000c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 36 rpc_api_pipe: fragment first and last both set 000018 net_io_r_req_chal 000018 smb_io_chal 0018 data: 34 c4 76 3d 90 f4 cc 3e 0020 status: NT_STATUS_OK cred_session_key clnt_chal: E23E0B68473349FF srv_chal : 34C4763D90F4CC3E clnt+srv : 160382A5D727163E sess_key : 8FE37BD120A40267 cred_create sess_key : 8FE37BD120A40267 stor_cred: E23E0B68473349FF timestamp: 0 timecred : E23E0B68473349FF calc_cred: 21835717CE1D7DFA cli_net_auth2: srv:\\MSDS1 acct:MSFS370$ sc:2 mc: MSFS370 neg: 400701ff init_q_auth_2: 797 make_log_info 1407 init_q_auth_2: 803 000000 net_io_q_auth_2 000000 smb_io_log_info 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 000020 smb_io_unistr2 unistr2 0020 uni_max_len: 00000009 0024 offset : 00000000 0028 uni_str_len: 00000009 002c buffer : M.S.F.S.3.7.0.$... 003e sec_chan: 0002 000040 smb_io_unistr2 unistr2 0040 uni_max_len: 00000008 0044 offset : 00000000 0048 uni_str_len: 00000008 004c buffer : M.S.F.S.3.7.0... 00005c smb_io_chal 005c data: 21 83 57 17 ce 1d 7d fa 000064 net_io_neg_flags 0064 neg_flags: 400701ff create_rpc_request: opnum: 0xf data_len: 0x80 create_rpc_request: data_len: 80 auth_len: 0 alloc_hint: 70 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0080 000a auth_len : 0000 000c call_id : 00000008 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000070 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: fnum:73e3 size=210 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29667 (0x73E3) smb_bcc=143 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 80 00 00 00 08 00 00 00 70 ........ .......p [020] 00 00 00 00 00 0F 00 01 00 00 00 08 00 00 00 00 ........ ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 53 00 44 .......\ .\.M.S.D [040] 00 53 00 31 00 00 00 09 00 00 00 00 00 00 00 09 .S.1.... ........ [050] 00 00 00 4D 00 53 00 46 00 53 00 33 00 37 00 30 ...M.S.F .S.3.7.0 [060] 00 24 00 00 00 02 00 08 00 00 00 00 00 00 00 08 .$...... ........ [070] 00 00 00 4D 00 53 00 46 00 53 00 33 00 37 00 30 ...M.S.F .S.3.7.0 [080] 00 00 00 21 83 57 17 CE 1D 7D FA FF 01 07 40 ...!.W.. .}....@ write_socket(11,214) write_socket(11,214) wrote 214 got smb length of 96 size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 E7 1F 59 DA EF 24 8F ........ ...Y..$. [020] D3 FF 01 00 40 00 00 00 00 ....@... . size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 E7 1F 59 DA EF 24 8F ........ ...Y..$. [020] D3 FF 01 00 40 00 00 00 00 ....@... . rpc_check_hdr: rdata->data_size = 40 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 00000008 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 40 rpc_api_pipe: fragment first and last both set 000018 net_io_r_auth_2 000018 smb_io_chal 0018 data: e7 1f 59 da ef 24 8f d3 000020 net_io_neg_flags 0020 neg_flags: 400001ff 0024 status: NT_STATUS_OK cred_create sess_key : 8FE37BD120A40267 stor_cred: 34C4763D90F4CC3E timestamp: 0 timecred : 34C4763D90F4CC3E calc_cred: E71F59DAEF248FD3 cred_assert challenge : E71F59DAEF248FD3 calculated: E71F59DAEF248FD3 credentials check ok write_socket(11,108) write_socket(11,108) wrote 108 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=16 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=58368 (0xE400) smb_vwv[ 3]= 371 (0x173) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 Bind RPC Pipe[73e4]: \PIPE\NETLOGON Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr_auth hdr_auth 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_neg netsec_neg 0008 type1: 00000000 000c type2: 00000003 [000] 43 52 4F 50 52 41 48 41 CROPRAHA [000] 4D 53 46 53 33 37 30 MSFS370 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0069 000a auth_len : 0019 000c call_id : 00000009 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 cf fb 0030 version: 00000001 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:73e4 size=187 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 105 (0x69) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 105 (0x69) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=120 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 69 00 19 00 09 00 00 00 B8 .......i ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 43 52 4F 50 52 41 48 41 00 .......C ROPRAHA. [070] 4D 53 46 53 33 37 30 00 MSFS370. write_socket(11,191) write_socket(11,191) wrote 191 got smb length of 144 size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 05 00 00 00 ........ . size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 05 00 00 00 ........ . rpc_check_hdr: rdata->data_size = 88 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 000c 000c call_id : 00000009 rpc_api_pipe: len left: 0 smbtrans read: 88 rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 08 0003 auth_reserved: 00 0004 auth_context_id: 00000001 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 000053f0 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! cred_create sess_key : 8FE37BD120A40267 stor_cred: 21835717CE1D7DFA timestamp: 4327ecd9 timecred : FA6F7F5ACE1D7DFA calc_cred: 4E5D79759EDACC36 init_id_info2: 1178 make_logon_id: 1586 init_sam_info: 1272 make_clnt_info: 1501 init_clnt_srv: 1346 000000 net_io_q_sam_logon 000000 smb_io_sam_info 000000 smb_io_clnt_info2 000000 smb_io_clnt_srv 0000 undoc_buffer : 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 0020 undoc_buffer2: 00000001 000024 smb_io_unistr2 unistr2 0024 uni_max_len: 00000008 0028 offset : 00000000 002c uni_str_len: 00000008 0030 buffer : M.S.F.S.3.7.0... 0040 ptr_cred: 00000001 000044 smb_io_cred 000044 smb_io_chal 0044 data: 4e 5d 79 75 9e da cc 36 00004c smb_io_utime 004c time: 4327ecd9 0050 ptr_rtn_cred : 00000001 000054 smb_io_cred 000054 smb_io_chal 0054 data: 00 00 00 00 00 00 00 00 00005c smb_io_utime 005c time: 00000000 0060 logon_level : 0002 000062 smb_io_sam_info logon_info 0062 switch_value : 0002 000064 net_io_id_info2 0064 ptr_id_info2: 00000001 000068 smb_io_unihdr unihdr 0068 uni_str_len: 0010 006a uni_max_len: 0010 006c buffer : 00000001 0070 param_ctrl: 00000000 000074 smb_io_logon_id 0074 low : 0000dead 0078 high: 0000beef 00007c smb_io_unihdr unihdr 007c uni_str_len: 0012 007e uni_max_len: 0012 0080 buffer : 00000001 000084 smb_io_unihdr unihdr 0084 uni_str_len: 0012 0086 uni_max_len: 0012 0088 buffer : 00000001 008c lm_chal: 46 f8 ad 0d 79 9f fe 61 000094 smb_io_strhdr hdr_nt_chal_resp 0094 str_str_len: 0018 0096 str_max_len: 0018 0098 buffer : 00000001 00009c smb_io_strhdr hdr_lm_chal_resp 009c str_str_len: 0018 009e str_max_len: 0018 00a0 buffer : 00000001 0000a4 smb_io_unistr2 uni_domain_name 00a4 uni_max_len: 00000008 00a8 offset : 00000000 00ac uni_str_len: 00000008 00b0 buffer : C.R.O.P.R.A.H.A. 0000c0 smb_io_unistr2 uni_user_name 00c0 uni_max_len: 00000009 00c4 offset : 00000000 00c8 uni_str_len: 00000009 00cc buffer : u.z.i.v.a.t.e.l.2. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000009 00e4 offset : 00000000 00e8 uni_str_len: 00000009 00ec buffer : \.\.M.S.F.S.3.7.0. 0000fe smb_io_string2 nt_chal_resp 0100 str_max_len: 00000018 0104 offset : 00000000 0108 str_str_len: 00000018 010c buffer : .Gf8NXac...:[....r...... 000124 smb_io_string2 lm_chal_resp 0124 str_max_len: 00000018 0128 offset : 00000000 012c str_str_len: 00000018 0130 buffer : /k.v.._...1]..O..d.'.... 0148 validation_level: 0003 000150 smb_io_rpc_hdr_auth hdr_auth 0150 auth_type : 44 0151 auth_level : 06 0152 auth_pad_len : 06 0153 auth_reserved: 00 0154 auth_context_id: 00000001 SCHANNEL seq_num=0 SCHANNEL: netsec_encode seq_num=0 data_len=336 000158 smb_io_rpc_auth_netsec_chk 0158 sig : 77 00 7a 00 ff ff 00 00 0160 seq_num: 34 07 8b 94 7f 5a 75 86 0168 packet_digest: 3c 63 42 70 39 a4 3e 2f 0170 confounder: ce 9e 2b c1 27 20 8b 63 create_rpc_request: opnum: 0x2 data_len: 0x190 create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0190 000a auth_len : 0020 000c call_id : 0000000a 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000158 0014 context_id: 0000 0016 opnum : 0002 rpc_api_pipe: fnum:73e4 size=482 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 400 (0x190) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=415 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 01 20 00 0A 00 00 00 58 ........ . .....X [020] 01 00 00 00 00 02 00 DD 99 90 1F 11 32 41 B7 B2 ........ ....2A.. [030] DA 2D 43 BA 90 81 0F EB 17 46 FE F7 B3 17 36 13 .-C..... .F....6. [040] 73 DC 94 13 62 E2 56 B1 68 53 8E 4C 16 90 C6 0B s...b.V. hS.L.... [050] 95 95 5C C4 BD 84 80 4F CA F5 A2 FC F4 6F 9C 60 ..\....O .....o.` [060] 10 8E DB B7 6D 1A EE 55 4D 29 83 48 3C A3 50 54 ....m..U M).H<.PT [070] EF B6 E0 BF 49 20 C9 F7 D8 04 EE CB 7E 34 D1 F5 ....I .. ....