The Samba-Bugzilla – Attachment 1444 Details for
Bug 3095
winbindd gives NT_STATUS_INVALID_HANDLE after unsuccessfull auth
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
winbind debug
winbind (text/plain), 154.14 KB, created by
Radek Bohunsky
on 2005-09-14 04:33:05 UTC
(
hide
)
Description:
winbind debug
Filename:
MIME Type:
Creator:
Radek Bohunsky
Created:
2005-09-14 04:33:05 UTC
Size:
154.14 KB
patch
obsolete
>winbindd version 3.0.20-0.1.CRO started. >Copyright The Samba Team 2000-2004 >lp_load: refreshing parameters >Initialising global parameters >params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >Processing section "[global]" >doing parameter name resolve order = wins bcast hosts >doing parameter idmap gid = 16777216-33554431 >doing parameter show add printer wizard = No >doing parameter time server = No >doing parameter wins proxy = No >doing parameter netbios name = MSFS370 >handle_netbios_name: set global_myname to: MSFS370 >doing parameter cups options = raw >doing parameter idmap uid = 16777216-33554431 >doing parameter dos charset = 852 >Attempting to register new charset UCS-2LE >Registered charset UCS-2LE >Attempting to register new charset UTF-16LE >Registered charset UTF-16LE >Attempting to register new charset UCS-2BE >Registered charset UCS-2BE >Attempting to register new charset UTF-16BE >Registered charset UTF-16BE >Attempting to register new charset UTF8 >Registered charset UTF8 >Attempting to register new charset UTF-8 >Registered charset UTF-8 >Attempting to register new charset ASCII >Registered charset ASCII >Attempting to register new charset 646 >Registered charset 646 >Attempting to register new charset ISO-8859-1 >Registered charset ISO-8859-1 >Attempting to register new charset UCS2-HEX >Registered charset UCS2-HEX >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >doing parameter unix charset = ISO8859-2 >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >doing parameter workgroup = CROPRAHA >doing parameter server signing = No >doing parameter printcap name = /etc/printcap >doing parameter security = domain >doing parameter max log size = 50000 >doing parameter log level = 1 >doing parameter log file = /var/log/samba/%m.log >doing parameter load printers = yes >doing parameter csc policy = disable >doing parameter smb ports = 139 445 >doing parameter map acl inherit = Yes >doing parameter map hidden = Yes >doing parameter wins server = 192.168.10.51 >doing parameter username map = /etc/samba/smbusers >doing parameter interfaces = eth1 >doing parameter domain master = no >doing parameter winbind use default domain = yes >doing parameter template shell = /bin/false >doing parameter wins support = no >doing parameter server string = Samba Server >doing parameter syslog = 0 >doing parameter preferred master = no >doing parameter bind interfaces only = Yes >doing parameter domain logons = no >doing parameter guest account = nobody >doing parameter map to guest = Bad User >doing parameter name cache timeout = 0 >Processing section "[printers]" >add_a_service: Creating snum = 0 for printers >doing parameter comment = All Printers >doing parameter path = /var/spool/samba >doing parameter browseable = no >doing parameter guest ok = no >doing parameter writable = no >doing parameter printable = yes >Processing section "[elev]" >add_a_service: Creating snum = 1 for elev >doing parameter comment = Elevove >doing parameter path = /shares/elev >doing parameter writable = yes >doing parameter force create mode = 644 >doing parameter create mask = 644 >doing parameter guest ok = yes >doing parameter public = yes >doing parameter inherit owner = yes >pm_process() returned Yes >lp_servicenumber: couldn't find homes >add_a_service: Creating snum = 2 for IPC$ >adding IPC service >add_a_service: Creating snum = 3 for ADMIN$ >adding IPC service >set_server_role: role = ROLE_DOMAIN_MEMBER >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >Substituting charset 'ISO-8859-2' for LOCALE >added interface ip=192.168.10.57 bcast=192.168.10.255 nmask=255.255.255.0 >Netbios name list:- >my_netbios_names[0]="MSFS370" >added interface ip=192.168.10.57 bcast=192.168.10.255 nmask=255.255.255.0 >namecache_enable: disabling netbios name cache >smb_register_idmap: Successfully added idmap backend 'ldap' >smb_register_idmap: Successfully added idmap backend 'tdb' >db_idmap_init: Opening tdbfile /var/cache/samba/winbindd_idmap.tdb >fcntl_lock 6 13 0 1 1 >fcntl_lock: Lock call successful >Registered MSG_REQ_POOL_USAGE >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >Added domain CROPRAHA S-1-5-21-949343575-3825593073-2552048267 >Added domain BUILTIN S-1-5-32 >Added domain MSFS370 S-1-5-21-3946360834-781011617-747996661 >open_winbindd_socket: opened socket fd 9 >open_winbindd_priv_socket: opened socket fd 11 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 40 >process_request: request fn INIT_CONNECTION >Connection to for domain CROPRAHA has NULL cli! >Using cleartext machine password >get_sorted_dc_list: attempting lookup using [wins bcast hosts] >internal_resolve_name: looking up CROPRAHA#1c >Opening cache file at /var/cache/samba/gencache.tdb >Returning expired cache entry: key = NBT/CROPRAHA#1C, value = 192.168.10.51:0, timeout = Wed Sep 14 11:13:55 2005 > >no entry for CROPRAHA#1C found. >Deleting cache entry (key = NBT/CROPRAHA#1C) >resolve_wins: Attempting wins lookup for name CROPRAHA<0x1c> >Cache entry with key = WINS_SRV_DEAD/192.168.10.51,0.0.0.0 couldn't be found >wins_srv_is_dead: 192.168.10.51 is alive >Current wins server for tag '*' with source 0.0.0.0 is 192.168.10.51 >Cache entry with key = WINS_SRV_DEAD/192.168.10.51,0.0.0.0 couldn't be found >wins_srv_is_dead: 192.168.10.51 is alive >resolve_wins: using WINS server 192.168.10.51 and tag '*' >bind succeeded on port 0 >Sending a packet of len 50 to (192.168.10.51) on port 137 >read_udp_socket: lastip 192.168.10.51 lastport 137 read: 62 >parse_nmb: packet id = 25141 >Received a packet of len 62 from (192.168.10.51) port 137 >nmb packet from 192.168.10.51(137) header: id=25141 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=CROPRAHA<1c> rr_type=32 rr_class=1 ttl=258260 > answers 0 char .....3 hex E000C0A80A33 >Got a positive name query response from 192.168.10.51 ( 192.168.10.51 ) >remove_duplicate_addrs2: looking for duplicate address/port pairs >namecache_store: storing 1 address for CROPRAHA#1c: 192.168.10.51:0 >Adding cache entry with key = NBT/CROPRAHA#1C; value = 192.168.10.51:0 and timeout = Wed Sep 14 11:26:39 2005 > (0 seconds in the past) >internal_resolve_name: returning 1 addresses: 192.168.10.51:0 >Adding 1 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an unordered list >get_dc_list: 192.168.10.51:0 >fcntl_lock 12 13 0 1 0 >fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) >fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) >send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from MSFS370<00> to CROPRAHA<1c> IP 192.168.10.51 >Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 >Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 >Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 >Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 >Did not receive packet for \MAILSLOT\NET\GETDC330AA8C0 >name_status_find: looking up CROPRAHA#1c at 192.168.10.51 >Cache entry with key = NBT/CROPRAHA#1C.20.192.168.10.51 couldn't be found >namecache_status_fetch: no entry for NBT/CROPRAHA#1C.20.192.168.10.51 found. >Deleting cache entry (key = NBT/CROPRAHA#1C.20.192.168.10.51) >bind succeeded on port 0 >Sending a packet of len 50 to (192.168.10.51) on port 137 >read_udp_socket: lastip 192.168.10.51 lastport 137 read: 265 >parse_nmb: packet id = 7225 >Received a packet of len 265 from (192.168.10.51) port 137 >nmb packet from 192.168.10.51(137) header: id=7225 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=CROPRAHA<1c> rr_type=33 rr_class=1 ttl=0 > answers 0 char .MSDS1 hex 094D5344533120202020202020202020 > answers 10 char .d.MSDS1 hex 0064004D534453312020202020202020 > answers 20 char .d.MSDS1 hex 20200364004D53445331202020202020 > answers 30 char d...__MSBRO hex 2020202020640001025F5F4D5342524F > answers 40 char WSE__....CROPRAH hex 5753455F5F0201E40043524F50524148 > answers 50 char A ...CROPR hex 412020202020202000E40043524F5052 > answers 60 char AHA .d.CRO hex 414841202020202020201B640043524F > answers 70 char PRAHA ...C hex 5052414841202020202020201CE40043 > answers 80 char ROPRAHA .d hex 524F5052414841202020202020201D64 > answers 90 char .CROPRAHA hex 0043524F505241484120202020202020 > answers a0 char ................ hex 1EE40000000000000000000000000000 > answers b0 char ................ hex 00000000000000000000000000000000 > answers c0 char ................ hex 00000000000000000000000000000000 > answers d0 char . hex 00 >MSDS1#00: flags = 0x64 >MSDS1#03: flags = 0x64 >MSDS1#20: flags = 0x64 >__MSBROWSE__#01: flags = 0xe4 >CROPRAHA#00: flags = 0xe4 >CROPRAHA#1b: flags = 0x64 >CROPRAHA#1c: flags = 0xe4 >CROPRAHA#1d: flags = 0x64 >CROPRAHA#1e: flags = 0xe4 >name_status_find: name found, name MSDS1 ip address is 192.168.10.51 >cm_get_ipc_userpass: No auth-user defined >secrets_named_mutex: got mutex for MSDS1 >write_socket(11,183) >write_socket(11,183) wrote 183 >got smb length of 127 >size=127 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=15702 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 7 (0x7) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]=33024 (0x8100) >smb_vwv[ 8]= 24 (0x18) >smb_vwv[ 9]=64512 (0xFC00) >smb_vwv[10]=32995 (0x80E3) >smb_vwv[11]= 128 (0x80) >smb_vwv[12]= 7792 (0x1E70) >smb_vwv[13]= 3470 (0xD8E) >smb_vwv[14]=50617 (0xC5B9) >smb_vwv[15]=34817 (0x8801) >smb_vwv[16]=15103 (0x3AFF) >smb_bcc=58 >[000] 6D 73 64 73 31 00 00 00 00 00 00 00 00 00 00 00 msds1... ........ >[010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... >[020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... >[030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >size=127 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=15702 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 7 (0x7) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]=33024 (0x8100) >smb_vwv[ 8]= 24 (0x18) >smb_vwv[ 9]=64512 (0xFC00) >smb_vwv[10]=32995 (0x80E3) >smb_vwv[11]= 128 (0x80) >smb_vwv[12]= 7792 (0x1E70) >smb_vwv[13]= 3470 (0xD8E) >smb_vwv[14]=50617 (0xC5B9) >smb_vwv[15]=34817 (0x8801) >smb_vwv[16]=15103 (0x3AFF) >smb_bcc=58 >[000] 6D 73 64 73 31 00 00 00 00 00 00 00 00 00 00 00 msds1... ........ >[010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... >[020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... >[030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >Serverzone is -7200 >write_socket(11,92) >write_socket(11,92) wrote 92 >got smb length of 112 >size=112 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=15702 >smb_uid=100 >smb_mid=2 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=71 >[000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m >[010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 31 .b.a. .3 ...0...1 >[020] 00 34 00 61 00 2D 00 30 00 2E 00 31 00 43 00 52 .4.a.-.0 ...1.C.R >[030] 00 4F 00 00 00 43 00 52 00 4F 00 50 00 52 00 41 .O...C.R .O.P.R.A >[040] 00 48 00 41 00 00 00 .H.A... >size=112 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=15702 >smb_uid=100 >smb_mid=2 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=71 >[000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m >[010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 31 .b.a. .3 ...0...1 >[020] 00 34 00 61 00 2D 00 30 00 2E 00 31 00 43 00 52 .4.a.-.0 ...1.C.R >[030] 00 4F 00 00 00 43 00 52 00 4F 00 50 00 52 00 41 .O...C.R .O.P.R.A >[040] 00 48 00 41 00 00 00 .H.A... >Connected anonymously >write_socket(11,78) >write_socket(11,78) wrote 78 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 13 (0xD) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >secrets_named_mutex: released mutex for MSDS1 >write_socket(11,104) >write_socket(11,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=57600 (0xE100) >smb_vwv[ 3]= 371 (0x173) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >Bind RPC Pipe[73e1]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 3919286a > 0024 data : b10c > 0026 data : 11d0 > 0028 data : 9b a8 > 002a data : 00 c0 4f d9 2e f5 > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:73e1 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29665 (0x73E1) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j >[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >write_socket(11,158) >write_socket(11,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 000053f0 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >000000 ds_io_q_getprimdominfo > 0000 level: 0001 >create_rpc_request: opnum: 0x0 data_len: 0x1a >create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000000a > 0014 context_id: 0000 > 0016 opnum : 0000 >rpc_api_pipe: fnum:73e1 >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29665 (0x73E1) >smb_bcc=41 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 0A ........ ........ >[020] 00 00 00 00 00 00 00 01 00 ........ . >write_socket(11,112) >write_socket(11,112) wrote 112 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... >[010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... >[010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ >[020] 00 . >rpc_check_hdr: rdata->data_size = 32 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 23 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000002 >write_socket(11,45) >write_socket(11,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=7 >smt_wct=0 >smb_bcc=0 >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702 >Received child initialization response for domain CROPRAHA >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 17 >process_request: request fn LIST_TRUSTDOM >[15700]: list trusted domains >get_cache: Setting MS-RPC methods for domain CROPRAHA >trusted_domains: [Cached] - doing backend query for info for domain CROPRAHA >rpc: trusted_domains >write_socket(11,104) >write_socket(11,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=57856 (0xE200) >smb_vwv[ 3]= 371 (0x173) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >Bind RPC Pipe[73e2]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:73e2 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29666 (0x73E2) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >write_socket(11,158) >write_socket(11,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000003 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 000053f0 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >init_lsa_sec_qos >init_open_pol: attr:0 da:33554432 >init_lsa_obj_attr >000000 lsa_io_q_open_pol > 0000 ptr : 00000001 > 0004 system_name: 005c > 000008 lsa_io_obj_attr > 0008 len : 00000018 > 000c ptr_root_dir: 00000000 > 0010 ptr_obj_name: 00000000 > 0014 attributes : 00000000 > 0018 ptr_sec_desc: 00000000 > 001c ptr_sec_qos : 00000001 > 000020 lsa_io_obj_qos sec_qos > 0020 len : 0000000c > 0024 sec_imp_level : 0002 > 0026 sec_ctxt_mode : 01 > 0027 effective_only: 00 >lsa_io_sec_qos: length c does not match size 8 > 0028 des_access: 02000000 >create_rpc_request: opnum: 0x6 data_len: 0x44 >create_rpc_request: data_len: 44 auth_len: 0 alloc_hint: 34 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000034 > 0014 context_id: 0000 > 0016 opnum : 0006 >rpc_api_pipe: fnum:73e2 >size=150 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 68 (0x44) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29666 (0x73E2) >smb_bcc=83 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 44 00 00 00 04 00 00 00 34 .......D .......4 >[020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... >[030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ >[050] 00 00 02 ... >write_socket(11,154) >write_socket(11,154) wrote 154 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ >[020] 00 00 00 00 00 60 EB 27 43 81 18 00 00 00 00 00 .....`.' C....... >[030] 00 . >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ >[020] 00 00 00 00 00 60 EB 27 43 81 18 00 00 00 00 00 .....`.' C....... >[030] 00 . >rpc_check_hdr: rdata->data_size = 48 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 48 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_open_pol > 000018 smb_io_pol_hnd > 0018 data1: 00000000 > 001c data2: 00000001 > 0020 data3: 0000 > 0022 data4: 0000 > 0024 data5: 60 eb 27 43 81 18 00 00 > 002c status: NT_STATUS_OK >init_q_enum_trust_dom >000000 lsa_io_q_enum_trust_dom > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 00000001 > 0008 data3: 0000 > 000a data4: 0000 > 000c data5: 60 eb 27 43 81 18 00 00 > 0014 enum_context : 00000000 > 0018 preferred_len: 00010000 >create_rpc_request: opnum: 0xd data_len: 0x34 >create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0034 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000024 > 0014 context_id: 0000 > 0016 opnum : 000d >rpc_api_pipe: fnum:73e2 >size=134 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 52 (0x34) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 52 (0x34) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29666 (0x73E2) >smb_bcc=67 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 34 00 00 00 05 00 00 00 24 .......4 .......$ >[020] 00 00 00 00 00 0D 00 00 00 00 00 01 00 00 00 00 ........ ........ >[030] 00 00 00 60 EB 27 43 81 18 00 00 00 00 00 00 00 ...`.'C. ........ >[040] 00 01 00 ... >write_socket(11,138) >write_socket(11,138) wrote 138 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 05 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 1A 00 00 80 ........ . >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 05 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[020] 00 00 00 00 00 1A 00 00 80 ........ . >rpc_check_hdr: rdata->data_size = 40 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 40 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_enum_trust_dom > 0018 enum_context: 00000000 > 001c count: 00000000 > 0020 ptr: 00000000 > 0024 status: NT_STATUS_NO_MORE_ENTRIES >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702 >accepted socket 15 >process_request: request fn INTERFACE_VERSION >[ 0]: request interface version >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 0]: request location of privileged pipe >accepted socket 16 >process_request: request fn PAM_AUTH >[ 0]: pam auth CROPRAHA\uzivatel2 >is_myname("CROPRAHA") returns 0 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 12 >process_request: request fn PAM_AUTH >[15700]: pam auth CROPRAHA\uzivatel2 >is_myname("CROPRAHA") returns 0 >Using cleartext machine password >write_socket(11,108) >write_socket(11,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=12 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=58112 (0xE300) >smb_vwv[ 3]= 371 (0x173) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >Bind RPC Pipe[73e3]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:73e3 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=13 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29667 (0x73E3) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >write_socket(11,158) >write_socket(11,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=13 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=13 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 000053f0 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >cli_net_req_chal: LSA Request Challenge from MSFS370 to \\MSDS1 >init_q_req_chal: 676 >init_q_req_chal: 685 >000000 net_io_q_req_chal > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 000020 smb_io_unistr2 > 0020 uni_max_len: 00000008 > 0024 offset : 00000000 > 0028 uni_str_len: 00000008 > 002c buffer : M.S.F.S.3.7.0... > 00003c smb_io_chal > 003c data: e2 3e 0b 68 47 33 49 ff >create_rpc_request: opnum: 0x4 data_len: 0x5c >create_rpc_request: data_len: 5c auth_len: 0 alloc_hint: 4c >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000004c > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: fnum:73e3 >size=174 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=14 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 92 (0x5C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29667 (0x73E3) >smb_bcc=107 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 5C 00 00 00 07 00 00 00 4C .......