~4.. [080] AB 05 B4 68 87 CE 72 04 51 30 F6 D5 06 A0 8B 0E ...h..r. Q0...... [090] BC 38 22 B2 00 B3 4B D4 25 E6 A0 FB 78 3F 66 87 .8"...K. %...x?f. [0A0] 90 DD D7 83 E0 77 A6 F3 DB 88 B1 49 CF 68 CD BB .....w.. ...I.h.. [0B0] 67 62 DF 04 95 D7 F9 8A D7 8D 97 7D 52 A7 88 A1 gb...... ...}R... [0C0] E7 0F 8D 52 1A 47 A2 1E 5B 19 82 39 B2 37 47 73 ...R.G.. [..9.7Gs [0D0] D0 17 D6 7E 65 9F A9 89 E5 CB 83 9B A1 F9 74 38 ...~e... ......t8 [0E0] 02 D0 91 51 7F FD 65 BE FA 09 37 B7 BB 71 FA 30 ...Q..e. ..7..q.0 [0F0] 0B 4F 93 0D A9 55 80 1C 2A B1 CC 27 DC 81 9A B3 .O...U.. *..'.... [100] D8 CB 77 2A 3F D0 5B E4 55 40 A3 FF AF 8A D1 AE ..w*?.[. U@...... [110] A4 95 2B E8 DA 1E 5B FF 49 A7 94 E5 47 D0 4E C2 ..+...[. I...G.N. [120] 39 8C A5 7B 73 CC DE D8 B7 65 C0 FB CC FF 40 99 9..{s... .e....@. [130] 8B 09 48 1B 58 5D A7 2D D1 A0 F0 4E 70 73 F1 72 ..H.X].- ...Nps.r [140] 9A 60 B0 E5 49 CB C9 77 50 09 6C 47 65 AE 80 00 .`..I..w P.lGe... [150] 38 03 39 4A 48 6C CE 92 82 00 A9 D1 80 1C A7 BB 8.9JHl.. ........ [160] 9E 01 F2 EE 09 44 F2 18 31 43 5F CD F9 AF EC BF .....D.. 1C_..... [170] 2C 8C 01 76 9D 91 47 44 06 06 00 01 00 00 00 77 ,..v..GD .......w [180] 00 7A 00 FF FF 00 00 34 07 8B 94 7F 5A 75 86 3C .z.....4 ....Zu.< [190] 63 42 70 39 A4 3E 2F CE 9E 2B C1 27 20 8B 63 cBp9.>/. .+.' .c write_socket(11,486) write_socket(11,486) wrote 486 got smb length of 640 size=640 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 584 (0x248) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 584 (0x248) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=585 [000] 00 05 00 02 03 10 00 00 00 48 02 20 00 0A 00 00 ........ .H. .... [010] 00 08 02 00 00 00 00 00 00 23 21 CF 90 C8 D9 A5 ........ .#!..... [020] 7E 20 A0 47 02 11 C5 C9 CA 19 03 7E 2B 08 21 94 ~ .G.... ...~+.!. [030] B3 2B 32 78 83 4E BF 0D 10 8D 1D 26 71 AB CC C1 .+2x.N.. ...&q... [040] 7F 28 37 9F 9A 4A 2A 0A 3F 50 B6 DB A4 3C 84 43 .(7..J*. ?P...<.C [050] 16 C4 9C 20 24 90 C3 A9 50 2E 44 39 52 E4 52 51 ... $... P.D9R.RQ [060] A8 12 16 8A E4 16 64 2F 2C DA 3B D2 10 57 6F 18 ......d/ ,.;..Wo. [070] EA AD 9C 19 4B 7A EE B8 A3 B8 36 1B B0 A3 0C 63 ....Kz.. ..6....c [080] F5 07 D1 4F 92 F9 3D 9A E1 F4 D1 E8 62 FB A7 6C ...O..=. ....b..l [090] 40 C8 49 CA DD F9 BE 9F A2 E9 90 B3 BC 88 ED 57 @.I..... .......W [0A0] 75 35 F3 99 56 D1 57 16 56 5F A5 CB 77 36 F8 42 u5..V.W. V_..w6.B [0B0] FE 7E 1D 16 55 27 94 7C 23 47 5B 95 DB 81 CC 06 .~..U'.| #G[..... [0C0] 84 08 1E F8 12 B8 38 5F 55 74 B8 D6 76 0A 26 7B ......8_ Ut..v.&{ [0D0] A6 71 84 E2 F1 1F B3 F5 AD 4F 55 9A 57 C5 64 0B .q...... .OU.W.d. [0E0] FE 9C 1B 2D 86 39 E3 BA 10 E2 D1 5F E5 D5 21 25 ...-.9.. ..._..!% [0F0] 51 CA 70 81 2D C2 46 4B C4 45 E8 CF DC 38 08 69 Q.p.-.FK .E...8.i [100] AC 2E 4F EC 39 1C 62 6F B3 31 0F D2 5B E1 47 DF ..O.9.bo .1..[.G. [110] 84 AC 79 47 E5 E6 03 BE F8 8C 9C 68 D2 FD 9C F4 ..yG.... ...h.... [120] 0A E8 99 E3 59 67 A6 05 1A B1 D6 13 D8 D5 22 42 ....Yg.. ......"B [130] ED 61 03 D5 A8 70 2C 3B 74 02 28 D6 BE 08 1B 5B .a...p,; t.(....[ [140] 79 AA 54 D6 D9 36 0F DC A3 D2 70 34 BB 1A 41 A2 y.T..6.. ..p4..A. [150] 7C 72 9B 6F DF 30 FC 4B 89 50 A8 FB A9 AC 5A FC |r.o.0.K .P....Z. [160] A9 91 F4 50 C9 15 6F 65 09 7D E4 63 F7 7E 50 53 ...P..oe .}.c.~PS [170] 15 8E A6 F1 D0 E1 4D 5B 3E 4A 2B 56 48 2D 88 6B ......M[ >J+VH-.k [180] 2D 10 F3 4A 3F A7 2A 3C 26 5F A1 04 67 9B 73 68 -..J?.*< &_..g.sh [190] 37 EE 8B D8 07 EC 63 7A 8D 46 BB 90 64 79 A3 0C 7.....cz .F..dy.. [1A0] 9A FE CE 84 C0 D6 D4 4E 3C 76 44 D5 B8 C2 19 50 .......N J+VH-.k [180] 2D 10 F3 4A 3F A7 2A 3C 26 5F A1 04 67 9B 73 68 -..J?.*< &_..g.sh [190] 37 EE 8B D8 07 EC 63 7A 8D 46 BB 90 64 79 A3 0C 7.....cz .F..dy.. [1A0] 9A FE CE 84 C0 D6 D4 4E 3C 76 44 D5 B8 C2 19 50 .......N data_size = 584 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0248 000a auth_len : 0020 000c call_id : 0000000a 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000208 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 584 rpc_auth_pipe: pkt_type: 2 len: 584 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign 0008 sig : 77 00 7a 00 ff ff 00 00 0010 seq_num: d5 91 34 d4 71 33 3c e1 0018 packet_digest: a5 a2 1c d7 0c 03 0e 15 0020 confounder: a8 b6 f0 cd 66 b0 7c fe SCHANNEL: netsec_encode seq_num=1 data_len=520 SCHANNEL: netsec_decode seq_num=1 data_len=520 rpc_api_pipe: fragment first and last both set 000018 net_io_r_sam_logon 0018 buffer_creds: 00000001 00001c smb_io_cred 00001c smb_io_chal 001c data: 45 4a f0 80 0b 5a df a4 000024 smb_io_utime 0024 time: 00000000 0028 switch_value: 0003 00002c net_io_user_info3 002c ptr_user_info : 00000001 000030 smb_io_time logon time 0030 low : 00000000 0034 high: 00000000 000038 smb_io_time logoff time 0038 low : ffffffff 003c high: 7fffffff 000040 smb_io_time kickoff time 0040 low : ffffffff 0044 high: 7fffffff 000048 smb_io_time last set time 0048 low : a2c94280 004c high: 01c5afb4 000050 smb_io_time can change time 0050 low : a2c94280 0054 high: 01c5afb4 000058 smb_io_time must change time 0058 low : ffffffff 005c high: 7fffffff 000060 smb_io_unihdr hdr_user_name 0060 uni_str_len: 0012 0062 uni_max_len: 0012 0064 buffer : 00000001 000068 smb_io_unihdr hdr_full_name 0068 uni_str_len: 0012 006a uni_max_len: 0012 006c buffer : 00000001 000070 smb_io_unihdr hdr_logon_script 0070 uni_str_len: 002a 0072 uni_max_len: 002a 0074 buffer : 00000001 000078 smb_io_unihdr hdr_profile_path 0078 uni_str_len: 0000 007a uni_max_len: 0000 007c buffer : 00000000 000080 smb_io_unihdr hdr_home_dir 0080 uni_str_len: 0022 0082 uni_max_len: 0022 0084 buffer : 00000001 000088 smb_io_unihdr hdr_dir_drive 0088 uni_str_len: 0004 008a uni_max_len: 0004 008c buffer : 00000001 0090 logon_count : 0000 0092 bad_pw_count : 0000 0094 user_rid : 00000e14 0098 group_rid : 00000201 009c num_groups : 00000002 00a0 buffer_groups : 00000001 00a4 user_flgs : 00000020 00a8 user_sess_key: 20 a1 87 1d 0d d9 51 a8 70 04 6e 28 30 03 5d 3f 0000b8 smb_io_unihdr hdr_logon_srv 00b8 uni_str_len: 000a 00ba uni_max_len: 000a 00bc buffer : 00000001 0000c0 smb_io_unihdr hdr_logon_dom 00c0 uni_str_len: 0010 00c2 uni_max_len: 0010 00c4 buffer : 00000001 00c8 buffer_dom_id : 00000001 00cc lm_sess_key: d4 97 a6 4c ef 3b 77 7b 00d4 acct_flags : 00000000 00d8 unkown: 00000000 00dc unkown: 00000000 00e0 unkown: 00000000 00e4 unkown: 00000000 00e8 unkown: 00000000 00ec unkown: 00000000 00f0 unkown: 00000000 00f4 num_other_sids: 00000000 00f8 buffer_other_sids: 00000000 0000fc smb_io_unistr2 uni_user_name 00fc uni_max_len: 00000009 0100 offset : 00000000 0104 uni_str_len: 00000009 0108 buffer : u.z.i.v.a.t.e.l.2. 00011a smb_io_unistr2 uni_full_name 011c uni_max_len: 00000009 0120 offset : 00000000 0124 uni_str_len: 00000009 0128 buffer : u.z.i.v.a.t.e.l.2. 00013a smb_io_unistr2 uni_logon_script 013c uni_max_len: 00000015 0140 offset : 00000000 0144 uni_str_len: 00000015 0148 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. 000172 smb_io_unistr2 - NULL uni_profile_path 000172 smb_io_unistr2 uni_home_dir 0174 uni_max_len: 00000011 0178 offset : 00000000 017c uni_str_len: 00000011 0180 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. 0001a2 smb_io_unistr2 uni_dir_drive 01a4 uni_max_len: 00000002 01a8 offset : 00000000 01ac uni_str_len: 00000002 01b0 buffer : X.:. 01b4 num_groups2 : 00000002 0001b8 smb_io_gid 01b8 g_rid: 00000201 01bc attr : 00000007 0001c0 smb_io_gid 01c0 g_rid: 00000bb9 01c4 attr : 00000007 0001c8 smb_io_unistr2 uni_logon_srv 01c8 uni_max_len: 00000005 01cc offset : 00000000 01d0 uni_str_len: 00000005 01d4 buffer : M.S.D.S.1. 