\ .......L >[020] 00 00 00 00 00 04 00 01 00 00 00 08 00 00 00 00 ........ ........ >[030] 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 53 00 44 .......\ .\.M.S.D >[040] 00 53 00 31 00 00 00 08 00 00 00 00 00 00 00 08 .S.1.... ........ >[050] 00 00 00 4D 00 53 00 46 00 53 00 33 00 37 00 30 ...M.S.F .S.3.7.0 >[060] 00 00 00 E2 3E 0B 68 47 33 49 FF ....>.hG 3I. >write_socket(11,178) >write_socket(11,178) wrote 178 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 34 C4 76 3D 90 F4 CC ........ .4.v=... >[020] 3E 00 00 00 00 >.... >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 34 C4 76 3D 90 F4 CC ........ .4.v=... >[020] 3E 00 00 00 00 >.... >rpc_check_hdr: rdata->data_size = 36 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 36 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_req_chal > 000018 smb_io_chal > 0018 data: 34 c4 76 3d 90 f4 cc 3e > 0020 status: NT_STATUS_OK >cred_session_key > clnt_chal: E23E0B68473349FF > srv_chal : 34C4763D90F4CC3E > clnt+srv : 160382A5D727163E > sess_key : 8FE37BD120A40267 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: E23E0B68473349FF > timestamp: 0 > timecred : E23E0B68473349FF > calc_cred: 21835717CE1D7DFA >cli_net_auth2: srv:\\MSDS1 acct:MSFS370$ sc:2 mc: MSFS370 neg: 400701ff >init_q_auth_2: 797 >make_log_info 1407 >init_q_auth_2: 803 >000000 net_io_q_auth_2 > 000000 smb_io_log_info > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 000020 smb_io_unistr2 unistr2 > 0020 uni_max_len: 00000009 > 0024 offset : 00000000 > 0028 uni_str_len: 00000009 > 002c buffer : M.S.F.S.3.7.0.$... > 003e sec_chan: 0002 > 000040 smb_io_unistr2 unistr2 > 0040 uni_max_len: 00000008 > 0044 offset : 00000000 > 0048 uni_str_len: 00000008 > 004c buffer : M.S.F.S.3.7.0... > 00005c smb_io_chal > 005c data: 21 83 57 17 ce 1d 7d fa > 000064 net_io_neg_flags > 0064 neg_flags: 400701ff >create_rpc_request: opnum: 0xf data_len: 0x80 >create_rpc_request: data_len: 80 auth_len: 0 alloc_hint: 70 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0080 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000070 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: fnum:73e3 >size=210 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=15 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 128 (0x80) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 128 (0x80) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29667 (0x73E3) >smb_bcc=143 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 80 00 00 00 08 00 00 00 70 ........ .......p >[020] 00 00 00 00 00 0F 00 01 00 00 00 08 00 00 00 00 ........ ........ >[030] 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 53 00 44 .......\ .\.M.S.D >[040] 00 53 00 31 00 00 00 09 00 00 00 00 00 00 00 09 .S.1.... ........ >[050] 00 00 00 4D 00 53 00 46 00 53 00 33 00 37 00 30 ...M.S.F .S.3.7.0 >[060] 00 24 00 00 00 02 00 08 00 00 00 00 00 00 00 08 .$...... ........ >[070] 00 00 00 4D 00 53 00 46 00 53 00 33 00 37 00 30 ...M.S.F .S.3.7.0 >[080] 00 00 00 21 83 57 17 CE 1D 7D FA FF 01 07 40 ...!.W.. .}....@ >write_socket(11,214) >write_socket(11,214) wrote 214 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 E7 1F 59 DA EF 24 8F ........ ...Y..$. >[020] D3 FF 01 00 40 00 00 00 00 ....@... . >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 E7 1F 59 DA EF 24 8F ........ ...Y..$. >[020] D3 FF 01 00 40 00 00 00 00 ....@... . >rpc_check_hdr: rdata->data_size = 40 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 40 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_auth_2 > 000018 smb_io_chal > 0018 data: e7 1f 59 da ef 24 8f d3 > 000020 net_io_neg_flags > 0020 neg_flags: 400001ff > 0024 status: NT_STATUS_OK >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: 34C4763D90F4CC3E > timestamp: 0 > timecred : 34C4763D90F4CC3E > calc_cred: E71F59DAEF248FD3 >cred_assert > challenge : E71F59DAEF248FD3 > calculated: E71F59DAEF248FD3 >credentials check ok >write_socket(11,108) >write_socket(11,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=16 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]=58368 (0xE400) >smb_vwv[ 3]= 371 (0x173) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 0 (0x0) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >Bind RPC Pipe[73e4]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr_auth hdr_auth > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_neg netsec_neg > 0008 type1: 00000000 > 000c type2: 00000003 >[000] 43 52 4F 50 52 41 48 41 CROPRAHA >[000] 4D 53 46 53 33 37 30 MSFS370 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0069 > 000a auth_len : 0019 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:73e4 >size=187 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=17 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 105 (0x69) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 105 (0x69) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29668 (0x73E4) >smb_bcc=120 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 69 00 19 00 09 00 00 00 B8 .......i ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 43 52 4F 50 52 41 48 41 00 .......C ROPRAHA. >[070] 4D 53 46 53 33 37 30 00 MSFS370. >write_socket(11,191) >write_socket(11,191) wrote 191 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=17 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 05 00 00 00 ........ . >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=17 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... >[010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 05 00 00 00 ........ . >rpc_check_hdr: rdata->data_size = 88 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000009 >rpc_api_pipe: len left: 0 smbtrans read: 88 >rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 08 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 000053f0 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: 21835717CE1D7DFA > timestamp: 4327ecd9 > timecred : FA6F7F5ACE1D7DFA > calc_cred: 4E5D79759EDACC36 >init_id_info2: 1178 >make_logon_id: 1586 >init_sam_info: 1272 >make_clnt_info: 1501 >init_clnt_srv: 1346 >000000 net_io_q_sam_logon > 000000 smb_io_sam_info > 000000 smb_io_clnt_info2 > 000000 smb_io_clnt_srv > 0000 undoc_buffer : 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 0020 undoc_buffer2: 00000001 > 000024 smb_io_unistr2 unistr2 > 0024 uni_max_len: 00000008 > 0028 offset : 00000000 > 002c uni_str_len: 00000008 > 0030 buffer : M.S.F.S.3.7.0... > 0040 ptr_cred: 00000001 > 000044 smb_io_cred > 000044 smb_io_chal > 0044 data: 4e 5d 79 75 9e da cc 36 > 00004c smb_io_utime > 004c time: 4327ecd9 > 0050 ptr_rtn_cred : 00000001 > 000054 smb_io_cred > 000054 smb_io_chal > 0054 data: 00 00 00 00 00 00 00 00 > 00005c smb_io_utime > 005c time: 00000000 > 0060 logon_level : 0002 > 000062 smb_io_sam_info logon_info > 0062 switch_value : 0002 > 000064 net_io_id_info2 > 0064 ptr_id_info2: 00000001 > 000068 smb_io_unihdr unihdr > 0068 uni_str_len: 0010 > 006a uni_max_len: 0010 > 006c buffer : 00000001 > 0070 param_ctrl: 00000000 > 000074 smb_io_logon_id > 0074 low : 0000dead > 0078 high: 0000beef > 00007c smb_io_unihdr unihdr > 007c uni_str_len: 0012 > 007e uni_max_len: 0012 > 0080 buffer : 00000001 > 000084 smb_io_unihdr unihdr > 0084 uni_str_len: 0012 > 0086 uni_max_len: 0012 > 0088 buffer : 00000001 > 008c lm_chal: 46 f8 ad 0d 79 9f fe 61 > 000094 smb_io_strhdr hdr_nt_chal_resp > 0094 str_str_len: 0018 > 0096 str_max_len: 0018 > 0098 buffer : 00000001 > 00009c smb_io_strhdr hdr_lm_chal_resp > 009c str_str_len: 0018 > 009e str_max_len: 0018 > 00a0 buffer : 00000001 > 0000a4 smb_io_unistr2 uni_domain_name > 00a4 uni_max_len: 00000008 > 00a8 offset : 00000000 > 00ac uni_str_len: 00000008 > 00b0 buffer : C.R.O.P.R.A.H.A. > 0000c0 smb_io_unistr2 uni_user_name > 00c0 uni_max_len: 00000009 > 00c4 offset : 00000000 > 00c8 uni_str_len: 00000009 > 00cc buffer : u.z.i.v.a.t.e.l.2. > 0000de smb_io_unistr2 uni_wksta_name > 00e0 uni_max_len: 00000009 > 00e4 offset : 00000000 > 00e8 uni_str_len: 00000009 > 00ec buffer : \.\.M.S.F.S.3.7.0. > 0000fe smb_io_string2 nt_chal_resp > 0100 str_max_len: 00000018 > 0104 offset : 00000000 > 0108 str_str_len: 00000018 > 010c buffer : .Gf8NXac...:[....r...... > 000124 smb_io_string2 lm_chal_resp > 0124 str_max_len: 00000018 > 0128 offset : 00000000 > 012c str_str_len: 00000018 > 0130 buffer : /k.v.._...1]..O..d.'.... > 0148 validation_level: 0003 >000150 smb_io_rpc_hdr_auth hdr_auth > 0150 auth_type : 44 > 0151 auth_level : 06 > 0152 auth_pad_len : 06 > 0153 auth_reserved: 00 > 0154 auth_context_id: 00000001 >SCHANNEL seq_num=0 >SCHANNEL: netsec_encode seq_num=0 data_len=336 >000158 smb_io_rpc_auth_netsec_chk > 0158 sig : 77 00 7a 00 ff ff 00 00 > 0160 seq_num: 34 07 8b 94 7f 5a 75 86 > 0168 packet_digest: 3c 63 42 70 39 a4 3e 2f > 0170 confounder: ce 9e 2b c1 27 20 8b 63 >create_rpc_request: opnum: 0x2 data_len: 0x190 >create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0190 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000158 > 0014 context_id: 0000 > 0016 opnum : 0002 >rpc_api_pipe: fnum:73e4 >size=482 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=18 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 400 (0x190) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29668 (0x73E4) >smb_bcc=415 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 01 20 00 0A 00 00 00 58 ........ . .....X >[020] 01 00 00 00 00 02 00 DD 99 90 1F 11 32 41 B7 B2 ........ ....2A.. >[030] DA 2D 43 BA 90 81 0F EB 17 46 FE F7 B3 17 36 13 .-C..... .F....6. >[040] 73 DC 94 13 62 E2 56 B1 68 53 8E 4C 16 90 C6 0B s...b.V. hS.L.... >[050] 95 95 5C C4 BD 84 80 4F CA F5 A2 FC F4 6F 9C 60 ..\....O .....o.` >[060] 10 8E DB B7 6D 1A EE 55 4D 29 83 48 3C A3 50 54 ....m..U M).H<.PT >[070] EF B6 E0 BF 49 20 C9 F7 D8 04 EE CB 7E 34 D1 F5 ....I .. ....~4.. >[080] AB 05 B4 68 87 CE 72 04 51 30 F6 D5 06 A0 8B 0E ...h..r. Q0...... >[090] BC 38 22 B2 00 B3 4B D4 25 E6 A0 FB 78 3F 66 87 .8"...K. %...x?f. >[0A0] 90 DD D7 83 E0 77 A6 F3 DB 88 B1 49 CF 68 CD BB .....w.. ...I.h.. >[0B0] 67 62 DF 04 95 D7 F9 8A D7 8D 97 7D 52 A7 88 A1 gb...... ...}R... >[0C0] E7 0F 8D 52 1A 47 A2 1E 5B 19 82 39 B2 37 47 73 ...R.G.. [..9.7Gs >[0D0] D0 17 D6 7E 65 9F A9 89 E5 CB 83 9B A1 F9 74 38 ...~e... ......t8 >[0E0] 02 D0 91 51 7F FD 65 BE FA 09 37 B7 BB 71 FA 30 ...Q..e. ..7..q.0 >[0F0] 0B 4F 93 0D A9 55 80 1C 2A B1 CC 27 DC 81 9A B3 .O...U.. *..'.... >[100] D8 CB 77 2A 3F D0 5B E4 55 40 A3 FF AF 8A D1 AE ..w*?.[. U@...... >[110] A4 95 2B E8 DA 1E 5B FF 49 A7 94 E5 47 D0 4E C2 ..+...[. I...G.N. >[120] 39 8C A5 7B 73 CC DE D8 B7 65 C0 FB CC FF 40 99 9..{s... .e....@. >[130] 8B 09 48 1B 58 5D A7 2D D1 A0 F0 4E 70 73 F1 72 ..H.X].- ...Nps.r >[140] 9A 60 B0 E5 49 CB C9 77 50 09 6C 47 65 AE 80 00 .`..I..w P.lGe... >[150] 38 03 39 4A 48 6C CE 92 82 00 A9 D1 80 1C A7 BB 8.9JHl.. ........ >[160] 9E 01 F2 EE 09 44 F2 18 31 43 5F CD F9 AF EC BF .....D.. 1C_..... >[170] 2C 8C 01 76 9D 91 47 44 06 06 00 01 00 00 00 77 ,..v..GD .......w >[180] 00 7A 00 FF FF 00 00 34 07 8B 94 7F 5A 75 86 3C .z.....4 ....Zu.< >[190] 63 42 70 39 A4 3E 2F CE 9E 2B C1 27 20 8B 63 cBp9.>/. .+.' .c >write_socket(11,486) >write_socket(11,486) wrote 486 >got smb length of 640 >size=640 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 584 (0x248) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 584 (0x248) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=585 >[000] 00 05 00 02 03 10 00 00 00 48 02 20 00 0A 00 00 ........ .H. .... >[010] 00 08 02 00 00 00 00 00 00 23 21 CF 90 C8 D9 A5 ........ .#!..... >[020] 7E 20 A0 47 02 11 C5 C9 CA 19 03 7E 2B 08 21 94 ~ .G.... ...~+.!. >[030] B3 2B 32 78 83 4E BF 0D 10 8D 1D 26 71 AB CC C1 .+2x.N.. ...&q... >[040] 7F 28 37 9F 9A 4A 2A 0A 3F 50 B6 DB A4 3C 84 43 .(7..J*. ?P...<.C >[050] 16 C4 9C 20 24 90 C3 A9 50 2E 44 39 52 E4 52 51 ... $... P.D9R.RQ >[060] A8 12 16 8A E4 16 64 2F 2C DA 3B D2 10 57 6F 18 ......d/ ,.;..Wo. >[070] EA AD 9C 19 4B 7A EE B8 A3 B8 36 1B B0 A3 0C 63 ....Kz.. ..6....c >[080] F5 07 D1 4F 92 F9 3D 9A E1 F4 D1 E8 62 FB A7 6C ...O..=. ....b..l >[090] 40 C8 49 CA DD F9 BE 9F A2 E9 90 B3 BC 88 ED 57 @.I..... .......W >[0A0] 75 35 F3 99 56 D1 57 16 56 5F A5 CB 77 36 F8 42 u5..V.W. V_..w6.B >[0B0] FE 7E 1D 16 55 27 94 7C 23 47 5B 95 DB 81 CC 06 .~..U'.| #G[..... >[0C0] 84 08 1E F8 12 B8 38 5F 55 74 B8 D6 76 0A 26 7B ......8_ Ut..v.&{ >[0D0] A6 71 84 E2 F1 1F B3 F5 AD 4F 55 9A 57 C5 64 0B .q...... .OU.W.d. >[0E0] FE 9C 1B 2D 86 39 E3 BA 10 E2 D1 5F E5 D5 21 25 ...-.9.. ..._..!% >[0F0] 51 CA 70 81 2D C2 46 4B C4 45 E8 CF DC 38 08 69 Q.p.-.FK .E...8.i >[100] AC 2E 4F EC 39 1C 62 6F B3 31 0F D2 5B E1 47 DF ..O.9.bo .1..[.G. >[110] 84 AC 79 47 E5 E6 03 BE F8 8C 9C 68 D2 FD 9C F4 ..yG.... ...h.... >[120] 0A E8 99 E3 59 67 A6 05 1A B1 D6 13 D8 D5 22 42 ....Yg.. ......"B >[130] ED 61 03 D5 A8 70 2C 3B 74 02 28 D6 BE 08 1B 5B .a...p,; t.(....[ >[140] 79 AA 54 D6 D9 36 0F DC A3 D2 70 34 BB 1A 41 A2 y.T..6.. ..p4..A. >[150] 7C 72 9B 6F DF 30 FC 4B 89 50 A8 FB A9 AC 5A FC |r.o.0.K .P....Z. >[160] A9 91 F4 50 C9 15 6F 65 09 7D E4 63 F7 7E 50 53 ...P..oe .}.c.~PS >[170] 15 8E A6 F1 D0 E1 4D 5B 3E 4A 2B 56 48 2D 88 6B ......M[ >J+VH-.k >[180] 2D 10 F3 4A 3F A7 2A 3C 26 5F A1 04 67 9B 73 68 -..J?.*< &_..g.sh >[190] 37 EE 8B D8 07 EC 63 7A 8D 46 BB 90 64 79 A3 0C 7.....cz .F..dy.. >[1A0] 9A FE CE 84 C0 D6 D4 4E 3C 76 44 D5 B8 C2 19 50 .......N <vD....P >[1B0] 29 85 50 D3 3C C1 BC EA 19 72 41 96 F8 3F 45 06 ).P.<... .rA..?E. >[1C0] 41 18 CA CC 4C 06 A7 77 8A 35 18 34 C1 DA 3D D1 A...L..w .5.4..=. >[1D0] 70 6A 2C CF C2 F7 C2 67 0A 1A 99 31 2D 02 A0 CA pj,....g ...1-... >[1E0] 04 F1 17 0A 20 C6 65 F8 6B 5F 23 2F 85 BE C8 B1 .... .e. k_#/.... >[1F0] D7 5D 8E A7 34 83 36 88 63 04 61 EA 26 19 8F 5C .]..4.6. c.a.&..\ >size=640 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 584 (0x248) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 584 (0x248) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=585 >[000] 00 05 00 02 03 10 00 00 00 48 02 20 00 0A 00 00 ........ .H. .... >[010] 00 08 02 00 00 00 00 00 00 23 21 CF 90 C8 D9 A5 ........ .#!..... >[020] 7E 20 A0 47 02 11 C5 C9 CA 19 03 7E 2B 08 21 94 ~ .G.... ...~+.!. >[030] B3 2B 32 78 83 4E BF 0D 10 8D 1D 26 71 AB CC C1 .+2x.N.. ...&q... >[040] 7F 28 37 9F 9A 4A 2A 0A 3F 50 B6 DB A4 3C 84 43 .(7..J*. ?P...<.C >[050] 16 C4 9C 20 24 90 C3 A9 50 2E 44 39 52 E4 52 51 ... $... P.D9R.RQ >[060] A8 12 16 8A E4 16 64 2F 2C DA 3B D2 10 57 6F 18 ......d/ ,.;..Wo. >[070] EA AD 9C 19 4B 7A EE B8 A3 B8 36 1B B0 A3 0C 63 ....Kz.. ..6....c >[080] F5 07 D1 4F 92 F9 3D 9A E1 F4 D1 E8 62 FB A7 6C ...O..=. ....b..l >[090] 40 C8 49 CA DD F9 BE 9F A2 E9 90 B3 BC 88 ED 57 @.I..... .......W >[0A0] 75 35 F3 99 56 D1 57 16 56 5F A5 CB 77 36 F8 42 u5..V.W. V_..w6.B >[0B0] FE 7E 1D 16 55 27 94 7C 23 47 5B 95 DB 81 CC 06 .~..U'.| #G[..... >[0C0] 84 08 1E F8 12 B8 38 5F 55 74 B8 D6 76 0A 26 7B ......8_ Ut..v.&{ >[0D0] A6 71 84 E2 F1 1F B3 F5 AD 4F 55 9A 57 C5 64 0B .q...... .OU.W.d. >[0E0] FE 9C 1B 2D 86 39 E3 BA 10 E2 D1 5F E5 D5 21 25 ...-.9.. ..._..!% >[0F0] 51 CA 70 81 2D C2 46 4B C4 45 E8 CF DC 38 08 69 Q.p.-.FK .E...8.i >[100] AC 2E 4F EC 39 1C 62 6F B3 31 0F D2 5B E1 47 DF ..O.9.bo .1..[.G. >[110] 84 AC 79 47 E5 E6 03 BE F8 8C 9C 68 D2 FD 9C F4 ..yG.... ...h.... >[120] 0A E8 99 E3 59 67 A6 05 1A B1 D6 13 D8 D5 22 42 ....Yg.. ......"B >[130] ED 61 03 D5 A8 70 2C 3B 74 02 28 D6 BE 08 1B 5B .a...p,; t.(....[ >[140] 79 AA 54 D6 D9 36 0F DC A3 D2 70 34 BB 1A 41 A2 y.T..6.. ..p4..A. >[150] 7C 72 9B 6F DF 30 FC 4B 89 50 A8 FB A9 AC 5A FC |r.o.0.K .P....Z. >[160] A9 91 F4 50 C9 15 6F 65 09 7D E4 63 F7 7E 50 53 ...P..oe .}.c.~PS >[170] 15 8E A6 F1 D0 E1 4D 5B 3E 4A 2B 56 48 2D 88 6B ......M[ >J+VH-.k >[180] 2D 10 F3 4A 3F A7 2A 3C 26 5F A1 04 67 9B 73 68 -..J?.*< &_..g.sh >[190] 37 EE 8B D8 07 EC 63 7A 8D 46 BB 90 64 79 A3 0C 7.....cz .F..dy.. >[1A0] 9A FE CE 84 C0 D6 D4 4E 3C 76 44 D5 B8 C2 19 50 .......N <vD....P >[1B0] 29 85 50 D3 3C C1 BC EA 19 72 41 96 F8 3F 45 06 ).P.<... .rA..?E. >[1C0] 41 18 CA CC 4C 06 A7 77 8A 35 18 34 C1 DA 3D D1 A...L..w .5.4..=. >[1D0] 70 6A 2C CF C2 F7 C2 67 0A 1A 99 31 2D 02 A0 CA pj,....g ...1-... >[1E0] 04 F1 17 0A 20 C6 65 F8 6B 5F 23 2F 85 BE C8 B1 .... .e. k_#/.... >[1F0] D7 5D 8E A7 34 83 36 88 63 04 61 EA 26 19 8F 5C .]..4.6. c.a.&..\ >rpc_check_hdr: rdata->data_size = 584 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0248 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000208 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 584 >rpc_auth_pipe: pkt_type: 2 len: 584 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: d5 91 34 d4 71 33 3c e1 > 0018 packet_digest: a5 a2 1c d7 0c 03 0e 15 > 0020 confounder: a8 b6 f0 cd 66 b0 7c fe >SCHANNEL: netsec_encode seq_num=1 data_len=520 >SCHANNEL: netsec_decode seq_num=1 data_len=520 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_sam_logon > 0018 buffer_creds: 00000001 > 00001c smb_io_cred > 00001c smb_io_chal > 001c data: 45 4a f0 80 0b 5a df a4 > 000024 smb_io_utime > 0024 time: 00000000 > 0028 switch_value: 0003 > 00002c net_io_user_info3 > 002c ptr_user_info : 00000001 > 000030 smb_io_time logon time > 0030 low : 00000000 > 0034 high: 00000000 > 000038 smb_io_time logoff time > 0038 low : ffffffff > 003c high: 7fffffff > 000040 smb_io_time kickoff time > 0040 low : ffffffff > 0044 high: 7fffffff > 000048 smb_io_time last set time > 0048 low : a2c94280 > 004c high: 01c5afb4 > 000050 smb_io_time can change time > 0050 low : a2c94280 > 0054 high: 01c5afb4 > 000058 smb_io_time must change time > 0058 low : ffffffff > 005c high: 7fffffff > 000060 smb_io_unihdr hdr_user_name > 0060 uni_str_len: 0012 > 0062 uni_max_len: 0012 > 0064 buffer : 00000001 > 000068 smb_io_unihdr hdr_full_name > 0068 uni_str_len: 0012 > 006a uni_max_len: 0012 > 006c buffer : 00000001 > 000070 smb_io_unihdr hdr_logon_script > 0070 uni_str_len: 002a > 0072 uni_max_len: 002a > 0074 buffer : 00000001 > 000078 smb_io_unihdr hdr_profile_path > 0078 uni_str_len: 0000 > 007a uni_max_len: 0000 > 007c buffer : 00000000 > 000080 smb_io_unihdr hdr_home_dir > 0080 uni_str_len: 0022 > 0082 uni_max_len: 0022 > 0084 buffer : 00000001 > 000088 smb_io_unihdr hdr_dir_drive > 0088 uni_str_len: 0004 > 008a uni_max_len: 0004 > 008c buffer : 00000001 > 0090 logon_count : 0000 > 0092 bad_pw_count : 0000 > 0094 user_rid : 00000e14 > 0098 group_rid : 00000201 > 009c num_groups : 00000002 > 00a0 buffer_groups : 00000001 > 00a4 user_flgs : 00000020 > 00a8 user_sess_key: 20 a1 87 1d 0d d9 51 a8 70 04 6e 28 30 03 5d 3f > 0000b8 smb_io_unihdr hdr_logon_srv > 00b8 uni_str_len: 