0001de smb_io_unistr2 uni_logon_dom 01e0 uni_max_len: 00000008 01e4 offset : 00000000 01e8 uni_str_len: 00000008 01ec buffer : C.R.O.P.R.A.H.A. 0001fc smb_io_dom_sid2 01fc num_auths: 00000004 000200 smb_io_dom_sid sid 0200 sid_rev_num: 01 0201 num_auths : 04 0202 id_auth[0] : 00 0203 id_auth[1] : 00 0204 id_auth[2] : 00 0205 id_auth[3] : 00 0206 id_auth[4] : 00 0207 id_auth[5] : 05 0208 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b 0218 auth_resp : 00000001 021c status : NT_STATUS_OK clnt_deal_with_creds: 148 cred_create sess_key : 8FE37BD120A40267 stor_cred: 21835717CE1D7DFA timestamp: 4327ecda timecred : FB6F7F5ACE1D7DFA calc_cred: 454AF0800B5ADFA4 cred_assert challenge : 454AF0800B5ADFA4 calculated: 454AF0800B5ADFA4 credentials check ok new clnt cred: FB6F7F5ACE1D7DFA netsamlogon_cache_store: SID [S-1-5-21-949343575-3825593073-2552048267-3604] 0000 timestamp: 4327ecd9 000004 net_io_user_info3 0004 ptr_user_info : 00000001 000008 smb_io_time logon time 0008 low : 00000000 000c high: 00000000 000010 smb_io_time logoff time 0010 low : ffffffff 0014 high: 7fffffff 000018 smb_io_time kickoff time 0018 low : ffffffff 001c high: 7fffffff 000020 smb_io_time last set time 0020 low : a2c94280 0024 high: 01c5afb4 000028 smb_io_time can change time 0028 low : a2c94280 002c high: 01c5afb4 000030 smb_io_time must change time 0030 low : ffffffff 0034 high: 7fffffff 000038 smb_io_unihdr hdr_user_name 0038 uni_str_len: 0012 003a uni_max_len: 0012 003c buffer : 00000001 000040 smb_io_unihdr hdr_full_name 0040 uni_str_len: 0012 0042 uni_max_len: 0012 0044 buffer : 00000001 000048 smb_io_unihdr hdr_logon_script 0048 uni_str_len: 002a 004a uni_max_len: 002a 004c buffer : 00000001 000050 smb_io_unihdr hdr_profile_path 0050 uni_str_len: 0000 0052 uni_max_len: 0000 0054 buffer : 00000000 000058 smb_io_unihdr hdr_home_dir 0058 uni_str_len: 0022 005a uni_max_len: 0022 005c buffer : 00000001 000060 smb_io_unihdr hdr_dir_drive 0060 uni_str_len: 0004 0062 uni_max_len: 0004 0064 buffer : 00000001 0068 logon_count : 0000 006a bad_pw_count : 0000 006c user_rid : 00000e14 0070 group_rid : 00000201 0074 num_groups : 00000002 0078 buffer_groups : 00000001 007c user_flgs : 00000020 0080 user_sess_key: 30 d9 d5 65 37 c8 25 ce 9a a6 d8 31 38 15 1e 6b 000090 smb_io_unihdr hdr_logon_srv 0090 uni_str_len: 000a 0092 uni_max_len: 000a 0094 buffer : 00000001 000098 smb_io_unihdr hdr_logon_dom 0098 uni_str_len: 0010 009a uni_max_len: 0010 009c buffer : 00000001 00a0 buffer_dom_id : 00000001 00a4 lm_sess_key: c4 ef f4 34 d5 2a 03 1d 00ac acct_flags : 00000000 00b0 unkown: 00000000 00b4 unkown: 00000000 00b8 unkown: 00000000 00bc unkown: 00000000 00c0 unkown: 00000000 00c4 unkown: 00000000 00c8 unkown: 00000000 00cc num_other_sids: 00000000 00d0 buffer_other_sids: 00000000 0000d4 smb_io_unistr2 uni_user_name 00d4 uni_max_len: 00000009 00d8 offset : 00000000 00dc uni_str_len: 00000009 00e0 buffer : u.z.i.v.a.t.e.l.2. 0000f2 smb_io_unistr2 uni_full_name 00f4 uni_max_len: 00000009 00f8 offset : 00000000 00fc uni_str_len: 00000009 0100 buffer : u.z.i.v.a.t.e.l.2. 000112 smb_io_unistr2 uni_logon_script 0114 uni_max_len: 00000015 0118 offset : 00000000 011c uni_str_len: 00000015 0120 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. 00014a smb_io_unistr2 - NULL uni_profile_path 00014a smb_io_unistr2 uni_home_dir 014c uni_max_len: 00000011 0150 offset : 00000000 0154 uni_str_len: 00000011 0158 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. 00017a smb_io_unistr2 uni_dir_drive 017c uni_max_len: 00000002 0180 offset : 00000000 0184 uni_str_len: 00000002 0188 buffer : X.:. 018c num_groups2 : 00000002 000190 smb_io_gid 0190 g_rid: 00000201 0194 attr : 00000007 000198 smb_io_gid 0198 g_rid: 00000bb9 019c attr : 00000007 0001a0 smb_io_unistr2 uni_logon_srv 01a0 uni_max_len: 00000005 01a4 offset : 00000000 01a8 uni_str_len: 00000005 01ac buffer : M.S.D.S.1. 0001b6 smb_io_unistr2 uni_logon_dom 01b8 uni_max_len: 00000008 01bc offset : 00000000 01c0 uni_str_len: 00000008 01c4 buffer : C.R.O.P.R.A.H.A. 0001d4 smb_io_dom_sid2 01d4 num_auths: 00000004 0001d8 smb_io_dom_sid sid 01d8 sid_rev_num: 01 01d9 num_auths : 04 01da id_auth[0] : 00 01db id_auth[1] : 00 01dc id_auth[2] : 00 01dd id_auth[3] : 00 01de id_auth[4] : 00 01df id_auth[5] : 05 01e0 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b netsamlogon_clear_cached_user: clearing U/CROPRAHA/3604 netsamlogon_clear_cached_user: clearing UG/CROPRAHA/3604 Plain-text authentication for user CROPRAHA\uzivatel2 returned NT_STATUS_OK (PAM: 0) Storing response for pid 15702, len 1300 Retrieving response for pid 15702 process_request: request fn INFO [ 0]: request misc info process_request: request fn AUTH_CRAP [ 0]: pam auth crap domain: [CROPRAHA] user: uzivatel2 is_myname("CROPRAHA") returns 0 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 13 process_request: request fn AUTH_CRAP [15700]: pam auth crap domain: CROPRAHA user: uzivatel2 is_myname("CROPRAHA") returns 0 cred_create sess_key : 8FE37BD120A40267 stor_cred: FB6F7F5ACE1D7DFA timestamp: 4327ecd9 timecred : D45CA79DCE1D7DFA calc_cred: 9DBC6049697DA4E8 init_id_info2: 1178 make_logon_id: 1586 init_sam_info: 1272 make_clnt_info: 1501 init_clnt_srv: 1346 000000 net_io_q_sam_logon 000000 smb_io_sam_info 000000 smb_io_clnt_info2 000000 smb_io_clnt_srv 0000 undoc_buffer : 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 0020 undoc_buffer2: 00000001 000024 smb_io_unistr2 unistr2 0024 uni_max_len: 00000008 0028 offset : 00000000 002c uni_str_len: 00000008 0030 buffer : M.S.F.S.3.7.0... 0040 ptr_cred: 00000001 000044 smb_io_cred 000044 smb_io_chal 0044 data: 9d bc 60 49 69 7d a4 e8 00004c smb_io_utime 004c time: 4327ecd9 0050 ptr_rtn_cred : 00000001 000054 smb_io_cred 000054 smb_io_chal 0054 data: 00 00 00 00 00 00 00 00 00005c smb_io_utime 005c time: 00000000 0060 logon_level : 0002 000062 smb_io_sam_info logon_info 0062 switch_value : 0002 000064 net_io_id_info2 0064 ptr_id_info2: 00000001 000068 smb_io_unihdr unihdr 0068 uni_str_len: 0010 006a uni_max_len: 0010 006c buffer : 00000001 0070 param_ctrl: 00000000 000074 smb_io_logon_id 0074 low : 0000dead 0078 high: 0000beef 00007c smb_io_unihdr unihdr 007c uni_str_len: 0012 007e uni_max_len: 0012 0080 buffer : 00000001 000084 smb_io_unihdr unihdr 0084 uni_str_len: 0012 0086 uni_max_len: 0012 0088 buffer : 00000001 008c lm_chal: b4 9c 6d a3 64 1d 2f 19 000094 smb_io_strhdr hdr_nt_chal_resp 0094 str_str_len: 0018 0096 str_max_len: 0018 0098 buffer : 00000001 00009c smb_io_strhdr hdr_lm_chal_resp 009c str_str_len: 0018 009e str_max_len: 0018 00a0 buffer : 00000001 0000a4 smb_io_unistr2 uni_domain_name 00a4 uni_max_len: 00000008 00a8 offset : 00000000 00ac uni_str_len: 00000008 00b0 buffer : C.R.O.P.R.A.H.A. 0000c0 smb_io_unistr2 uni_user_name 00c0 uni_max_len: 00000009 00c4 offset : 00000000 00c8 uni_str_len: 00000009 00cc buffer : u.z.i.v.a.t.e.l.2. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000009 00e4 offset : 00000000 00e8 uni_str_len: 00000009 00ec buffer : \.\.M.S.F.S.3.7.0. 0000fe smb_io_string2 nt_chal_resp 0100 str_max_len: 00000018 0104 offset : 00000000 0108 str_str_len: 00000018 010c buffer : 0..{.....L.......*...... 000124 smb_io_string2 lm_chal_resp 0124 str_max_len: 00000018 0128 offset : 00000000 012c str_str_len: 00000018 0130 buffer : .5P#."<.....S...(..tY... 0148 validation_level: 0003 000150 smb_io_rpc_hdr_auth hdr_auth 0150 auth_type : 44 0151 auth_level : 06 0152 auth_pad_len : 06 0153 auth_reserved: 00 0154 auth_context_id: 00000001 SCHANNEL seq_num=2 SCHANNEL: netsec_encode seq_num=2 data_len=336 000158 smb_io_rpc_auth_netsec_chk 0158 sig : 77 00 7a 00 ff ff 00 00 0160 seq_num: fa 1d 69 92 b8 63 4c 06 0168 packet_digest: 59 25 89 b0 f0 2c a5 98 0170 confounder: b3 03 48 87 e9 d6 75 e6 create_rpc_request: opnum: 0x2 data_len: 0x190 create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0190 000a auth_len : 0020 000c call_id : 0000000b 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000158 0014 context_id: 0000 0016 opnum : 0002 rpc_api_pipe: fnum:73e4 size=482 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 400 (0x190) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=415 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 01 20 00 0B 00 00 00 58 ........ . .....X [020] 01 00 00 00 00 02 00 A6 8E 78 49 68 CF 40 4F 18 ........ .xIh.@O. [030] 55 B0 B5 5D A7 8C C7 C5 AE 64 D9 DD 4B B7 A2 1F U..].... .d..K... [040] 6E 5F D8 E8 B7 BE 71 30 57 FC 52 58 63 94 3B 57 n_....q0 W.RXc.;W [050] 78 CB 42 3A E3 EA 2D 94 73 82 2F A6 5B 1B CA 72 x.B:..-. s./.[..r [060] C4 A1 CC C0 29 58 91 49 D8 2C D1 A8 80 E8 3D 14 ....)X.I .,....=. [070] 62 97 F0 04 9E 3C CE C8 AB D3 3A 13 4D 13 D1 24 b....<.. ..:.M..$ [080] 11 93 D5 A6 E5 D2 CF A6 1B 37 0C 18 1D 09 B4 23 ........ .7.....# [090] EA CF 03 EF 1B 7A 37 3D B6 A0 44 B0 CA 83 FE 09 .....z7= ..D..... [0A0] B4 75 BC 1F 33 BC 27 11 6E 87 E9 FD 36 9D 02 CD .u..3.'. n...6... [0B0] 5D 20 EE 2B E1 C2 D9 3C 43 8E 92 ED 97 33 BD AD ] .+...< C....3.. [0C0] 7C 8E A6 6A F2 5F 8B C4 C2 F2 40 7B 60 B0 C2 0B |..j._.. ..@{`... [0D0] F2 E1 EC E8 0B F1 04 1F D9 A7 F7 20 3B A9 AF D1 ........ ... ;... [0E0] F9 CF 4D 4E 2A B9 A4 26 E7 16 11 7A E0 21 A4 3F ..MN*..& ...z.!.? [0F0] 49 52 6B 32 11 37 C7 2F 35 69 22 5D E3 16 9D 2E IRk2.7./ 5i"].... [100] 34 F6 05 93 20 80 58 E7 BB 39 77 6A F3 73 CF F1 4... .X. .9wj.s.. [110] C6 B7 8D EB FB 0B 5A D8 40 91 DC D4 BB 84 EC 6B ......Z. @......k [120] A9 EC D9 84 A0 58 6F F8 BF 3E 40 06 5A 84 C1 CF .....Xo. .>@.Z... [130] 2C C3 7E 9A 50 7F 54 B5 53 77 7C 23 24 92 89 D9 ,.~.P.T. Sw|#$... [140] 4F 6E 33 DF A2 B2 F7 D4 B5 1D 76 7F 3D 2B 22 5E On3..... ..v.=+"^ [150] 1D 57 5B 46 EC F6 79 12 AC 85 FA 8B C6 C8 04 88 .W[F..y. ........ [160] 09 5A BD 69 63 A1 AD 87 64 B1 63 BF 49 F9 38 E2 .Z.ic... d.c.I.8. [170] 55 66 86 0E AD FF A1 44 06 06 00 01 00 00 00 77 Uf.....D .......w [180] 00 7A 00 FF FF 00 00 FA 1D 69 92 B8 63 4C 06 59 .z...... .i..cL.Y [190] 25 89 B0 F0 2C A5 98 B3 03 48 87 E9 D6 75 E6 %...,... .H...u. write_socket(11,486) write_socket(11,486) wrote 486 got smb length of 640 size=640 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 584 (0x248) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 584 (0x248) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=585 [000] 00 05 00 02 03 10 00 00 00 48 02 20 00 0B 00 00 ........ .H. .... [010] 00 08 02 00 00 00 00 00 00 F6 1B 41 D2 00 57 60 ........ ...A..W` [020] 34 DD 52 E0 DD B6 0A FD 02 C4 BB 5E 50 B7 42 C5 4.R..... ...^P.B. [030] A8 73 04 F6 EB 62 76 8B BE CD 90 58 D4 AD EA 27 .s...bv. ...X...' [040] 9F 81 CE 20 6C C5 CD F3 97 8C 20 30 99 D1 52 02 ... l... .. 0..R. [050] 6A 92 2E AA 40 B8 01 05 4B 44 DD FA 4B B9 20 A8 j...@... KD..K. . [060] 17 3E 2D 8A 32 BC 71 FA C5 61 48 4F 33 16 0A 56 .>-.2.q. .aHO3..V [070] B8 72 E2 A4 07 F5 3E 00 3F F3 48 9C D2 42 D0 9D .r....>. ?.H..B.. [080] E1 DB 81 DB 2E 0C 8C 45 4B CD 75 80 22 C8 C6 D3 .......E K.u."... [090] 6E 99 F8 65 22 C7 CD 4F CC 7D 13 A9 B0 00 B5 74 n..e"..O .}.....t [0A0] 85 74 70 5C 03 8F 24 FB E3 9C 7C BD BE F2 CE 2B .tp\..$. ..|....+ [0B0] 45 6B B7 35 8D FF 53 15 5F BE DF 55 23 81 AA B0 Ek.5..S. _..U#... [0C0] B2 F5 59 5B 63 88 E8 67 63 96 F8 40 85 B4 B9 BC ..Y[c..g c..@.... [0D0] A3 34 D6 B8 27 0A 45 2E 22 63 68 11 94 85 E9 55 .4..'.E. "ch....U [0E0] 80 19 E4 EB A1 E7 65 FC 0A 84 94 02 FD 49 34 5F ......e. .....I4_ [0F0] 39 37 4E B5 43 2C FA E9 07 99 C7 C1 2F E6 0F 36 97N.C,.. ..../..6 [100] EF F4 17 61 61 CD 87 D8 1E DB F1 28 95 DE 62 8D ...aa... ...(..b. [110] 11 29 B1 13 63 18 47 26 22 FF 99 55 04 B5 F5 4A .)..c.G& "..U...J [120] 1F C6 5C CE D1 50 3A 09 DE D3 E2 F6 EF 83 1C 25 ..\..P:. .......% [130] 1F 40 61 8D 0F A0 63 50 5E E6 59 10 4D 2F 0E C3 .@a...cP ^.Y.M/.. [140] E0 08 F6 10 26 12 D1 33 CE 8D A6 EA 18 FE D5 C4 ....&..3 ........ [150] 6A 29 B5 E6 D7 AA 68 07 89 52 CB FF B0 6B 5E 11 j)....h. .R...k^. [160] EC 2D 5E 6F B4 3A F2 84 00 28 59 B1 18 DB FA BF .-^o.:.. .(Y..... [170] B9 12 04 CE 0E 77 49 BF CB A8 91 F2 1F 6F CB C7 .....wI. .....o.. [180] 9C A0 49 3A B6 D7 D7 C0 55 F0 7D 18 8B 27 20 81 ..I:.... U.}..' . [190] 13 A1 67 1E B9 4A 6F BF AD 7E 51 17 D3 62 F9 6D ..g..Jo. .~Q..b.m [1A0] E3 20 38 FE 4E 4D C9 AC BB 99 B0 91 BE 80 2D 8A . 8.NM.. ......-. [1B0] CB E4 D2 39 61 D5 08 CF DC 3D D8 37 AF 35 99 FC ...9a... .=.7.5.. [1C0] D8 A5 5B 39 0E 02 9F D9 32 39 65 04 32 DD 7B 1A ..[9.... 29e.2.{. [1D0] 80 3B D6 E7 BA 4A 10 42 33 6B 42 17 06 EF 28 C8 .;...J.B 3kB...(. [1E0] 85 FB 2C 54 E3 AA 3E 62 E0 A7 59 7B 70 C4 B5 52 ..,T..>b ..Y{p..R [1F0] 96 D9 74 28 C6 9B DB 98 9B 9B 66 45 BC 03 33 8A ..t(.... ..fE..3. size=640 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 584 (0x248) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 584 (0x248) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=585 [000] 00 05 00 02 03 10 00 00 00 48 02 20 00 0B 00 00 ........ .H. .... [010] 00 08 02 00 00 00 00 00 00 F6 1B 41 D2 00 57 60 ........ ...A..W` [020] 34 DD 52 E0 DD B6 0A FD 02 C4 BB 5E 50 B7 42 C5 4.R..... ...^P.B. [030] A8 73 04 F6 EB 62 76 8B BE CD 90 58 D4 AD EA 27 .s...bv. ...X...' [040] 9F 81 CE 20 6C C5 CD F3 97 8C 20 30 99 D1 52 02 ... l... .. 0..R. [050] 6A 92 2E AA 40 B8 01 05 4B 44 DD FA 4B B9 20 A8 j...@... KD..K. . [060] 17 3E 2D 8A 32 BC 71 FA C5 61 48 4F 33 16 0A 56 .>-.2.q. .aHO3..V [070] B8 72 E2 A4 07 F5 3E 00 3F F3 48 9C D2 42 D0 9D .r....>. ?.H..B.. [080] E1 DB 81 DB 2E 0C 8C 45 4B CD 75 80 22 C8 C6 D3 .......E K.u."... [090] 6E 99 F8 65 22 C7 CD 4F CC 7D 13 A9 B0 00 B5 74 n..e"..O .}.....t [0A0] 85 74 70 5C 03 8F 24 FB E3 9C 7C BD BE F2 CE 2B .tp\..$. ..|....+ [0B0] 45 6B B7 35 8D FF 53 15 5F BE DF 55 23 81 AA B0 Ek.5..S. _..U#... [0C0] B2 F5 59 5B 63 88 E8 67 63 96 F8 40 85 B4 B9 BC ..Y[c..g c..@.... [0D0] A3 34 D6 B8 27 0A 45 2E 22 63 68 11 94 85 E9 55 .4..'.E. "ch....U [0E0] 80 19 E4 EB A1 E7 65 FC 0A 84 94 02 FD 49 34 5F ......e. .....I4_ [0F0] 39 37 4E B5 43 2C FA E9 07 99 C7 C1 2F E6 0F 36 97N.C,.. ..../..6 [100] EF F4 17 61 61 CD 87 D8 1E DB F1 28 95 DE 62 8D ...aa... ...(..b. [110] 11 29 B1 13 63 18 47 26 22 FF 99 55 04 B5 F5 4A .)..c.G& "..U...J [120] 1F C6 5C CE D1 50 3A 09 DE D3 E2 F6 EF 83 1C 25 ..\..P:. .......% [130] 1F 40 61 8D 0F A0 63 50 5E E6 59 10 4D 2F 0E C3 .@a...cP ^.Y.M/.. [140] E0 08 F6 10 26 12 D1 33 CE 8D A6 EA 18 FE D5 C4 ....&..3 ........ [150] 6A 29 B5 E6 D7 AA 68 07 89 52 CB FF B0 6B 5E 11 j)....h. .R...k^. [160] EC 2D 5E 6F B4 3A F2 84 00 28 59 B1 18 DB FA BF .-^o.:.. .(Y..... [170] B9 12 04 CE 0E 77 49 BF CB A8 91 F2 1F 6F CB C7 .....wI. .....o.. [180] 9C A0 49 3A B6 D7 D7 C0 55 F0 7D 18 8B 27 20 81 ..I:.... U.}..' . [190] 13 A1 67 1E B9 4A 6F BF AD 7E 51 17 D3 62 F9 6D ..g..Jo. .~Q..b.m [1A0] E3 20 38 FE 4E 4D C9 AC BB 99 B0 91 BE 80 2D 8A . 8.NM.. ......-. [1B0] CB E4 D2 39 61 D5 08 CF DC 3D D8 37 AF 35 99 FC ...9a... .=.7.5.. [1C0] D8 A5 5B 39 0E 02 9F D9 32 39 65 04 32 DD 7B 1A ..[9.... 29e.2.{. [1D0] 80 3B D6 E7 BA 4A 10 42 33 6B 42 17 06 EF 28 C8 .;...J.B 3kB...(. [1E0] 85 FB 2C 54 E3 AA 3E 62 E0 A7 59 7B 70 C4 B5 52 ..,T..>b ..Y{p..R [1F0] 96 D9 74 28 C6 9B DB 98 9B 9B 66 45 BC 03 33 8A ..t(.... ..fE..3. rpc_check_hdr: rdata->data_size = 584 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0248 000a auth_len : 0020 000c call_id : 0000000b 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000208 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 584 rpc_auth_pipe: pkt_type: 2 len: 584 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign 0008 sig : 77 00 7a 00 ff ff 00 00 0010 seq_num: 5e 1a fc 38 50 a1 c2 52 0018 packet_digest: 00 d2 ca ef 88 5a 65 7e 0020 confounder: de 7e ba e3 08 73 8a 44 SCHANNEL: netsec_encode seq_num=3 data_len=520 SCHANNEL: netsec_decode seq_num=3 data_len=520 rpc_api_pipe: fragment first and last both set 000018 net_io_r_sam_logon 0018 buffer_creds: 00000001 00001c smb_io_cred 00001c smb_io_chal 001c data: 24 67 8f fc d7 63 ea 96 000024 smb_io_utime 0024 time: 00000000 0028 switch_value: 0003 00002c net_io_user_info3 002c ptr_user_info : 00000001 000030 smb_io_time logon time 0030 low : 00000000 0034 high: 00000000 000038 smb_io_time logoff time 0038 low : ffffffff 003c high: 7fffffff 000040 smb_io_time kickoff time 0040 low : ffffffff 0044 high: 7fffffff 000048 smb_io_time last set time 0048 low : a2c94280 004c high: 01c5afb4 000050 smb_io_time can change time 0050 low : a2c94280 0054 high: 01c5afb4 000058 smb_io_time must change time 0058 low : ffffffff 005c high: 7fffffff 000060 smb_io_unihdr hdr_user_name 0060 uni_str_len: 0012 0062 uni_max_len: 0012 0064 buffer : 00000001 000068 smb_io_unihdr hdr_full_name 0068 uni_str_len: 0012 006a uni_max_len: 0012 006c buffer : 00000001 000070 smb_io_unihdr hdr_logon_script 0070 uni_str_len: 002a 0072 uni_max_len: 002a 0074 buffer : 00000001 000078 smb_io_unihdr hdr_profile_path 0078 uni_str_len: 0000 007a uni_max_len: 0000 007c buffer : 00000000 000080 smb_io_unihdr hdr_home_dir 0080 uni_str_len: 0022 0082 uni_max_len: 0022 0084 buffer : 00000001 000088 smb_io_unihdr hdr_dir_drive 0088 uni_str_len: 0004 008a uni_max_len: 0004 008c buffer : 00000001 0090 logon_count : 0000 0092 bad_pw_count : 0000 0094 user_rid : 00000e14 0098 group_rid : 00000201 009c num_groups : 00000002 00a0 buffer_groups : 00000001 00a4 user_flgs : 00000020 00a8 user_sess_key: 20 a1 87 1d 0d d9 51 a8 70 04 6e 28 30 03 5d 3f 0000b8 smb_io_unihdr hdr_logon_srv 00b8 uni_str_len: 000a 00ba uni_max_len: 000a 00bc buffer : 00000001 0000c0 smb_io_unihdr hdr_logon_dom 00c0 uni_str_len: 0010 00c2 uni_max_len: 0010 00c4 buffer : 00000001 00c8 buffer_dom_id : 00000001 00cc lm_sess_key: d4 97 a6 4c ef 3b 77 7b 00d4 acct_flags : 00000000 00d8 unkown: 00000000 00dc unkown: 00000000 00e0 unkown: 00000000 00e4 unkown: 00000000 00e8 unkown: 00000000 00ec unkown: 00000000 00f0 unkown: 00000000 00f4 num_other_sids: 00000000 00f8 buffer_other_sids: 00000000 0000fc smb_io_unistr2 uni_user_name 00fc uni_max_len: 00000009 0100 offset : 00000000 0104 uni_str_len: 00000009 0108 buffer : u.z.i.v.a.t.e.l.2. 00011a smb_io_unistr2 uni_full_name 011c uni_max_len: 00000009 0120 offset : 00000000 0124 uni_str_len: 00000009 0128 buffer : u.z.i.v.a.t.e.l.2. 00013a smb_io_unistr2 uni_logon_script 013c uni_max_len: 00000015 0140 offset : 00000000 0144 uni_str_len: 00000015 0148 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. 000172 smb_io_unistr2 - NULL uni_profile_path 000172 smb_io_unistr2 uni_home_dir 0174 uni_max_len: 00000011 0178 offset : 00000000 017c uni_str_len: 00000011 0180 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. 0001a2 smb_io_unistr2 uni_dir_drive 01a4 uni_max_len: 00000002 01a8 offset : 00000000 01ac uni_str_len: 00000002 01b0 buffer : X.:. 