000a > 00ba uni_max_len: 000a > 00bc buffer : 00000001 > 0000c0 smb_io_unihdr hdr_logon_dom > 00c0 uni_str_len: 0010 > 00c2 uni_max_len: 0010 > 00c4 buffer : 00000001 > 00c8 buffer_dom_id : 00000001 > 00cc lm_sess_key: d4 97 a6 4c ef 3b 77 7b > 00d4 acct_flags : 00000000 > 00d8 unkown: 00000000 > 00dc unkown: 00000000 > 00e0 unkown: 00000000 > 00e4 unkown: 00000000 > 00e8 unkown: 00000000 > 00ec unkown: 00000000 > 00f0 unkown: 00000000 > 00f4 num_other_sids: 00000000 > 00f8 buffer_other_sids: 00000000 > 0000fc smb_io_unistr2 uni_user_name > 00fc uni_max_len: 00000009 > 0100 offset : 00000000 > 0104 uni_str_len: 00000009 > 0108 buffer : u.z.i.v.a.t.e.l.2. > 00011a smb_io_unistr2 uni_full_name > 011c uni_max_len: 00000009 > 0120 offset : 00000000 > 0124 uni_str_len: 00000009 > 0128 buffer : u.z.i.v.a.t.e.l.2. > 00013a smb_io_unistr2 uni_logon_script > 013c uni_max_len: 00000015 > 0140 offset : 00000000 > 0144 uni_str_len: 00000015 > 0148 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. > 000172 smb_io_unistr2 - NULL uni_profile_path > 000172 smb_io_unistr2 uni_home_dir > 0174 uni_max_len: 00000011 > 0178 offset : 00000000 > 017c uni_str_len: 00000011 > 0180 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. > 0001a2 smb_io_unistr2 uni_dir_drive > 01a4 uni_max_len: 00000002 > 01a8 offset : 00000000 > 01ac uni_str_len: 00000002 > 01b0 buffer : X.:. > 01b4 num_groups2 : 00000002 > 0001b8 smb_io_gid > 01b8 g_rid: 00000201 > 01bc attr : 00000007 > 0001c0 smb_io_gid > 01c0 g_rid: 00000bb9 > 01c4 attr : 00000007 > 0001c8 smb_io_unistr2 uni_logon_srv > 01c8 uni_max_len: 00000005 > 01cc offset : 00000000 > 01d0 uni_str_len: 00000005 > 01d4 buffer : M.S.D.S.1. > 0001de smb_io_unistr2 uni_logon_dom > 01e0 uni_max_len: 00000008 > 01e4 offset : 00000000 > 01e8 uni_str_len: 00000008 > 01ec buffer : C.R.O.P.R.A.H.A. > 0001fc smb_io_dom_sid2 > 01fc num_auths: 00000004 > 000200 smb_io_dom_sid sid > 0200 sid_rev_num: 01 > 0201 num_auths : 04 > 0202 id_auth[0] : 00 > 0203 id_auth[1] : 00 > 0204 id_auth[2] : 00 > 0205 id_auth[3] : 00 > 0206 id_auth[4] : 00 > 0207 id_auth[5] : 05 > 0208 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b > 0218 auth_resp : 00000001 > 021c status : NT_STATUS_OK >clnt_deal_with_creds: 148 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: 21835717CE1D7DFA > timestamp: 4327ecda > timecred : FB6F7F5ACE1D7DFA > calc_cred: 454AF0800B5ADFA4 >cred_assert > challenge : 454AF0800B5ADFA4 > calculated: 454AF0800B5ADFA4 >credentials check ok > new clnt cred: FB6F7F5ACE1D7DFA >netsamlogon_cache_store: SID [S-1-5-21-949343575-3825593073-2552048267-3604] >0000 timestamp: 4327ecd9 >000004 net_io_user_info3 > 0004 ptr_user_info : 00000001 > 000008 smb_io_time logon time > 0008 low : 00000000 > 000c high: 00000000 > 000010 smb_io_time logoff time > 0010 low : ffffffff > 0014 high: 7fffffff > 000018 smb_io_time kickoff time > 0018 low : ffffffff > 001c high: 7fffffff > 000020 smb_io_time last set time > 0020 low : a2c94280 > 0024 high: 01c5afb4 > 000028 smb_io_time can change time > 0028 low : a2c94280 > 002c high: 01c5afb4 > 000030 smb_io_time must change time > 0030 low : ffffffff > 0034 high: 7fffffff > 000038 smb_io_unihdr hdr_user_name > 0038 uni_str_len: 0012 > 003a uni_max_len: 0012 > 003c buffer : 00000001 > 000040 smb_io_unihdr hdr_full_name > 0040 uni_str_len: 0012 > 0042 uni_max_len: 0012 > 0044 buffer : 00000001 > 000048 smb_io_unihdr hdr_logon_script > 0048 uni_str_len: 002a > 004a uni_max_len: 002a > 004c buffer : 00000001 > 000050 smb_io_unihdr hdr_profile_path > 0050 uni_str_len: 0000 > 0052 uni_max_len: 0000 > 0054 buffer : 00000000 > 000058 smb_io_unihdr hdr_home_dir > 0058 uni_str_len: 0022 > 005a uni_max_len: 0022 > 005c buffer : 00000001 > 000060 smb_io_unihdr hdr_dir_drive > 0060 uni_str_len: 0004 > 0062 uni_max_len: 0004 > 0064 buffer : 00000001 > 0068 logon_count : 0000 > 006a bad_pw_count : 0000 > 006c user_rid : 00000e14 > 0070 group_rid : 00000201 > 0074 num_groups : 00000002 > 0078 buffer_groups : 00000001 > 007c user_flgs : 00000020 > 0080 user_sess_key: 30 d9 d5 65 37 c8 25 ce 9a a6 d8 31 38 15 1e 6b > 000090 smb_io_unihdr hdr_logon_srv > 0090 uni_str_len: 000a > 0092 uni_max_len: 000a > 0094 buffer : 00000001 > 000098 smb_io_unihdr hdr_logon_dom > 0098 uni_str_len: 0010 > 009a uni_max_len: 0010 > 009c buffer : 00000001 > 00a0 buffer_dom_id : 00000001 > 00a4 lm_sess_key: c4 ef f4 34 d5 2a 03 1d > 00ac acct_flags : 00000000 > 00b0 unkown: 00000000 > 00b4 unkown: 00000000 > 00b8 unkown: 00000000 > 00bc unkown: 00000000 > 00c0 unkown: 00000000 > 00c4 unkown: 00000000 > 00c8 unkown: 00000000 > 00cc num_other_sids: 00000000 > 00d0 buffer_other_sids: 00000000 > 0000d4 smb_io_unistr2 uni_user_name > 00d4 uni_max_len: 00000009 > 00d8 offset : 00000000 > 00dc uni_str_len: 00000009 > 00e0 buffer : u.z.i.v.a.t.e.l.2. > 0000f2 smb_io_unistr2 uni_full_name > 00f4 uni_max_len: 00000009 > 00f8 offset : 00000000 > 00fc uni_str_len: 00000009 > 0100 buffer : u.z.i.v.a.t.e.l.2. > 000112 smb_io_unistr2 uni_logon_script > 0114 uni_max_len: 00000015 > 0118 offset : 00000000 > 011c uni_str_len: 00000015 > 0120 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. > 00014a smb_io_unistr2 - NULL uni_profile_path > 00014a smb_io_unistr2 uni_home_dir > 014c uni_max_len: 00000011 > 0150 offset : 00000000 > 0154 uni_str_len: 00000011 > 0158 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. > 00017a smb_io_unistr2 uni_dir_drive > 017c uni_max_len: 00000002 > 0180 offset : 00000000 > 0184 uni_str_len: 00000002 > 0188 buffer : X.:. > 018c num_groups2 : 00000002 > 000190 smb_io_gid > 0190 g_rid: 00000201 > 0194 attr : 00000007 > 000198 smb_io_gid > 0198 g_rid: 00000bb9 > 019c attr : 00000007 > 0001a0 smb_io_unistr2 uni_logon_srv > 01a0 uni_max_len: 00000005 > 01a4 offset : 00000000 > 01a8 uni_str_len: 00000005 > 01ac buffer : M.S.D.S.1. > 0001b6 smb_io_unistr2 uni_logon_dom > 01b8 uni_max_len: 00000008 > 01bc offset : 00000000 > 01c0 uni_str_len: 00000008 > 01c4 buffer : C.R.O.P.R.A.H.A. > 0001d4 smb_io_dom_sid2 > 01d4 num_auths: 00000004 > 0001d8 smb_io_dom_sid sid > 01d8 sid_rev_num: 01 > 01d9 num_auths : 04 > 01da id_auth[0] : 00 > 01db id_auth[1] : 00 > 01dc id_auth[2] : 00 > 01dd id_auth[3] : 00 > 01de id_auth[4] : 00 > 01df id_auth[5] : 05 > 01e0 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b >netsamlogon_clear_cached_user: clearing U/CROPRAHA/3604 >netsamlogon_clear_cached_user: clearing UG/CROPRAHA/3604 >Plain-text authentication for user CROPRAHA\uzivatel2 returned NT_STATUS_OK (PAM: 0) >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702 >process_request: request fn INFO >[ 0]: request misc info >process_request: request fn AUTH_CRAP >[ 0]: pam auth crap domain: [CROPRAHA] user: uzivatel2 >is_myname("CROPRAHA") returns 0 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 13 >process_request: request fn AUTH_CRAP >[15700]: pam auth crap domain: CROPRAHA user: uzivatel2 >is_myname("CROPRAHA") returns 0 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: FB6F7F5ACE1D7DFA > timestamp: 4327ecd9 > timecred : D45CA79DCE1D7DFA > calc_cred: 9DBC6049697DA4E8 >init_id_info2: 1178 >make_logon_id: 1586 >init_sam_info: 1272 >make_clnt_info: 1501 >init_clnt_srv: 1346 >000000 net_io_q_sam_logon > 000000 smb_io_sam_info > 000000 smb_io_clnt_info2 > 000000 smb_io_clnt_srv > 0000 undoc_buffer : 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 0020 undoc_buffer2: 00000001 > 000024 smb_io_unistr2 unistr2 > 0024 uni_max_len: 00000008 > 0028 offset : 00000000 > 002c uni_str_len: 00000008 > 0030 buffer : M.S.F.S.3.7.0... > 0040 ptr_cred: 00000001 > 000044 smb_io_cred > 000044 smb_io_chal > 0044 data: 9d bc 60 49 69 7d a4 e8 > 00004c smb_io_utime > 004c time: 4327ecd9 > 0050 ptr_rtn_cred : 00000001 > 000054 smb_io_cred > 000054 smb_io_chal > 0054 data: 00 00 00 00 00 00 00 00 > 00005c smb_io_utime > 005c time: 00000000 > 0060 logon_level : 0002 > 000062 smb_io_sam_info logon_info > 0062 switch_value : 0002 > 000064 net_io_id_info2 > 0064 ptr_id_info2: 00000001 > 000068 smb_io_unihdr unihdr > 0068 uni_str_len: 0010 > 006a uni_max_len: 0010 > 006c buffer : 00000001 > 0070 param_ctrl: 00000000 > 000074 smb_io_logon_id > 0074 low : 0000dead > 0078 high: 0000beef > 00007c smb_io_unihdr unihdr > 007c uni_str_len: 0012 > 007e uni_max_len: 0012 > 0080 buffer : 00000001 > 000084 smb_io_unihdr unihdr > 0084 uni_str_len: 0012 > 0086 uni_max_len: 0012 > 0088 buffer : 00000001 > 008c lm_chal: b4 9c 6d a3 64 1d 2f 19 > 000094 smb_io_strhdr hdr_nt_chal_resp > 0094 str_str_len: 0018 > 0096 str_max_len: 0018 > 0098 buffer : 00000001 > 00009c smb_io_strhdr hdr_lm_chal_resp > 009c str_str_len: 0018 > 009e str_max_len: 0018 > 00a0 buffer : 00000001 > 0000a4 smb_io_unistr2 uni_domain_name > 00a4 uni_max_len: 00000008 > 00a8 offset : 00000000 > 00ac uni_str_len: 00000008 > 00b0 buffer : C.R.O.P.R.A.H.A. > 0000c0 smb_io_unistr2 uni_user_name > 00c0 uni_max_len: 00000009 > 00c4 offset : 00000000 > 00c8 uni_str_len: 00000009 > 00cc buffer : u.z.i.v.a.t.e.l.2. > 0000de smb_io_unistr2 uni_wksta_name > 00e0 uni_max_len: 00000009 > 00e4 offset : 00000000 > 00e8 uni_str_len: 00000009 > 00ec buffer : \.\.M.S.F.S.3.7.0. > 0000fe smb_io_string2 nt_chal_resp > 0100 str_max_len: 00000018 > 0104 offset : 00000000 > 0108 str_str_len: 00000018 > 010c buffer : 0..{.....L.......*...... > 000124 smb_io_string2 lm_chal_resp > 0124 str_max_len: 00000018 > 0128 offset : 00000000 > 012c str_str_len: 00000018 > 0130 buffer : .5P#."<.....S...(..tY... > 0148 validation_level: 0003 >000150 smb_io_rpc_hdr_auth hdr_auth > 0150 auth_type : 44 > 0151 auth_level : 06 > 0152 auth_pad_len : 06 > 0153 auth_reserved: 00 > 0154 auth_context_id: 00000001 >SCHANNEL seq_num=2 >SCHANNEL: netsec_encode seq_num=2 data_len=336 >000158 smb_io_rpc_auth_netsec_chk > 0158 sig : 77 00 7a 00 ff ff 00 00 > 0160 seq_num: fa 1d 69 92 b8 63 4c 06 > 0168 packet_digest: 59 25 89 b0 f0 2c a5 98 > 0170 confounder: b3 03 48 87 e9 d6 75 e6 >create_rpc_request: opnum: 0x2 data_len: 0x190 >create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0190 > 000a auth_len : 0020 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000158 > 0014 context_id: 0000 > 0016 opnum : 0002 >rpc_api_pipe: fnum:73e4 >size=482 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=19 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 400 (0x190) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29668 (0x73E4) >smb_bcc=415 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 01 20 00 0B 00 00 00 58 ........ . .....X >[020] 01 00 00 00 00 02 00 A6 8E 78 49 68 CF 40 4F 18 ........ .xIh.@O. >[030] 55 B0 B5 5D A7 8C C7 C5 AE 64 D9 DD 4B B7 A2 1F U..].... .d..K... >[040] 6E 5F D8 E8 B7 BE 71 30 57 FC 52 58 63 94 3B 57 n_....q0 W.RXc.;W >[050] 78 CB 42 3A E3 EA 2D 94 73 82 2F A6 5B 1B CA 72 x.B:..-. s./.[..r >[060] C4 A1 CC C0 29 58 91 49 D8 2C D1 A8 80 E8 3D 14 ....)X.I .,....=. >[070] 62 97 F0 04 9E 3C CE C8 AB D3 3A 13 4D 13 D1 24 b....<.. ..:.M..$ >[080] 11 93 D5 A6 E5 D2 CF A6 1B 37 0C 18 1D 09 B4 23 ........ .7.....# >[090] EA CF 03 EF 1B 7A 37 3D B6 A0 44 B0 CA 83 FE 09 .....z7= ..D..... >[0A0] B4 75 BC 1F 33 BC 27 11 6E 87 E9 FD 36 9D 02 CD .u..3.'. n...6... >[0B0] 5D 20 EE 2B E1 C2 D9 3C 43 8E 92 ED 97 33 BD AD ] .+...< C....3.. >[0C0] 7C 8E A6 6A F2 5F 8B C4 C2 F2 40 7B 60 B0 C2 0B |..j._.. ..@{`... >[0D0] F2 E1 EC E8 0B F1 04 1F D9 A7 F7 20 3B A9 AF D1 ........ ... ;... >[0E0] F9 CF 4D 4E 2A B9 A4 26 E7 16 11 7A E0 21 A4 3F ..MN*..& ...z.!.? >[0F0] 49 52 6B 32 11 37 C7 2F 35 69 22 5D E3 16 9D 2E IRk2.7./ 5i"].... >[100] 34 F6 05 93 20 80 58 E7 BB 39 77 6A F3 73 CF F1 4... .X. .9wj.s.. >[110] C6 B7 8D EB FB 0B 5A D8 40 91 DC D4 BB 84 EC 6B ......Z. @......k >[120] A9 EC D9 84 A0 58 6F F8 BF 3E 40 06 5A 84 C1 CF .....Xo. .>@.Z... >[130] 2C C3 7E 9A 50 7F 54 B5 53 77 7C 23 24 92 89 D9 ,.~.P.T. Sw|#$... >[140] 4F 6E 33 DF A2 B2 F7 D4 B5 1D 76 7F 3D 2B 22 5E On3..... ..v.=+"^ >[150] 1D 57 5B 46 EC F6 79 12 AC 85 FA 8B C6 C8 04 88 .W[F..y. ........ >[160] 09 5A BD 69 63 A1 AD 87 64 B1 63 BF 49 F9 38 E2 .Z.ic... d.c.I.8. >[170] 55 66 86 0E AD FF A1 44 06 06 00 01 00 00 00 77 Uf.....D .......w >[180] 00 7A 00 FF FF 00 00 FA 1D 69 92 B8 63 4C 06 59 .z...... .i..cL.Y >[190] 25 89 B0 F0 2C A5 98 B3 03 48 87 E9 D6 75 E6 %...,... .H...u. >write_socket(11,486) >write_socket(11,486) wrote 486 >got smb length of 640 >size=640 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=19 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 584 (0x248) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 584 (0x248) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=585 >[000] 00 05 00 02 03 10 00 00 00 48 02 20 00 0B 00 00 ........ .H. .... >[010] 00 08 02 00 00 00 00 00 00 F6 1B 41 D2 00 57 60 ........ ...A..W` >[020] 34 DD 52 E0 DD B6 0A FD 02 C4 BB 5E 50 B7 42 C5 4.R..... ...^P.B. >[030] A8 73 04 F6 EB 62 76 8B BE CD 90 58 D4 AD EA 27 .s...bv. ...X...' >[040] 9F 81 CE 20 6C C5 CD F3 97 8C 20 30 99 D1 52 02 ... l... .. 0..R. >[050] 6A 92 2E AA 40 B8 01 05 4B 44 DD FA 4B B9 20 A8 j...@... KD..K. . >[060] 17 3E 2D 8A 32 BC 71 FA C5 61 48 4F 33 16 0A 56 .>-.2.q. .aHO3..V >[070] B8 72 E2 A4 07 F5 3E 00 3F F3 48 9C D2 42 D0 9D .r....>. ?.H..B.. >[080] E1 DB 81 DB 2E 0C 8C 45 4B CD 75 80 22 C8 C6 D3 .......E K.u."... >[090] 6E 99 F8 65 22 C7 CD 4F CC 7D 13 A9 B0 00 B5 74 n..e"..O .}.....t >[0A0] 85 74 70 5C 03 8F 24 FB E3 9C 7C BD BE F2 CE 2B .tp\..$. ..|....+ >[0B0] 45 6B B7 35 8D FF 53 15 5F BE DF 55 23 81 AA B0 Ek.5..S. _..U#... >[0C0] B2 F5 59 5B 63 88 E8 67 63 96 F8 40 85 B4 B9 BC ..Y[c..g c..@.... >[0D0] A3 34 D6 B8 27 0A 45 2E 22 63 68 11 94 85 E9 55 .4..'.E. "ch....U >[0E0] 80 19 E4 EB A1 E7 65 FC 0A 84 94 02 FD 49 34 5F ......e. .....I4_ >[0F0] 39 37 4E B5 43 2C FA E9 07 99 C7 C1 2F E6 0F 36 97N.C,.. ..../..6 >[100] EF F4 17 61 61 CD 87 D8 1E DB F1 28 95 DE 62 8D ...aa... ...(..b. >[110] 11 29 B1 13 63 18 47 26 22 FF 99 55 04 B5 F5 4A .)..c.G& "..U...J >[120] 1F C6 5C CE D1 50 3A 09 DE D3 E2 F6 EF 83 1C 25 ..\..P:. .......% >[130] 1F 40 61 8D 0F A0 63 50 5E E6 59 10 4D 2F 0E C3 .@a...cP ^.Y.M/.. >[140] E0 08 F6 10 26 12 D1 33 CE 8D A6 EA 18 FE D5 C4 ....&..3 ........ >[150] 6A 29 B5 E6 D7 AA 68 07 89 52 CB FF B0 6B 5E 11 j)....h. .R...k^. >[160] EC 2D 5E 6F B4 3A F2 84 00 28 59 B1 18 DB FA BF .-^o.:.. .(Y..... >[170] B9 12 04 CE 0E 77 49 BF CB A8 91 F2 1F 6F CB C7 .....wI. .....o.. >[180] 9C A0 49 3A B6 D7 D7 C0 55 F0 7D 18 8B 27 20 81 ..I:.... U.}..' . >[190] 13 A1 67 1E B9 4A 6F BF AD 7E 51 17 D3 62 F9 6D ..g..Jo. .~Q..b.m >[1A0] E3 20 38 FE 4E 4D C9 AC BB 99 B0 91 BE 80 2D 8A . 8.NM.. ......-. >[1B0] CB E4 D2 39 61 D5 08 CF DC 3D D8 37 AF 35 99 FC ...9a... .=.7.5.. >[1C0] D8 A5 5B 39 0E 02 9F D9 32 39 65 04 32 DD 7B 1A ..[9.... 29e.2.{. >[1D0] 80 3B D6 E7 BA 4A 10 42 33 6B 42 17 06 EF 28 C8 .;...J.B 3kB...(. >[1E0] 85 FB 2C 54 E3 AA 3E 62 E0 A7 59 7B 70 C4 B5 52 ..,T..>b ..Y{p..R >[1F0] 96 D9 74 28 C6 9B DB 98 9B 9B 66 45 BC 03 33 8A ..t(.... ..fE..3. >size=640 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=19 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 584 (0x248) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 584 (0x248) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=585 >[000] 00 05 00 02 03 10 00 00 00 48 02 20 00 0B 00 00 ........ .H. .... >[010] 00 08 02 00 00 00 00 00 00 F6 1B 41 D2 00 57 60 ........ ...A..W` >[020] 34 DD 52 E0 DD B6 0A FD 02 C4 BB 5E 50 B7 42 C5 4.R..... ...^P.B. >[030] A8 73 04 F6 EB 62 76 8B BE CD 90 58 D4 AD EA 27 .s...bv. ...X...' >[040] 9F 81 CE 20 6C C5 CD F3 97 8C 20 30 99 D1 52 02 ... l... .. 0..R. >[050] 6A 92 2E AA 40 B8 01 05 4B 44 DD FA 4B B9 20 A8 j...@... KD..K. . >[060] 17 3E 2D 8A 32 BC 71 FA C5 61 48 4F 33 16 0A 56 .>-.2.q. .aHO3..V >[070] B8 72 E2 A4 07 F5 3E 00 3F F3 48 9C D2 42 D0 9D .r....>. ?.H..B.. >[080] E1 DB 81 DB 2E 0C 8C 45 4B CD 75 80 22 C8 C6 D3 .......E K.u."... >[090] 6E 99 F8 65 22 C7 CD 4F CC 7D 13 A9 B0 00 B5 74 n..e"..O .}.....t >[0A0] 85 74 70 5C 03 8F 24 FB E3 9C 7C BD BE F2 CE 2B .tp\..$. ..|....+ >[0B0] 45 6B B7 35 8D FF 53 15 5F BE DF 55 23 81 AA B0 Ek.5..S. _..U#... >[0C0] B2 F5 59 5B 63 88 E8 67 63 96 F8 40 85 B4 B9 BC ..Y[c..g c..@.... >[0D0] A3 34 D6 B8 27 0A 45 2E 22 63 68 11 94 85 E9 55 .4..'.E. "ch....U >[0E0] 80 19 E4 EB A1 E7 65 FC 0A 84 94 02 FD 49 34 5F ......e. .....I4_ >[0F0] 39 37 4E B5 43 2C FA E9 07 99 C7 C1 2F E6 0F 36 97N.C,.. ..../..6 >[100] EF F4 17 61 61 CD 87 D8 1E DB F1 28 95 DE 62 8D ...aa... ...(..b. >[110] 11 29 B1 13 63 18 47 26 22 FF 99 55 04 B5 F5 4A .)..c.G& "..U...J >[120] 1F C6 5C CE D1 50 3A 09 DE D3 E2 F6 EF 83 1C 25 ..\..P:. .......% >[130] 1F 40 61 8D 0F A0 63 50 5E E6 59 10 4D 2F 0E C3 .@a...cP ^.Y.M/.. >[140] E0 08 F6 10 26 12 D1 33 CE 8D A6 EA 18 FE D5 C4 ....&..3 ........ >[150] 6A 29 B5 E6 D7 AA 68 07 89 52 CB FF B0 6B 5E 11 j)....h. .R...k^. >[160] EC 2D 5E 6F B4 3A F2 84 00 28 59 B1 18 DB FA BF .-^o.:.. .(Y..... >[170] B9 12 04 CE 0E 77 49 BF CB A8 91 F2 1F 6F CB C7 .....wI. .....o.. >[180] 9C A0 49 3A B6 D7 D7 C0 55 F0 7D 18 8B 27 20 81 ..I:.... U.}..' . >[190] 13 A1 67 1E B9 4A 6F BF AD 7E 51 17 D3 62 F9 6D ..g..Jo. .~Q..b.m >[1A0] E3 20 38 FE 4E 4D C9 AC BB 99 B0 91 BE 80 2D 8A . 8.NM.. ......-. >[1B0] CB E4 D2 39 61 D5 08 CF DC 3D D8 37 AF 35 99 FC ...9a... .=.7.5.. >[1C0] D8 A5 5B 39 0E 02 9F D9 32 39 65 04 32 DD 7B 1A ..[9.... 29e.2.{. >[1D0] 80 3B D6 E7 BA 4A 10 42 33 6B 42 17 06 EF 28 C8 .;...J.B 3kB...(. >[1E0] 85 FB 2C 54 E3 AA 3E 62 E0 A7 59 7B 70 C4 B5 52 ..,T..>b ..Y{p..R >[1F0] 96 D9 74 28 C6 9B DB 98 9B 9B 66 45 BC 03 33 8A ..t(.... ..fE..3. >rpc_check_hdr: rdata->data_size = 584 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0248 > 000a auth_len : 0020 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000208 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 584 >rpc_auth_pipe: pkt_type: 2 len: 584 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: 5e 1a fc 38 50 a1 c2 52 > 0018 packet_digest: 00 d2 ca ef 88 5a 65 7e > 0020 confounder: de 7e ba e3 08 73 8a 44 >SCHANNEL: netsec_encode seq_num=3 data_len=520 >SCHANNEL: netsec_decode seq_num=3 data_len=520 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_sam_logon > 0018 buffer_creds: 00000001 > 00001c smb_io_cred > 00001c smb_io_chal > 001c data: 24 67 8f fc d7 63 ea 96 > 000024 smb_io_utime > 0024 time: 00000000 > 0028 switch_value: 0003 > 00002c net_io_user_info3 > 002c ptr_user_info : 00000001 > 000030 smb_io_time logon time > 0030 low : 00000000 > 0034 high: 00000000 > 000038 smb_io_time logoff time > 0038 low : ffffffff > 003c high: 7fffffff > 000040 smb_io_time kickoff time > 0040 low : ffffffff > 0044 high: 7fffffff > 000048 smb_io_time last set time > 0048 low : a2c94280 > 004c high: 01c5afb4 > 000050 smb_io_time can change time > 0050 low : a2c94280 > 0054 high: 01c5afb4 > 000058 smb_io_time must change time > 0058 low : ffffffff > 005c high: 7fffffff > 000060 smb_io_unihdr hdr_user_name > 0060 uni_str_len: 0012 > 0062 uni_max_len: 0012 > 0064 buffer : 00000001 > 000068 smb_io_unihdr hdr_full_name > 0068 uni_str_len: 0012 > 006a uni_max_len: 0012 > 006c buffer : 00000001 > 000070 smb_io_unihdr hdr_logon_script > 0070 uni_str_len: 002a > 0072 uni_max_len: 002a > 0074 buffer : 00000001 > 000078 smb_io_unihdr hdr_profile_path > 0078 uni_str_len: 0000 > 007a uni_max_len: 0000 > 007c buffer : 00000000 > 000080 smb_io_unihdr hdr_home_dir > 0080 uni_str_len: 0022 > 0082 uni_max_len: 0022 > 0084 buffer : 00000001 > 000088 smb_io_unihdr hdr_dir_drive > 0088 