01b4 num_groups2 : 00000002 0001b8 smb_io_gid 01b8 g_rid: 00000201 01bc attr : 00000007 0001c0 smb_io_gid 01c0 g_rid: 00000bb9 01c4 attr : 00000007 0001c8 smb_io_unistr2 uni_logon_srv 01c8 uni_max_len: 00000005 01cc offset : 00000000 01d0 uni_str_len: 00000005 01d4 buffer : M.S.D.S.1. 0001de smb_io_unistr2 uni_logon_dom 01e0 uni_max_len: 00000008 01e4 offset : 00000000 01e8 uni_str_len: 00000008 01ec buffer : C.R.O.P.R.A.H.A. 0001fc smb_io_dom_sid2 01fc num_auths: 00000004 000200 smb_io_dom_sid sid 0200 sid_rev_num: 01 0201 num_auths : 04 0202 id_auth[0] : 00 0203 id_auth[1] : 00 0204 id_auth[2] : 00 0205 id_auth[3] : 00 0206 id_auth[4] : 00 0207 id_auth[5] : 05 0208 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b 0218 auth_resp : 00000001 021c status : NT_STATUS_OK clnt_deal_with_creds: 148 cred_create sess_key : 8FE37BD120A40267 stor_cred: FB6F7F5ACE1D7DFA timestamp: 4327ecda timecred : D55CA79DCE1D7DFA calc_cred: 24678FFCD763EA96 cred_assert challenge : 24678FFCD763EA96 calculated: 24678FFCD763EA96 credentials check ok new clnt cred: D55CA79DCE1D7DFA netsamlogon_cache_store: SID [S-1-5-21-949343575-3825593073-2552048267-3604] 0000 timestamp: 4327ecd9 000004 net_io_user_info3 0004 ptr_user_info : 00000001 000008 smb_io_time logon time 0008 low : 00000000 000c high: 00000000 000010 smb_io_time logoff time 0010 low : ffffffff 0014 high: 7fffffff 000018 smb_io_time kickoff time 0018 low : ffffffff 001c high: 7fffffff 000020 smb_io_time last set time 0020 low : a2c94280 0024 high: 01c5afb4 000028 smb_io_time can change time 0028 low : a2c94280 002c high: 01c5afb4 000030 smb_io_time must change time 0030 low : ffffffff 0034 high: 7fffffff 000038 smb_io_unihdr hdr_user_name 0038 uni_str_len: 0012 003a uni_max_len: 0012 003c buffer : 00000001 000040 smb_io_unihdr hdr_full_name 0040 uni_str_len: 0012 0042 uni_max_len: 0012 0044 buffer : 00000001 000048 smb_io_unihdr hdr_logon_script 0048 uni_str_len: 002a 004a uni_max_len: 002a 004c buffer : 00000001 000050 smb_io_unihdr hdr_profile_path 0050 uni_str_len: 0000 0052 uni_max_len: 0000 0054 buffer : 00000000 000058 smb_io_unihdr hdr_home_dir 0058 uni_str_len: 0022 005a uni_max_len: 0022 005c buffer : 00000001 000060 smb_io_unihdr hdr_dir_drive 0060 uni_str_len: 0004 0062 uni_max_len: 0004 0064 buffer : 00000001 0068 logon_count : 0000 006a bad_pw_count : 0000 006c user_rid : 00000e14 0070 group_rid : 00000201 0074 num_groups : 00000002 0078 buffer_groups : 00000001 007c user_flgs : 00000020 0080 user_sess_key: 30 d9 d5 65 37 c8 25 ce 9a a6 d8 31 38 15 1e 6b 000090 smb_io_unihdr hdr_logon_srv 0090 uni_str_len: 000a 0092 uni_max_len: 000a 0094 buffer : 00000001 000098 smb_io_unihdr hdr_logon_dom 0098 uni_str_len: 0010 009a uni_max_len: 0010 009c buffer : 00000001 00a0 buffer_dom_id : 00000001 00a4 lm_sess_key: c4 ef f4 34 d5 2a 03 1d 00ac acct_flags : 00000000 00b0 unkown: 00000000 00b4 unkown: 00000000 00b8 unkown: 00000000 00bc unkown: 00000000 00c0 unkown: 00000000 00c4 unkown: 00000000 00c8 unkown: 00000000 00cc num_other_sids: 00000000 00d0 buffer_other_sids: 00000000 0000d4 smb_io_unistr2 uni_user_name 00d4 uni_max_len: 00000009 00d8 offset : 00000000 00dc uni_str_len: 00000009 00e0 buffer : u.z.i.v.a.t.e.l.2. 0000f2 smb_io_unistr2 uni_full_name 00f4 uni_max_len: 00000009 00f8 offset : 00000000 00fc uni_str_len: 00000009 0100 buffer : u.z.i.v.a.t.e.l.2. 000112 smb_io_unistr2 uni_logon_script 0114 uni_max_len: 00000015 0118 offset : 00000000 011c uni_str_len: 00000015 0120 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. 00014a smb_io_unistr2 - NULL uni_profile_path 00014a smb_io_unistr2 uni_home_dir 014c uni_max_len: 00000011 0150 offset : 00000000 0154 uni_str_len: 00000011 0158 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. 00017a smb_io_unistr2 uni_dir_drive 017c uni_max_len: 00000002 0180 offset : 00000000 0184 uni_str_len: 00000002 0188 buffer : X.:. 018c num_groups2 : 00000002 000190 smb_io_gid 0190 g_rid: 00000201 0194 attr : 00000007 000198 smb_io_gid 0198 g_rid: 00000bb9 019c attr : 00000007 0001a0 smb_io_unistr2 uni_logon_srv 01a0 uni_max_len: 00000005 01a4 offset : 00000000 01a8 uni_str_len: 00000005 01ac buffer : M.S.D.S.1. 0001b6 smb_io_unistr2 uni_logon_dom 01b8 uni_max_len: 00000008 01bc offset : 00000000 01c0 uni_str_len: 00000008 01c4 buffer : C.R.O.P.R.A.H.A. 0001d4 smb_io_dom_sid2 01d4 num_auths: 00000004 0001d8 smb_io_dom_sid sid 01d8 sid_rev_num: 01 01d9 num_auths : 04 01da id_auth[0] : 00 01db id_auth[1] : 00 01dc id_auth[2] : 00 01dd id_auth[3] : 00 01de id_auth[4] : 00 01df id_auth[5] : 05 01e0 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b netsamlogon_clear_cached_user: clearing U/CROPRAHA/3604 netsamlogon_clear_cached_user: clearing UG/CROPRAHA/3604 NTLM CRAP authentication for user [CROPRAHA]\[uzivatel2] returned NT_STATUS_OK (PAM: 0) Storing response for pid 15702, len 1300 Retrieving response for pid 15702 accepted socket 15 process_request: request fn INTERFACE_VERSION [ 0]: request interface version process_request: request fn WINBINDD_PRIV_PIPE_DIR [ 0]: request location of privileged pipe accepted socket 16 process_request: request fn PAM_AUTH [ 0]: pam auth CROPRAHA\uzivatel2 is_myname("CROPRAHA") returns 0 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 12 process_request: request fn PAM_AUTH [15700]: pam auth CROPRAHA\uzivatel2 is_myname("CROPRAHA") returns 0 cred_create sess_key : 8FE37BD120A40267 stor_cred: D55CA79DCE1D7DFA timestamp: 4327ecdd timecred : B249CFE0CE1D7DFA calc_cred: 08D654B3447974BA init_id_info2: 1178 make_logon_id: 1586 init_sam_info: 1272 make_clnt_info: 1501 init_clnt_srv: 1346 000000 net_io_q_sam_logon 000000 smb_io_sam_info 000000 smb_io_clnt_info2 000000 smb_io_clnt_srv 0000 undoc_buffer : 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 0020 undoc_buffer2: 00000001 000024 smb_io_unistr2 unistr2 0024 uni_max_len: 00000008 0028 offset : 00000000 002c uni_str_len: 00000008 0030 buffer : M.S.F.S.3.7.0... 0040 ptr_cred: 00000001 000044 smb_io_cred 000044 smb_io_chal 0044 data: 08 d6 54 b3 44 79 74 ba 00004c smb_io_utime 004c time: 4327ecdd 0050 ptr_rtn_cred : 00000001 000054 smb_io_cred 000054 smb_io_chal 0054 data: 00 00 00 00 00 00 00 00 00005c smb_io_utime 005c time: 00000000 0060 logon_level : 0002 000062 smb_io_sam_info logon_info 0062 switch_value : 0002 000064 net_io_id_info2 0064 ptr_id_info2: 00000001 000068 smb_io_unihdr unihdr 0068 uni_str_len: 0010 006a uni_max_len: 0010 006c buffer : 00000001 0070 param_ctrl: 00000000 000074 smb_io_logon_id 0074 low : 0000dead 0078 high: 0000beef 00007c smb_io_unihdr unihdr 007c uni_str_len: 0012 007e uni_max_len: 0012 0080 buffer : 00000001 000084 smb_io_unihdr unihdr 0084 uni_str_len: 0012 0086 uni_max_len: 0012 0088 buffer : 00000001 008c lm_chal: 9d fc 27 64 02 1e c6 59 000094 smb_io_strhdr hdr_nt_chal_resp 0094 str_str_len: 0018 0096 str_max_len: 0018 0098 buffer : 00000001 00009c smb_io_strhdr hdr_lm_chal_resp 009c str_str_len: 0018 009e str_max_len: 0018 00a0 buffer : 00000001 0000a4 smb_io_unistr2 uni_domain_name 00a4 uni_max_len: 00000008 00a8 offset : 00000000 00ac uni_str_len: 00000008 00b0 buffer : C.R.O.P.R.A.H.A. 0000c0 smb_io_unistr2 uni_user_name 00c0 uni_max_len: 00000009 00c4 offset : 00000000 00c8 uni_str_len: 00000009 00cc buffer : u.z.i.v.a.t.e.l.2. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000009 00e4 offset : 00000000 00e8 uni_str_len: 00000009 00ec buffer : \.\.M.S.F.S.3.7.0. 0000fe smb_io_string2 nt_chal_resp 0100 str_max_len: 00000018 0104 offset : 00000000 0108 str_str_len: 00000018 010c buffer : !....../.-..O|.s*.>.[I!. 000124 smb_io_string2 lm_chal_resp 0124 str_max_len: 00000018 0128 offset : 00000000 012c str_str_len: 00000018 0130 buffer : ...^.....z....L0...E.... 0148 validation_level: 0003 000150 smb_io_rpc_hdr_auth hdr_auth 0150 auth_type : 44 0151 auth_level : 06 0152 auth_pad_len : 06 0153 auth_reserved: 00 0154 auth_context_id: 00000001 SCHANNEL seq_num=4 SCHANNEL: netsec_encode seq_num=4 data_len=336 000158 smb_io_rpc_auth_netsec_chk 0158 sig : 77 00 7a 00 ff ff 00 00 0160 seq_num: f6 b4 f7 2e 5b c9 57 20 0168 packet_digest: 06 69 88 bb 8f 69 5e f6 0170 confounder: 88 c9 e2 a9 cc 8b 2d e7 create_rpc_request: opnum: 0x2 data_len: 0x190 create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0190 000a auth_len : 0020 000c call_id : 0000000c 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000158 0014 context_id: 0000 0016 opnum : 0002 rpc_api_pipe: fnum:73e4 size=482 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 400 (0x190) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=415 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 01 20 00 0C 00 00 00 58 ........ . .....X [020] 01 00 00 00 00 02 00 82 C2 DC 57 76 58 EC A1 2E ........ ..WvX... [030] 31 5C D3 E1 C0 1A 21 4E 9D F7 DD CF 74 1A 29 43 1\....!N ....t.)C [040] BF D5 22 F1 B3 FB BC 2D 40 10 19 9F DC 39 A8 4C .."....- @....9.L [050] C4 E9 73 75 E6 2F C9 8E 4F EC EC ED 0F 3F 75 55 ..su./.. O....?uU [060] 85 C4 A3 7B CF E4 E2 47 B0 59 29 5C 1F FF 15 3C ...{...G .Y)\...< [070] F2 41 1E 4E EF 6B D4 1E AC 68 05 69 C8 B5 DC 50 .A.N.k.. .h.i...P [080] 3C D1 04 84 B5 48 A9 D1 78 9E 5D C2 6C E6 9C 02 <....H.. x.].l... [090] B1 9B 28 F0 67 27 29 23 E1 81 38 E4 A3 C3 3C 00 ..(.g')# ..8...<. [0A0] 67 CC D5 08 5E AE 85 21 65 89 8B 80 A7 36 7D 29 g...^..! e....6}) [0B0] 77 7F 1E AC 03 C1 F3 17 02 E4 CB F9 D7 19 95 5D w....... .......] [0C0] 15 9F 20 7F E5 EA 46 C7 35 FF 77 72 E3 DB 02 8F .. ...F. 5.wr.... [0D0] F4 8D 06 6A 26 29 09 25 0D C1 0F B9 EB 51 C6 98 ...j&).% .....Q.. [0E0] 1A D4 01 92 4E FE DB 30 CA 39 E9 9B AD 20 2C 6D ....N..0 .9... ,m [0F0] 21 59 0B 40 BE 9C BC 68 BA DB 3E 4A 9A B7 8F 03 !Y.@...h ..>J.... [100] 1C 46 FB FA D0 28 C5 D0 A0 76 DD A2 67 E0 D5 E6 .F...(.. .v..g... [110] E4 76 2A F9 C2 0D 43 68 DC 41 8E 2E 7E EE 12 71 .v*...Ch .A..~..q [120] F2 40 79 59 C7 A3 BA 16 E6 5B E6 8B 12 32 EA E6 .@yY.... .[...2.. [130] A2 A9 67 F3 AD 61 44 66 D3 89 B0 34 77 8F A2 F9 ..g..aDf ...4w... [140] 4F 7D B4 6D 9F 1F F9 1C 00 53 74 38 4F 95 4E 2E O}.m.... .St8O.N. [150] E3 7C 54 E9 61 CD E1 66 97 0D 64 4E 78 64 B5 EB .|T.a..f ..dNxd.. [160] 8E 7C F6 52 34 F0 FF FB 9D F1 C6 9A 99 FB C6 5A .|.R4... .......Z [170] 4B 2A 84 DD 22 01 4B 44 06 06 00 01 00 00 00 77 K*..".KD .......w [180] 00 7A 00 FF FF 00 00 F6 B4 F7 2E 5B C9 57 20 06 .z...... ...[.W . [190] 69 88 BB 8F 69 5E F6 88 C9 E2 A9 CC 8B 2D E7 i...i^.. .....-. write_socket(11,486) write_socket(11,486) wrote 486 got smb length of 152 size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0C 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 29 AE 43 62 ED 60 DC . ...... .).Cb.`. [020] 87 BD F4 BD 22 8A ED 97 87 1E A0 C7 F0 7C 50 4B ...."... .....|PK [030] 93 9C 3A 13 E0 5E 56 83 03 44 06 00 00 01 00 00 ..:..^V. .D...... [040] 00 77 00 7A 00 FF FF 00 00 D5 39 EC 37 85 2C 51 .w.z.... ..9.7.,Q [050] 59 E3 53 E1 12 76 5C 0E AB 7C 49 4A FF AF AF CF Y.S..v\. .|IJ.... [060] 29 ) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0C 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 29 AE 43 62 ED 60 DC . ...... .).Cb.`. [020] 87 BD F4 BD 22 8A ED 97 87 1E A0 C7 F0 7C 50 4B ...."... .....|PK [030] 93 9C 3A 13 E0 5E 56 83 03 44 06 00 00 01 00 00 ..:..^V. .D...... [040] 00 77 00 7A 00 FF FF 00 00 D5 39 EC 37 85 2C 51 .w.z.... ..9.7.,Q [050] 59 E3 53 E1 12 76 5C 0E AB 7C 49 4A FF AF AF CF Y.S..v\. .|IJ.... [060] 29 ) rpc_check_hdr: rdata->data_size = 96 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0020 000c call_id : 0000000c 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 96 rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign 0008 sig : 77 00 7a 00 ff ff 00 00 0010 seq_num: d5 39 ec 37 85 2c 51 59 0018 packet_digest: e3 53 e1 12 76 5c 0e ab 0020 confounder: 7c 49 4a ff af af cf 29 SCHANNEL: netsec_encode seq_num=5 data_len=32 SCHANNEL: netsec_decode seq_num=5 data_len=32 rpc_api_pipe: fragment first and last both set 000018 net_io_r_sam_logon 0018 buffer_creds: 00000001 00001c smb_io_cred 00001c smb_io_chal 001c data: d5 57 ca fa 4e 69 1c aa 000024 smb_io_utime 0024 time: 00000000 0028 switch_value: 0003 00002c net_io_user_info3 002c ptr_user_info : 00000000 0030 auth_resp : 00000001 0034 status : NT_STATUS_WRONG_PASSWORD Plain-text authentication for user CROPRAHA\uzivatel2 returned NT_STATUS_WRONG_PASSWORD (PAM: 7) Storing response for pid 15702, len 1300 Retrieving response for pid 15702 process_request: request fn INFO [ 0]: request misc info process_request: request fn AUTH_CRAP [ 0]: pam auth crap domain: [CROPRAHA] user: uzivatel2 is_myname("CROPRAHA") returns 0 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 13 process_request: request fn AUTH_CRAP [15700]: pam auth crap domain: CROPRAHA user: uzivatel2 is_myname("CROPRAHA") returns 0 cred_create sess_key : 8FE37BD120A40267 stor_cred: D55CA79DCE1D7DFA timestamp: 4327ecdd timecred : B249CFE0CE1D7DFA calc_cred: 08D654B3447974BA init_id_info2: 1178 make_logon_id: 1586 init_sam_info: 1272 make_clnt_info: 1501 init_clnt_srv: 1346 000000 net_io_q_sam_logon 000000 smb_io_sam_info 000000 smb_io_clnt_info2 000000 smb_io_clnt_srv 0000 undoc_buffer : 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 0020 undoc_buffer2: 00000001 000024 smb_io_unistr2 unistr2 0024 uni_max_len: 00000008 0028 offset : 00000000 002c uni_str_len: 00000008 0030 buffer : M.S.F.S.3.7.0... 0040 ptr_cred: 00000001 000044 smb_io_cred 000044 smb_io_chal 0044 data: 08 d6 54 b3 44 79 74 ba 00004c smb_io_utime 004c time: 4327ecdd 0050 ptr_rtn_cred : 00000001 000054 smb_io_cred 000054 smb_io_chal 0054 data: 00 00 00 00 00 00 00 00 00005c smb_io_utime 005c time: 00000000 0060 logon_level : 0002 000062 smb_io_sam_info logon_info 0062 switch_value : 0002 000064 net_io_id_info2 0064 ptr_id_info2: 00000001 000068 smb_io_unihdr unihdr 0068 uni_str_len: 0010 006a uni_max_len: 0010 006c buffer : 00000001 0070 param_ctrl: 00000000 000074 smb_io_logon_id 0074 low : 0000dead 0078 high: 0000beef 00007c smb_io_unihdr unihdr 007c uni_str_len: 0012 007e uni_max_len: 0012 0080 buffer : 00000001 000084 smb_io_unihdr unihdr 0084 uni_str_len: 0012 0086 uni_max_len: 0012 0088 buffer : 00000001 008c lm_chal: 78 0f 04 e2 01 e6 69 04 000094 smb_io_strhdr hdr_nt_chal_resp 0094 str_str_len: 0018 0096 str_max_len: 0018 0098 buffer : 00000001 00009c smb_io_strhdr hdr_lm_chal_resp 009c str_str_len: 0018 009e str_max_len: 0018 00a0 buffer : 00000001 0000a4 smb_io_unistr2 uni_domain_name 00a4 uni_max_len: 00000008 00a8 offset : 00000000 00ac uni_str_len: 00000008 00b0 buffer : C.R.O.P.R.A.H.A. 0000c0 smb_io_unistr2 uni_user_name 00c0 uni_max_len: 00000009 00c4 offset : 00000000 00c8 uni_str_len: 00000009 00cc buffer : u.z.i.v.a.t.e.l.2. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000009 00e4 offset : 00000000 00e8 uni_str_len: 00000009 00ec buffer : \.\.M.S.F.S.3.7.0. 0000fe smb_io_string2 nt_chal_resp 0100 str_max_len: 00000018 0104 offset : 00000000 0108 str_str_len: 00000018 010c buffer : 2X'..............k.@.... 000124 smb_io_string2 lm_chal_resp 0124 str_max_len: 00000018 0128 offset : 00000000 012c str_str_len: 00000018 0130 buffer : ....q.(..Q.....C...59.w. 0148 validation_level: 0003 000150 smb_io_rpc_hdr_auth hdr_auth 0150 auth_type : 44 0151 auth_level : 06 0152 auth_pad_len : 06 0153 auth_reserved: 00 0154 auth_context_id: 00000001 SCHANNEL seq_num=6 SCHANNEL: netsec_encode seq_num=6 data_len=336 000158 smb_io_rpc_auth_netsec_chk 0158 sig : 77 00 7a 00 ff ff 00 00 0160 seq_num: 34 e8 0e 31 a7 af d8 8b 0168 packet_digest: 5c 91 82 53 42 b7 8a 5b 0170 confounder: 30 7a 78 0f 5a bf b9 e5 create_rpc_request: opnum: 0x2 data_len: 0x190 create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0190 000a auth_len : 0020 000c call_id : 0000000d 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000158 0014 context_id: 0000 0016 opnum : 0002 rpc_api_pipe: fnum:73e4 size=482 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=21 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 400 (0x190) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=415 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 01 20 00 0D 00 00 00 58 ........ . .....X [020] 01 00 00 00 00 02 00 BE 25 6E B1 BE D6 E2 44 E5 ........ %n....D. [030] 2E E7 3F 0B B2 44 01 A7 66 EF E2 9C 17 62 FF 66 ..?..D.. f....b.f [040] 39 D5 11 B8 21 76 FD 2A 89 9A 27 4B 90 E5 99 3F 9...!v.* ..'K...? [050] BB AF B6 F9 53 60 B4 32 40 F8 C4 DE 04 E1 79 79 ....S`.2 @.....yy [060] 44 30 85 1E F1 0D 04 9F 22 55 A0 7F CA B8 6F 98 D0...... "U....o. [070] 21 FD CA CB 7F 19 1E 4B 03 78 A3 A9 E4 53 B5 5D !......K .x...S.] [080] E5 3F 76 FB 5D 99 17 19 85 19 64 6D 72 66 6E 67 .?v.]... ..dmrfng [090] 3D B5 EF F9 E8 09 17 32 C6 6D E3 0D 4E 05 31 54 =......2 .m..N.1T [0A0] 44 8B 94 AF 20 26 FC AC AF 32 09 33 55 68 3D 3C D... &.. .2.3Uh=< [0B0] 09 28 B6 14 1F 54 E1 8B 6E 19 D9 C2 70 FF 6A FA .(...T.. n...p.j. [0C0] DA 1E C3 97 6A 9A 3A E3 3A 9E 1B 01 77 74 10 5C ....j.:. :...wt.\ [0D0] 37 32 FF AC AB 3F 40 2B 8B E0 9C 4B 95 C3 AB 42 72...?@+ ...K...B [0E0] 7E 45 06 AA 50 09 E4 D5 13 08 01 01 25 E1 A0 87 ~E..P... ....%... [0F0] B4 EA AA 7D 0C BA 96 0E 11 2C 07 AA 13 E5 ED 56 ...}.... .,.....V [100] F9 56 46 01 70 98 E8 02 9F 3C 5B BF D2 9F 7B 1E .VF.p... .<[...{. [110] A5 45 06 FC 06 AA EF 33 8B B1 1C 69 05 BC 9D A3 .E.....3 ...i.... [120] F4 6E 47 8F FE 36 9D 91 D5 38 EE E0 4B FE 8F CF .nG..6.. .8..K... [130] ED 8A B5 2B 17 B0 30 54 09 22 95 25 58 1C DA 4D ...