uni_str_len: 0004 > 008a uni_max_len: 0004 > 008c buffer : 00000001 > 0090 logon_count : 0000 > 0092 bad_pw_count : 0000 > 0094 user_rid : 00000e14 > 0098 group_rid : 00000201 > 009c num_groups : 00000002 > 00a0 buffer_groups : 00000001 > 00a4 user_flgs : 00000020 > 00a8 user_sess_key: 20 a1 87 1d 0d d9 51 a8 70 04 6e 28 30 03 5d 3f > 0000b8 smb_io_unihdr hdr_logon_srv > 00b8 uni_str_len: 000a > 00ba uni_max_len: 000a > 00bc buffer : 00000001 > 0000c0 smb_io_unihdr hdr_logon_dom > 00c0 uni_str_len: 0010 > 00c2 uni_max_len: 0010 > 00c4 buffer : 00000001 > 00c8 buffer_dom_id : 00000001 > 00cc lm_sess_key: d4 97 a6 4c ef 3b 77 7b > 00d4 acct_flags : 00000000 > 00d8 unkown: 00000000 > 00dc unkown: 00000000 > 00e0 unkown: 00000000 > 00e4 unkown: 00000000 > 00e8 unkown: 00000000 > 00ec unkown: 00000000 > 00f0 unkown: 00000000 > 00f4 num_other_sids: 00000000 > 00f8 buffer_other_sids: 00000000 > 0000fc smb_io_unistr2 uni_user_name > 00fc uni_max_len: 00000009 > 0100 offset : 00000000 > 0104 uni_str_len: 00000009 > 0108 buffer : u.z.i.v.a.t.e.l.2. > 00011a smb_io_unistr2 uni_full_name > 011c uni_max_len: 00000009 > 0120 offset : 00000000 > 0124 uni_str_len: 00000009 > 0128 buffer : u.z.i.v.a.t.e.l.2. > 00013a smb_io_unistr2 uni_logon_script > 013c uni_max_len: 00000015 > 0140 offset : 00000000 > 0144 uni_str_len: 00000015 > 0148 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. > 000172 smb_io_unistr2 - NULL uni_profile_path > 000172 smb_io_unistr2 uni_home_dir > 0174 uni_max_len: 00000011 > 0178 offset : 00000000 > 017c uni_str_len: 00000011 > 0180 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. > 0001a2 smb_io_unistr2 uni_dir_drive > 01a4 uni_max_len: 00000002 > 01a8 offset : 00000000 > 01ac uni_str_len: 00000002 > 01b0 buffer : X.:. > 01b4 num_groups2 : 00000002 > 0001b8 smb_io_gid > 01b8 g_rid: 00000201 > 01bc attr : 00000007 > 0001c0 smb_io_gid > 01c0 g_rid: 00000bb9 > 01c4 attr : 00000007 > 0001c8 smb_io_unistr2 uni_logon_srv > 01c8 uni_max_len: 00000005 > 01cc offset : 00000000 > 01d0 uni_str_len: 00000005 > 01d4 buffer : M.S.D.S.1. > 0001de smb_io_unistr2 uni_logon_dom > 01e0 uni_max_len: 00000008 > 01e4 offset : 00000000 > 01e8 uni_str_len: 00000008 > 01ec buffer : C.R.O.P.R.A.H.A. > 0001fc smb_io_dom_sid2 > 01fc num_auths: 00000004 > 000200 smb_io_dom_sid sid > 0200 sid_rev_num: 01 > 0201 num_auths : 04 > 0202 id_auth[0] : 00 > 0203 id_auth[1] : 00 > 0204 id_auth[2] : 00 > 0205 id_auth[3] : 00 > 0206 id_auth[4] : 00 > 0207 id_auth[5] : 05 > 0208 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b > 0218 auth_resp : 00000001 > 021c status : NT_STATUS_OK >clnt_deal_with_creds: 148 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: FB6F7F5ACE1D7DFA > timestamp: 4327ecda > timecred : D55CA79DCE1D7DFA > calc_cred: 24678FFCD763EA96 >cred_assert > challenge : 24678FFCD763EA96 > calculated: 24678FFCD763EA96 >credentials check ok > new clnt cred: D55CA79DCE1D7DFA >netsamlogon_cache_store: SID [S-1-5-21-949343575-3825593073-2552048267-3604] >0000 timestamp: 4327ecd9 >000004 net_io_user_info3 > 0004 ptr_user_info : 00000001 > 000008 smb_io_time logon time > 0008 low : 00000000 > 000c high: 00000000 > 000010 smb_io_time logoff time > 0010 low : ffffffff > 0014 high: 7fffffff > 000018 smb_io_time kickoff time > 0018 low : ffffffff > 001c high: 7fffffff > 000020 smb_io_time last set time > 0020 low : a2c94280 > 0024 high: 01c5afb4 > 000028 smb_io_time can change time > 0028 low : a2c94280 > 002c high: 01c5afb4 > 000030 smb_io_time must change time > 0030 low : ffffffff > 0034 high: 7fffffff > 000038 smb_io_unihdr hdr_user_name > 0038 uni_str_len: 0012 > 003a uni_max_len: 0012 > 003c buffer : 00000001 > 000040 smb_io_unihdr hdr_full_name > 0040 uni_str_len: 0012 > 0042 uni_max_len: 0012 > 0044 buffer : 00000001 > 000048 smb_io_unihdr hdr_logon_script > 0048 uni_str_len: 002a > 004a uni_max_len: 002a > 004c buffer : 00000001 > 000050 smb_io_unihdr hdr_profile_path > 0050 uni_str_len: 0000 > 0052 uni_max_len: 0000 > 0054 buffer : 00000000 > 000058 smb_io_unihdr hdr_home_dir > 0058 uni_str_len: 0022 > 005a uni_max_len: 0022 > 005c buffer : 00000001 > 000060 smb_io_unihdr hdr_dir_drive > 0060 uni_str_len: 0004 > 0062 uni_max_len: 0004 > 0064 buffer : 00000001 > 0068 logon_count : 0000 > 006a bad_pw_count : 0000 > 006c user_rid : 00000e14 > 0070 group_rid : 00000201 > 0074 num_groups : 00000002 > 0078 buffer_groups : 00000001 > 007c user_flgs : 00000020 > 0080 user_sess_key: 30 d9 d5 65 37 c8 25 ce 9a a6 d8 31 38 15 1e 6b > 000090 smb_io_unihdr hdr_logon_srv > 0090 uni_str_len: 000a > 0092 uni_max_len: 000a > 0094 buffer : 00000001 > 000098 smb_io_unihdr hdr_logon_dom > 0098 uni_str_len: 0010 > 009a uni_max_len: 0010 > 009c buffer : 00000001 > 00a0 buffer_dom_id : 00000001 > 00a4 lm_sess_key: c4 ef f4 34 d5 2a 03 1d > 00ac acct_flags : 00000000 > 00b0 unkown: 00000000 > 00b4 unkown: 00000000 > 00b8 unkown: 00000000 > 00bc unkown: 00000000 > 00c0 unkown: 00000000 > 00c4 unkown: 00000000 > 00c8 unkown: 00000000 > 00cc num_other_sids: 00000000 > 00d0 buffer_other_sids: 00000000 > 0000d4 smb_io_unistr2 uni_user_name > 00d4 uni_max_len: 00000009 > 00d8 offset : 00000000 > 00dc uni_str_len: 00000009 > 00e0 buffer : u.z.i.v.a.t.e.l.2. > 0000f2 smb_io_unistr2 uni_full_name > 00f4 uni_max_len: 00000009 > 00f8 offset : 00000000 > 00fc uni_str_len: 00000009 > 0100 buffer : u.z.i.v.a.t.e.l.2. > 000112 smb_io_unistr2 uni_logon_script > 0114 uni_max_len: 00000015 > 0118 offset : 00000000 > 011c uni_str_len: 00000015 > 0120 buffer : s.c.r.i.p.t.s./.u.z.i.v.a.t.e.l.2...b.a.t. > 00014a smb_io_unistr2 - NULL uni_profile_path > 00014a smb_io_unistr2 uni_home_dir > 014c uni_max_len: 00000011 > 0150 offset : 00000000 > 0154 uni_str_len: 00000011 > 0158 buffer : \.\.m.s.f.s.1.\.u.z.i.v.a.t.e.l.2. > 00017a smb_io_unistr2 uni_dir_drive > 017c uni_max_len: 00000002 > 0180 offset : 00000000 > 0184 uni_str_len: 00000002 > 0188 buffer : X.:. > 018c num_groups2 : 00000002 > 000190 smb_io_gid > 0190 g_rid: 00000201 > 0194 attr : 00000007 > 000198 smb_io_gid > 0198 g_rid: 00000bb9 > 019c attr : 00000007 > 0001a0 smb_io_unistr2 uni_logon_srv > 01a0 uni_max_len: 00000005 > 01a4 offset : 00000000 > 01a8 uni_str_len: 00000005 > 01ac buffer : M.S.D.S.1. > 0001b6 smb_io_unistr2 uni_logon_dom > 01b8 uni_max_len: 00000008 > 01bc offset : 00000000 > 01c0 uni_str_len: 00000008 > 01c4 buffer : C.R.O.P.R.A.H.A. > 0001d4 smb_io_dom_sid2 > 01d4 num_auths: 00000004 > 0001d8 smb_io_dom_sid sid > 01d8 sid_rev_num: 01 > 01d9 num_auths : 04 > 01da id_auth[0] : 00 > 01db id_auth[1] : 00 > 01dc id_auth[2] : 00 > 01dd id_auth[3] : 00 > 01de id_auth[4] : 00 > 01df id_auth[5] : 05 > 01e0 sub_auths : 00000015 3895d557 e405eaf1 981d2a8b >netsamlogon_clear_cached_user: clearing U/CROPRAHA/3604 >netsamlogon_clear_cached_user: clearing UG/CROPRAHA/3604 >NTLM CRAP authentication for user [CROPRAHA]\[uzivatel2] returned NT_STATUS_OK (PAM: 0) >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702 >accepted socket 15 >process_request: request fn INTERFACE_VERSION >[ 0]: request interface version >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 0]: request location of privileged pipe >accepted socket 16 >process_request: request fn PAM_AUTH >[ 0]: pam auth CROPRAHA\uzivatel2 >is_myname("CROPRAHA") returns 0 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 12 >process_request: request fn PAM_AUTH >[15700]: pam auth CROPRAHA\uzivatel2 >is_myname("CROPRAHA") returns 0 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: D55CA79DCE1D7DFA > timestamp: 4327ecdd > timecred : B249CFE0CE1D7DFA > calc_cred: 08D654B3447974BA >init_id_info2: 1178 >make_logon_id: 1586 >init_sam_info: 1272 >make_clnt_info: 1501 >init_clnt_srv: 1346 >000000 net_io_q_sam_logon > 000000 smb_io_sam_info > 000000 smb_io_clnt_info2 > 000000 smb_io_clnt_srv > 0000 undoc_buffer : 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 0020 undoc_buffer2: 00000001 > 000024 smb_io_unistr2 unistr2 > 0024 uni_max_len: 00000008 > 0028 offset : 00000000 > 002c uni_str_len: 00000008 > 0030 buffer : M.S.F.S.3.7.0... > 0040 ptr_cred: 00000001 > 000044 smb_io_cred > 000044 smb_io_chal > 0044 data: 08 d6 54 b3 44 79 74 ba > 00004c smb_io_utime > 004c time: 4327ecdd > 0050 ptr_rtn_cred : 00000001 > 000054 smb_io_cred > 000054 smb_io_chal > 0054 data: 00 00 00 00 00 00 00 00 > 00005c smb_io_utime > 005c time: 00000000 > 0060 logon_level : 0002 > 000062 smb_io_sam_info logon_info > 0062 switch_value : 0002 > 000064 net_io_id_info2 > 0064 ptr_id_info2: 00000001 > 000068 smb_io_unihdr unihdr > 0068 uni_str_len: 0010 > 006a uni_max_len: 0010 > 006c buffer : 00000001 > 0070 param_ctrl: 00000000 > 000074 smb_io_logon_id > 0074 low : 0000dead > 0078 high: 0000beef > 00007c smb_io_unihdr unihdr > 007c uni_str_len: 0012 > 007e uni_max_len: 0012 > 0080 buffer : 00000001 > 000084 smb_io_unihdr unihdr > 0084 uni_str_len: 0012 > 0086 uni_max_len: 0012 > 0088 buffer : 00000001 > 008c lm_chal: 9d fc 27 64 02 1e c6 59 > 000094 smb_io_strhdr hdr_nt_chal_resp > 0094 str_str_len: 0018 > 0096 str_max_len: 0018 > 0098 buffer : 00000001 > 00009c smb_io_strhdr hdr_lm_chal_resp > 009c str_str_len: 0018 > 009e str_max_len: 0018 > 00a0 buffer : 00000001 > 0000a4 smb_io_unistr2 uni_domain_name > 00a4 uni_max_len: 00000008 > 00a8 offset : 00000000 > 00ac uni_str_len: 00000008 > 00b0 buffer : C.R.O.P.R.A.H.A. > 0000c0 smb_io_unistr2 uni_user_name > 00c0 uni_max_len: 00000009 > 00c4 offset : 00000000 > 00c8 uni_str_len: 00000009 > 00cc buffer : u.z.i.v.a.t.e.l.2. > 0000de smb_io_unistr2 uni_wksta_name > 00e0 uni_max_len: 00000009 > 00e4 offset : 00000000 > 00e8 uni_str_len: 00000009 > 00ec buffer : \.\.M.S.F.S.3.7.0. > 0000fe smb_io_string2 nt_chal_resp > 0100 str_max_len: 00000018 > 0104 offset : 00000000 > 0108 str_str_len: 00000018 > 010c buffer : !....../.