+..0T .".%X..M [140] 8E 4B BC CC 56 DA 2A 5A 0F 2C 3F 07 26 7A 2E B4 .K..V.*Z .,?.&z.. [150] 99 53 7B C6 9E 1D F0 AE B9 C8 DB 32 65 00 94 E3 .S{..... ...2e... [160] 7E B2 BD B8 D4 0E F0 0F 0F 55 6B FE 49 62 72 77 ~....... .Uk.Ibrw [170] 04 E9 7C E6 4D B5 FD 44 06 06 00 01 00 00 00 77 ..|.M..D .......w [180] 00 7A 00 FF FF 00 00 34 E8 0E 31 A7 AF D8 8B 5C .z.....4 ..1....\ [190] 91 82 53 42 B7 8A 5B 30 7A 78 0F 5A BF B9 E5 ..SB..[0 zx.Z... write_socket(11,486) write_socket(11,486) wrote 486 got smb length of 152 size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0D 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 A8 B0 B8 03 DE 9C ED . ...... ........ [020] 65 21 59 FC 43 42 4E E0 63 5A FC 20 8E BA 7A 8E e!Y.CBN. cZ. ..z. [030] AD 11 86 CF 3C FD 80 7B BF 44 06 00 00 01 00 00 ....<..{ .D...... [040] 00 77 00 7A 00 FF FF 00 00 0E D3 46 B5 B1 95 D5 .w.z.... ...F.... [050] 88 3C 93 0C 80 FC 64 79 EC 5B 9C 05 6A 4C 46 77 .<....dy .[..jLFw [060] E8 . size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0D 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 A8 B0 B8 03 DE 9C ED . ...... ........ [020] 65 21 59 FC 43 42 4E E0 63 5A FC 20 8E BA 7A 8E e!Y.CBN. cZ. ..z. [030] AD 11 86 CF 3C FD 80 7B BF 44 06 00 00 01 00 00 ....<..{ .D...... [040] 00 77 00 7A 00 FF FF 00 00 0E D3 46 B5 B1 95 D5 .w.z.... ...F.... [050] 88 3C 93 0C 80 FC 64 79 EC 5B 9C 05 6A 4C 46 77 .<....dy .[..jLFw [060] E8 . rpc_check_hdr: rdata->data_size = 96 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0020 000c call_id : 0000000d 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 96 rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign 0008 sig : 77 00 7a 00 ff ff 00 00 0010 seq_num: 0e d3 46 b5 b1 95 d5 88 0018 packet_digest: 3c 93 0c 80 fc 64 79 ec 0020 confounder: 5b 9c 05 6a 4c 46 77 e8 SCHANNEL: netsec_encode seq_num=7 data_len=32 SCHANNEL: netsec_decode seq_num=7 data_len=32 rpc_api_pipe: fragment first and last both set 000018 net_io_r_sam_logon 0018 buffer_creds: 00000000 00001c smb_io_cred 00001c smb_io_chal 001c data: 00 00 00 00 00 00 00 00 000024 smb_io_utime 0024 time: 00000000 0028 switch_value: 0003 00002c net_io_user_info3 002c ptr_user_info : 00000000 0030 auth_resp : 00000001 0034 status : NT_STATUS_INVALID_HANDLE NTLM CRAP authentication for user [CROPRAHA]\[uzivatel2] returned NT_STATUS_INVALID_HANDLE (PAM: 4) Storing response for pid 15702, len 1300 Retrieving response for pid 15702 accepted socket 15 process_request: request fn INTERFACE_VERSION [ 0]: request interface version process_request: request fn WINBINDD_PRIV_PIPE_DIR [ 0]: request location of privileged pipe accepted socket 16 process_request: request fn PAM_AUTH [ 0]: pam auth CROPRAHA\uzivatel2 is_myname("CROPRAHA") returns 0 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 12 process_request: request fn PAM_AUTH [15700]: pam auth CROPRAHA\uzivatel2 is_myname("CROPRAHA") returns 0 cred_create sess_key : 8FE37BD120A40267 stor_cred: D55CA79DCE1D7DFA timestamp: 4327ece0 timecred : B549CFE0CE1D7DFA calc_cred: F908AF9748E465F5 init_id_info2: 1178 make_logon_id: 1586 init_sam_info: 1272 make_clnt_info: 1501 init_clnt_srv: 1346 000000 net_io_q_sam_logon 000000 smb_io_sam_info 000000 smb_io_clnt_info2 000000 smb_io_clnt_srv 0000 undoc_buffer : 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 0020 undoc_buffer2: 00000001 000024 smb_io_unistr2 unistr2 0024 uni_max_len: 00000008 0028 offset : 00000000 002c uni_str_len: 00000008 0030 buffer : M.S.F.S.3.7.0... 0040 ptr_cred: 00000001 000044 smb_io_cred 000044 smb_io_chal 0044 data: f9 08 af 97 48 e4 65 f5 00004c smb_io_utime 004c time: 4327ece0 0050 ptr_rtn_cred : 00000001 000054 smb_io_cred 000054 smb_io_chal 0054 data: 00 00 00 00 00 00 00 00 00005c smb_io_utime 005c time: 00000000 0060 logon_level : 0002 000062 smb_io_sam_info logon_info 0062 switch_value : 0002 000064 net_io_id_info2 0064 ptr_id_info2: 00000001 000068 smb_io_unihdr unihdr 0068 uni_str_len: 0010 006a uni_max_len: 0010 006c buffer : 00000001 0070 param_ctrl: 00000000 000074 smb_io_logon_id 0074 low : 0000dead 0078 high: 0000beef 00007c smb_io_unihdr unihdr 007c uni_str_len: 0012 007e uni_max_len: 0012 0080 buffer : 00000001 000084 smb_io_unihdr unihdr 0084 uni_str_len: 0012 0086 uni_max_len: 0012 0088 buffer : 00000001 008c lm_chal: 5f d2 d2 c1 5e e1 48 c8 000094 smb_io_strhdr hdr_nt_chal_resp 0094 str_str_len: 0018 0096 str_max_len: 0018 0098 buffer : 00000001 00009c smb_io_strhdr hdr_lm_chal_resp 009c str_str_len: 0018 009e str_max_len: 0018 00a0 buffer : 00000001 0000a4 smb_io_unistr2 uni_domain_name 00a4 uni_max_len: 00000008 00a8 offset : 00000000 00ac uni_str_len: 00000008 00b0 buffer : C.R.O.P.R.A.H.A. 0000c0 smb_io_unistr2 uni_user_name 00c0 uni_max_len: 00000009 00c4 offset : 00000000 00c8 uni_str_len: 00000009 00cc buffer : u.z.i.v.a.t.e.l.2. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000009 00e4 offset : 00000000 00e8 uni_str_len: 00000009 00ec buffer : \.\.M.S.F.S.3.7.0. 0000fe smb_io_string2 nt_chal_resp 0100 str_max_len: 00000018 0104 offset : 00000000 0108 str_str_len: 00000018 010c buffer : ....#7.K...g....HZ+..:N. 000124 smb_io_string2 lm_chal_resp 0124 str_max_len: 00000018 0128 offset : 00000000 012c str_str_len: 00000018 0130 buffer : .N..../9W(#M^..Q..n{pQ., 0148 validation_level: 0003 000150 smb_io_rpc_hdr_auth hdr_auth 0150 auth_type : 44 0151 auth_level : 06 0152 auth_pad_len : 06 0153 auth_reserved: 00 0154 auth_context_id: 00000001 SCHANNEL seq_num=8 SCHANNEL: netsec_encode seq_num=8 data_len=336 000158 smb_io_rpc_auth_netsec_chk 0158 sig : 77 00 7a 00 ff ff 00 00 0160 seq_num: 85 f3 5a ed fc c9 8e 14 0168 packet_digest: c7 a4 5e b2 aa 3e 1e 86 0170 confounder: 83 ce 2d cb 22 2f 49 ae create_rpc_request: opnum: 0x2 data_len: 0x190 create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0190 000a auth_len : 0020 000c call_id : 0000000e 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000158 0014 context_id: 0000 0016 opnum : 0002 rpc_api_pipe: fnum:73e4 size=482 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 400 (0x190) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=415 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 01 20 00 0E 00 00 00 58 ........ . .....X [020] 01 00 00 00 00 02 00 40 A2 AF 33 35 F0 54 AA 1E .......@ ..35.T.. [030] 92 53 5F A6 9B 3A 36 BF C4 50 35 67 9A 87 04 DC .S_..:6. .P5g.... [040] 6E 39 E3 95 DD 68 DE 47 EF 22 A6 F0 42 31 3C DC n9...h.G ."..B1<. [050] 8C B6 AD A4 64 2A AE 86 9C B4 78 F3 9D 25 75 31 ....d*.. ..x..%u1 [060] 14 46 EF 3D EB 80 93 01 D6 98 63 AF 34 64 BE 9A .F.=.... ..c.4d.. [070] BE 26 A0 64 71 C5 13 2C DC ED 34 AB 46 A2 10 88 .&.dq.., ..4.F... [080] A9 1F BD 38 56 65 C7 25 49 7C F9 D1 45 78 9F 2F ...8Ve.% I|..Ex./ [090] 3D 5B BC AB 76 4D 8C DD C4 79 15 0E D4 02 61 D7 =[..vM.. .y....a. [0A0] 26 FD 42 6F 2C DA 8B E8 6D D4 55 35 E4 1D E9 48 &.Bo,... m.U5...H [0B0] E0 63 36 F1 05 42 79 ED 13 11 F7 CC DD E8 4A E6 .c6..By. ......J. [0C0] B1 94 A5 E7 66 25 96 AA DE CA F7 2C 71 CA 4C 88 ....f%.. ...,q.L. [0D0] D1 05 97 1C 67 73 43 81 B6 79 E9 72 00 4F 4C B3 ....gsC. .y.r.OL. [0E0] 3C C1 F7 32 CB DA 0C CB 3D E6 28 46 AC C0 FB B0 <..2.... =.(F.... [0F0] 9D E5 40 CC BD 99 96 DB 7C 50 5C 67 D1 0D B7 CF ..@..... |P\g.... [100] 6E 45 3F D2 D5 6F 38 FA DA C1 B0 96 C6 04 45 F5 nE?..o8. ......E. [110] 04 19 EC 47 0F C4 38 01 3B D5 DA AE B7 93 A2 69 ...G..8. ;......i [120] 46 2D 4B A4 F5 FE AD B2 C9 65 C8 32 29 62 7B 9E F-K..... .e.2)b{. [130] 36 13 71 D6 75 99 BF 04 70 F1 3F 7C 96 46 49 DF 6.q.u... p.?|.FI. [140] 45 18 20 73 59 6A BD 8E AD 5D FB 2D 41 C9 4B ED E. sYj.. .].-A.K. [150] F4 51 D4 AA 27 C8 AD 8F C8 93 14 75 86 ED 31 F5 .Q..'... ...u..1. [160] 27 3C 3D AB 20 57 AD 66 4D D3 3C 44 23 A4 36 93 '<=. W.f M.... .-."/I. write_socket(11,486) write_socket(11,486) wrote 486 got smb length of 152 size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0E 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 9F 6D 5D BE DD 8B CA . ...... ..m].... [020] AC AD 1A E6 F3 37 97 0E 34 64 3C 2C ED 14 65 D4 .....7.. 4d<,..e. [030] 42 AD 20 14 8E AE 58 14 12 44 06 00 00 01 00 00 B. ...X. .D...... [040] 00 77 00 7A 00 FF FF 00 00 66 A0 4A 7A 16 6C 2D .w.z.... .f.Jz.l- [050] DE 83 A4 59 61 DC 7C 1D 41 6A 59 68 70 24 87 9D ...Ya.|. AjYhp$.. [060] D9 . size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0E 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 9F 6D 5D BE DD 8B CA . ...... ..m].... [020] AC AD 1A E6 F3 37 97 0E 34 64 3C 2C ED 14 65 D4 .....7.. 4d<,..e. [030] 42 AD 20 14 8E AE 58 14 12 44 06 00 00 01 00 00 B. ...X. .D...... [040] 00 77 00 7A 00 FF FF 00 00 66 A0 4A 7A 16 6C 2D .w.z.... .f.Jz.l- [050] DE 83 A4 59 61 DC 7C 1D 41 6A 59 68 70 24 87 9D ...Ya.|. AjYhp$.. [060] D9 . rpc_check_hdr: rdata->data_size = 96 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0020 000c call_id : 0000000e 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 96 rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign 0008 sig : 77 00 7a 00 ff ff 00 00 0010 seq_num: 66 a0 4a 7a 16 6c 2d de 0018 packet_digest: 83 a4 59 61 dc 7c 1d 41 0020 confounder: 6a 59 68 70 24 87 9d d9 SCHANNEL: netsec_encode seq_num=9 data_len=32 SCHANNEL: netsec_decode seq_num=9 data_len=32 rpc_api_pipe: fragment first and last both set 000018 net_io_r_sam_logon 0018 buffer_creds: 00000000 00001c smb_io_cred 00001c smb_io_chal 001c data: 00 00 00 00 00 00 00 00 000024 smb_io_utime 0024 time: 00000000 0028 switch_value: 0003 00002c net_io_user_info3 002c ptr_user_info : 00000000 0030 auth_resp : 00000001 0034 status : NT_STATUS_INVALID_HANDLE Plain-text authentication for user CROPRAHA\uzivatel2 returned NT_STATUS_INVALID_HANDLE (PAM: 4) Storing response for pid 15702, len 1300 Retrieving response for pid 15702 process_request: request fn INFO [ 0]: request misc info process_request: request fn AUTH_CRAP [ 0]: pam auth crap domain: [CROPRAHA] user: uzivatel2 is_myname("CROPRAHA") returns 0 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 13 process_request: request fn AUTH_CRAP [15700]: pam auth crap domain: CROPRAHA user: uzivatel2 is_myname("CROPRAHA") returns 0 cred_create sess_key : 8FE37BD120A40267 stor_cred: D55CA79DCE1D7DFA timestamp: 4327ece0 timecred : B549CFE0CE1D7DFA calc_cred: F908AF9748E465F5 init_id_info2: 1178 make_logon_id: 1586 init_sam_info: 1272 make_clnt_info: 1501 init_clnt_srv: 1346 000000 net_io_q_sam_logon 000000 smb_io_sam_info 000000 smb_io_clnt_info2 000000 smb_io_clnt_srv 0000 undoc_buffer : 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000008 0008 offset : 00000000 000c uni_str_len: 00000008 0010 buffer : \.\.M.S.D.S.1... 0020 undoc_buffer2: 00000001 000024 smb_io_unistr2 unistr2 0024 uni_max_len: 00000008 0028 offset : 00000000 002c uni_str_len: 00000008 0030 buffer : M.S.F.S.3.7.0... 0040 ptr_cred: 00000001 000044 smb_io_cred 000044 smb_io_chal 0044 data: f9 08 af 97 48 e4 65 f5 00004c smb_io_utime 004c time: 4327ece0 0050 ptr_rtn_cred : 00000001 000054 smb_io_cred 000054 smb_io_chal 0054 data: 00 00 00 00 00 00 00 00 00005c smb_io_utime 005c time: 00000000 0060 logon_level : 0002 000062 smb_io_sam_info logon_info 0062 switch_value : 0002 000064 net_io_id_info2 0064 ptr_id_info2: 00000001 000068 smb_io_unihdr unihdr 0068 uni_str_len: 0010 006a uni_max_len: 0010 006c buffer : 00000001 0070 param_ctrl: 00000000 000074 smb_io_logon_id 0074 low : 0000dead 0078 high: 0000beef 00007c smb_io_unihdr unihdr 007c uni_str_len: 0012 007e uni_max_len: 0012 0080 buffer : 00000001 000084 smb_io_unihdr unihdr 0084 uni_str_len: 0012 0086 uni_max_len: 0012 0088 buffer : 00000001 008c lm_chal: 81 f2 17 98 b1 b4 fd 3e 000094 smb_io_strhdr hdr_nt_chal_resp 0094 str_str_len: 0018 0096 str_max_len: 0018 0098 buffer : 00000001 00009c smb_io_strhdr hdr_lm_chal_resp 009c str_str_len: 0018 009e str_max_len: 0018 00a0 buffer : 00000001 0000a4 smb_io_unistr2 uni_domain_name 00a4 uni_max_len: 00000008 00a8 offset : 00000000 00ac uni_str_len: 00000008 00b0 buffer : C.R.O.P.R.A.H.A. 0000c0 smb_io_unistr2 uni_user_name 00c0 uni_max_len: 00000009 00c4 offset : 00000000 00c8 uni_str_len: 00000009 00cc buffer : u.z.i.v.a.t.e.l.2. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000009 00e4 offset : 00000000 00e8 uni_str_len: 00000009 00ec buffer : \.\.M.S.F.S.3.7.0. 0000fe smb_io_string2 nt_chal_resp 0100 str_max_len: 00000018 0104 offset : 00000000 0108 str_str_len: 00000018 010c buffer : C.....J7..k.n.....Uy.._. 000124 smb_io_string2 lm_chal_resp 0124 str_max_len: 00000018 0128 offset : 00000000 012c str_str_len: 00000018 0130 buffer : .......;.GR.B..._2...... 0148 validation_level: 0003 000150 smb_io_rpc_hdr_auth hdr_auth 0150 auth_type : 44 0151 auth_level : 06 0152 auth_pad_len : 06 0153 auth_reserved: 00 0154 auth_context_id: 00000001 SCHANNEL seq_num=10 SCHANNEL: netsec_encode seq_num=10 data_len=336 000158 smb_io_rpc_auth_netsec_chk 0158 sig : 77 00 7a 00 ff ff 00 00 0160 seq_num: a0 e7 54 e6 fa 02 56 98 0168 packet_digest: db ba 29 d7 b9 5c 60 51 0170 confounder: 73 73 7f 4c 14 3f 42 d9 create_rpc_request: opnum: 0x2 data_len: 0x190 create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0190 000a auth_len : 0020 000c call_id : 0000000f 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000158 0014 context_id: 0000 0016 opnum : 0002 rpc_api_pipe: fnum:73e4 size=482 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 400 (0x190) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29668 (0x73E4) smb_bcc=415 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 90 01 20 00 0F 00 00 00 58 ........ . .....X [020] 01 00 00 00 00 02 00 1D 09 E1 27 1F 6E 3F C5 58 ........ ..'.n?.X [030] 2E 6B BB E3 14 FE F0 AB 2F 23 AF D3 04 82 8C B7 .k...... /#...... [040] 08 F6 3A 40 2D 88 88 32 F1 73 3C 2E 2E 85 8D 3A ..:@-..2 .s<....: [050] 2A 9B C1 FE 93 37 7A D9 28 36 EA 01 34 81 E1 AE *....7z. (6..4... [060] 8A A7 50 EC EF 19 8F 0F E3 EA A7 AC E4 7D 4E 39 ..P..... .....}N9 [070] 0B 23 8E 26 4C DA 41 32 CE 50 E9 2A 8B FF C0 B6 .#.&L.A2 .P.*.... [080] 1F FC 7F 94 F9 A8 0E 72 34 ED D5 36 AF FC DC 48 .......r 4..6...H [090] 2E 8A 10 23 CD 67 A7 EE EC 09 F0 9E 29 D7 8A 42 ...#.g.. ....)..B [0A0] D6 83 6B 61 37 42 55 21 F4 78 C1 24 D7 22 06 B9 ..ka7BU! .x.$.".. [0B0] 92 F7 A8 94 56 EA 0A 8B 29 9E 84 2E 91 BA 90 98 ....V... )....... [0C0] 16 F1 FB E7 ED B4 1E 5D B5 57 29 16 B3 02 B8 C3 .......] .W)..... [0D0] F2 0D E0 75 EA E3 89 70 7C DE 05 5E 5A 11 DC 3A ...u...p |..^Z..: [0E0] A6 A5 9E FF 35 00 35 DD 8E E3 EA E4 0A 2C C2 49 ....5.5. .....,.I [0F0] 54 2D C9 3C 08 B8 07 04 CE 23 20 D0 E4 5D 5A D5 T-.<.... .# ..]Z. [100] C5 92 6E 6D 10 FF FC 1D 63 82 ED B3 C8 39 90 B3 ..nm.... c....9.. [110] EB F5 60 28 76 AC C3 47 9F 6E 39 6A C8 77 EE 07 ..`(v..G .n9j.w.. [120] 6C A0 4A F4 8C D2 78 41 58 3D 0A E9 A9 09 F4 27 l.J...xA X=.....' [130] 0E 15 4D 7C 7D 60 19 1B F8 CA 1E 6A 76 4B 51 CF ..M|}`.. ...jvKQ. [140] 45 33 81 B9 A7 4B AA D6 E2 66 54 65 9C AF 78 77 E3...K.. .fTe..xw [150] C3 55 55 4F 85 26 C8 50 16 4C 12 20 2D 5A EE CE .UUO.&.P .L. -Z.. [160] 2D 00 7E AC 83 59 85 3B 38 9B A1 25 39 BC F0 83 -.~..Y.; 8..%9... [170] CA 56 E0 A1 06 AE 6B 44 06 06 00 01 00 00 00 77 .V....kD .......w [180] 00 7A 00 FF FF 00 00 A0 E7 54 E6 FA 02 56 98 DB .z...... .T...V.. [190] BA 29 D7 B9 5C 60 51 73 73 7F 4C 14 3F 42 D9 .)..\`Qs s.L.?B. write_socket(11,486) write_socket(11,486) wrote 486 got smb length of 152 size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0F 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 D0 CD 71 62 2C E5 7C . ...... ...qb,.| [020] 87 5D 5C 04 BC 1B 2E 19 D7 65 62 2C 20 5C F7 C2 .]\..... .eb, \.. [030] 30 CF 44 FD F3 D5 18 17 C7 44 06 00 00 01 00 00 0.D..... .D...... [040] 00 77 00 7A 00 FF FF 00 00 0E F4 8D 14 6C 54 D9 .w.z.... .....lT. [050] 46 AC 24 00 FD 16 FE CC 0B D0 91 38 33 98 68 4C F.$..... ...83.hL [060] 92 . size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=15702 smb_uid=100 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0F 00 00 ........ .`. .... [010] 00 20 00 00 00 00 00 00 00 D0 CD 71 62 2C E5 7C . ...... ...qb,.| [020] 87 5D 5C 04 BC 1B 2E 19 D7 65 62 2C 20 5C F7 C2 .]\..... .eb, \.. [030] 30 CF 44 FD F3 D5 18 17 C7 44 06 00 00 01 00 00 0.D..... .D...... [040] 00 77 00 7A 00 FF FF 00 00 0E F4 8D 14 6C 54 D9 .w.z.... .....lT. [050] 46 AC 24 00 FD 16 FE CC 0B D0 91 38 33 98 68 4C F.$..... ...83.hL [060] 92 . rpc_check_hdr: rdata->data_size = 96 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0020 000c call_id : 0000000f 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 96 rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign 0008 sig : 77 00 7a 00 ff ff 00 00 0010 seq_num: 0e f4 8d 14 6c 54 d9 46 0018 packet_digest: ac 24 00 fd 16 fe cc 0b 0020 confounder: d0 91 38 33 98 68 4c 92 SCHANNEL: netsec_encode seq_num=11 data_len=32 SCHANNEL: netsec_decode seq_num=11 data_len=32 rpc_api_pipe: fragment first and last both set 000018 net_io_r_sam_logon 0018 buffer_creds: 00000000 00001c smb_io_cred 00001c smb_io_chal 001c data: 00 00 00 00 00 00 00 00 000024 smb_io_utime 0024 time: 00000000 0028 switch_value: 0003 00002c net_io_user_info3 002c ptr_user_info : 00000000 0030 auth_resp : 00000001 0034 status : NT_STATUS_INVALID_HANDLE NTLM CRAP authentication for user [CROPRAHA]\[uzivatel2] returned NT_STATUS_INVALID_HANDLE (PAM: 4) Storing response for pid 15702, len 1300 Retrieving response for pid 15702