-..O|.s*.>.[I!. > 000124 smb_io_string2 lm_chal_resp > 0124 str_max_len: 00000018 > 0128 offset : 00000000 > 012c str_str_len: 00000018 > 0130 buffer : ...^.....z....L0...E.... > 0148 validation_level: 0003 >000150 smb_io_rpc_hdr_auth hdr_auth > 0150 auth_type : 44 > 0151 auth_level : 06 > 0152 auth_pad_len : 06 > 0153 auth_reserved: 00 > 0154 auth_context_id: 00000001 >SCHANNEL seq_num=4 >SCHANNEL: netsec_encode seq_num=4 data_len=336 >000158 smb_io_rpc_auth_netsec_chk > 0158 sig : 77 00 7a 00 ff ff 00 00 > 0160 seq_num: f6 b4 f7 2e 5b c9 57 20 > 0168 packet_digest: 06 69 88 bb 8f 69 5e f6 > 0170 confounder: 88 c9 e2 a9 cc 8b 2d e7 >create_rpc_request: opnum: 0x2 data_len: 0x190 >create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0190 > 000a auth_len : 0020 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000158 > 0014 context_id: 0000 > 0016 opnum : 0002 >rpc_api_pipe: fnum:73e4 >size=482 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=20 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 400 (0x190) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29668 (0x73E4) >smb_bcc=415 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 01 20 00 0C 00 00 00 58 ........ . .....X >[020] 01 00 00 00 00 02 00 82 C2 DC 57 76 58 EC A1 2E ........ ..WvX... >[030] 31 5C D3 E1 C0 1A 21 4E 9D F7 DD CF 74 1A 29 43 1\....!N ....t.)C >[040] BF D5 22 F1 B3 FB BC 2D 40 10 19 9F DC 39 A8 4C .."....- @....9.L >[050] C4 E9 73 75 E6 2F C9 8E 4F EC EC ED 0F 3F 75 55 ..su./.. O....?uU >[060] 85 C4 A3 7B CF E4 E2 47 B0 59 29 5C 1F FF 15 3C ...{...G .Y)\...< >[070] F2 41 1E 4E EF 6B D4 1E AC 68 05 69 C8 B5 DC 50 .A.N.k.. .h.i...P >[080] 3C D1 04 84 B5 48 A9 D1 78 9E 5D C2 6C E6 9C 02 <....H.. x.].l... >[090] B1 9B 28 F0 67 27 29 23 E1 81 38 E4 A3 C3 3C 00 ..(.g')# ..8...<. >[0A0] 67 CC D5 08 5E AE 85 21 65 89 8B 80 A7 36 7D 29 g...^..! e....6}) >[0B0] 77 7F 1E AC 03 C1 F3 17 02 E4 CB F9 D7 19 95 5D w....... .......] >[0C0] 15 9F 20 7F E5 EA 46 C7 35 FF 77 72 E3 DB 02 8F .. ...F. 5.wr.... >[0D0] F4 8D 06 6A 26 29 09 25 0D C1 0F B9 EB 51 C6 98 ...j&).% .....Q.. >[0E0] 1A D4 01 92 4E FE DB 30 CA 39 E9 9B AD 20 2C 6D ....N..0 .9... ,m >[0F0] 21 59 0B 40 BE 9C BC 68 BA DB 3E 4A 9A B7 8F 03 !Y.@...h ..>J.... >[100] 1C 46 FB FA D0 28 C5 D0 A0 76 DD A2 67 E0 D5 E6 .F...(.. .v..g... >[110] E4 76 2A F9 C2 0D 43 68 DC 41 8E 2E 7E EE 12 71 .v*...Ch .A..~..q >[120] F2 40 79 59 C7 A3 BA 16 E6 5B E6 8B 12 32 EA E6 .@yY.... .[...2.. >[130] A2 A9 67 F3 AD 61 44 66 D3 89 B0 34 77 8F A2 F9 ..g..aDf ...4w... >[140] 4F 7D B4 6D 9F 1F F9 1C 00 53 74 38 4F 95 4E 2E O}.m.... .St8O.N. >[150] E3 7C 54 E9 61 CD E1 66 97 0D 64 4E 78 64 B5 EB .|T.a..f ..dNxd.. >[160] 8E 7C F6 52 34 F0 FF FB 9D F1 C6 9A 99 FB C6 5A .|.R4... .......Z >[170] 4B 2A 84 DD 22 01 4B 44 06 06 00 01 00 00 00 77 K*..".KD .......w >[180] 00 7A 00 FF FF 00 00 F6 B4 F7 2E 5B C9 57 20 06 .z...... ...[.W . >[190] 69 88 BB 8F 69 5E F6 88 C9 E2 A9 CC 8B 2D E7 i...i^.. .....-. >write_socket(11,486) >write_socket(11,486) wrote 486 >got smb length of 152 >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0C 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 29 AE 43 62 ED 60 DC . ...... .).Cb.`. >[020] 87 BD F4 BD 22 8A ED 97 87 1E A0 C7 F0 7C 50 4B ...."... .....|PK >[030] 93 9C 3A 13 E0 5E 56 83 03 44 06 00 00 01 00 00 ..:..^V. .D...... >[040] 00 77 00 7A 00 FF FF 00 00 D5 39 EC 37 85 2C 51 .w.z.... ..9.7.,Q >[050] 59 E3 53 E1 12 76 5C 0E AB 7C 49 4A FF AF AF CF Y.S..v\. .|IJ.... >[060] 29 ) >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0C 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 29 AE 43 62 ED 60 DC . ...... .).Cb.`. >[020] 87 BD F4 BD 22 8A ED 97 87 1E A0 C7 F0 7C 50 4B ...."... .....|PK >[030] 93 9C 3A 13 E0 5E 56 83 03 44 06 00 00 01 00 00 ..:..^V. .D...... >[040] 00 77 00 7A 00 FF FF 00 00 D5 39 EC 37 85 2C 51 .w.z.... ..9.7.,Q >[050] 59 E3 53 E1 12 76 5C 0E AB 7C 49 4A FF AF AF CF Y.S..v\. .|IJ.... >[060] 29 ) >rpc_check_hdr: rdata->data_size = 96 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0020 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 96 >rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: d5 39 ec 37 85 2c 51 59 > 0018 packet_digest: e3 53 e1 12 76 5c 0e ab > 0020 confounder: 7c 49 4a ff af af cf 29 >SCHANNEL: netsec_encode seq_num=5 data_len=32 >SCHANNEL: netsec_decode seq_num=5 data_len=32 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_sam_logon > 0018 buffer_creds: 00000001 > 00001c smb_io_cred > 00001c smb_io_chal > 001c data: d5 57 ca fa 4e 69 1c aa > 000024 smb_io_utime > 0024 time: 00000000 > 0028 switch_value: 0003 > 00002c net_io_user_info3 > 002c ptr_user_info : 00000000 > 0030 auth_resp : 00000001 > 0034 status : NT_STATUS_WRONG_PASSWORD >Plain-text authentication for user CROPRAHA\uzivatel2 returned NT_STATUS_WRONG_PASSWORD (PAM: 7) >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702 >process_request: request fn INFO >[ 0]: request misc info >process_request: request fn AUTH_CRAP >[ 0]: pam auth crap domain: [CROPRAHA] user: uzivatel2 >is_myname("CROPRAHA") returns 0 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 13 >process_request: request fn AUTH_CRAP >[15700]: pam auth crap domain: CROPRAHA user: uzivatel2 >is_myname("CROPRAHA") returns 0 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: D55CA79DCE1D7DFA > timestamp: 4327ecdd > timecred : B249CFE0CE1D7DFA > calc_cred: 08D654B3447974BA >init_id_info2: 1178 >make_logon_id: 1586 >init_sam_info: 1272 >make_clnt_info: 1501 >init_clnt_srv: 1346 >000000 net_io_q_sam_logon > 000000 smb_io_sam_info > 000000 smb_io_clnt_info2 > 000000 smb_io_clnt_srv > 0000 undoc_buffer : 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 0020 undoc_buffer2: 00000001 > 000024 smb_io_unistr2 unistr2 > 0024 uni_max_len: 00000008 > 0028 offset : 00000000 > 002c uni_str_len: 00000008 > 0030 buffer : M.S.F.S.3.7.0... > 0040 ptr_cred: 00000001 > 000044 smb_io_cred > 000044 smb_io_chal > 0044 data: 08 d6 54 b3 44 79 74 ba > 00004c smb_io_utime > 004c time: 4327ecdd > 0050 ptr_rtn_cred : 00000001 > 000054 smb_io_cred > 000054 smb_io_chal > 0054 data: 00 00 00 00 00 00 00 00 > 00005c smb_io_utime > 005c time: 00000000 > 0060 logon_level : 0002 > 000062 smb_io_sam_info logon_info > 0062 switch_value : 0002 > 000064 net_io_id_info2 > 0064 ptr_id_info2: 00000001 > 000068 smb_io_unihdr unihdr > 0068 uni_str_len: 0010 > 006a uni_max_len: 0010 > 006c buffer : 00000001 > 0070 param_ctrl: 00000000 > 000074 smb_io_logon_id > 0074 low : 0000dead > 0078 high: 0000beef > 00007c smb_io_unihdr unihdr > 007c uni_str_len: 0012 > 007e uni_max_len: 0012 > 0080 buffer : 00000001 > 000084 smb_io_unihdr unihdr > 0084 uni_str_len: 0012 > 0086 uni_max_len: 0012 > 0088 buffer : 00000001 > 008c lm_chal: 78 0f 04 e2 01 e6 69 04 > 000094 smb_io_strhdr hdr_nt_chal_resp > 0094 str_str_len: 0018 > 0096 str_max_len: 0018 > 0098 buffer : 00000001 > 00009c smb_io_strhdr hdr_lm_chal_resp > 009c str_str_len: 0018 > 009e str_max_len: 0018 > 00a0 buffer : 00000001 > 0000a4 smb_io_unistr2 uni_domain_name > 00a4 uni_max_len: 00000008 > 00a8 offset : 00000000 > 00ac uni_str_len: 00000008 > 00b0 buffer : C.R.O.P.R.A.H.A. > 0000c0 smb_io_unistr2 uni_user_name > 00c0 uni_max_len: 00000009 > 00c4 offset : 00000000 > 00c8 uni_str_len: 00000009 > 00cc buffer : u.z.i.v.a.t.e.l.2. > 0000de smb_io_unistr2 uni_wksta_name > 00e0 uni_max_len: 00000009 > 00e4 offset : 00000000 > 00e8 uni_str_len: 00000009 > 00ec buffer : \.\.M.S.F.S.3.7.0. > 0000fe smb_io_string2 nt_chal_resp > 0100 str_max_len: 00000018 > 0104 offset : 00000000 > 0108 str_str_len: 00000018 > 010c buffer : 2X'..............k.@.... > 000124 smb_io_string2 lm_chal_resp > 0124 str_max_len: 00000018 > 0128 offset : 00000000 > 012c str_str_len: 00000018 > 0130 buffer : ....q.(..Q.....C...59.w. > 0148 validation_level: 0003 >000150 smb_io_rpc_hdr_auth hdr_auth > 0150 auth_type : 44 > 0151 auth_level : 06 > 0152 auth_pad_len : 06 > 0153 auth_reserved: 00 > 0154 auth_context_id: 00000001 >SCHANNEL seq_num=6 >SCHANNEL: netsec_encode seq_num=6 data_len=336 >000158 smb_io_rpc_auth_netsec_chk > 0158 sig : 77 00 7a 00 ff ff 00 00 > 0160 seq_num: 34 e8 0e 31 a7 af d8 8b > 0168 packet_digest: 5c 91 82 53 42 b7 8a 5b > 0170 confounder: 30 7a 78 0f 5a bf b9 e5 >create_rpc_request: opnum: 0x2 data_len: 0x190 >create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0190 > 000a auth_len : 0020 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000158 > 0014 context_id: 0000 > 0016 opnum : 0002 >rpc_api_pipe: fnum:73e4 >size=482 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=21 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 400 (0x190) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29668 (0x73E4) >smb_bcc=415 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 01 20 00 0D 00 00 00 58 ........ . .....X >[020] 01 00 00 00 00 02 00 BE 25 6E B1 BE D6 E2 44 E5 ........ %n....D. >[030] 2E E7 3F 0B B2 44 01 A7 66 EF E2 9C 17 62 FF 66 ..?..D.. f....b.f >[040] 39 D5 11 B8 21 76 FD 2A 89 9A 27 4B 90 E5 99 3F 9...!v.* ..'K...? >[050] BB AF B6 F9 53 60 B4 32 40 F8 C4 DE 04 E1 79 79 ....S`.2 @.....yy >[060] 44 30 85 1E F1 0D 04 9F 22 55 A0 7F CA B8 6F 98 D0...... "U....o. >[070] 21 FD CA CB 7F 19 1E 4B 03 78 A3 A9 E4 53 B5 5D !......K .x...S.] >[080] E5 3F 76 FB 5D 99 17 19 85 19 64 6D 72 66 6E 67 .?v.]... ..dmrfng >[090] 3D B5 EF F9 E8 09 17 32 C6 6D E3 0D 4E 05 31 54 =......2 .m..N.1T >[0A0] 44 8B 94 AF 20 26 FC AC AF 32 09 33 55 68 3D 3C D... &.. .2.3Uh=< >[0B0] 09 28 B6 14 1F 54 E1 8B 6E 19 D9 C2 70 FF 6A FA .(...T.. n...p.j. >[0C0] DA 1E C3 97 6A 9A 3A E3 3A 9E 1B 01 77 74 10 5C ....j.:. :...wt.\ >[0D0] 37 32 FF AC AB 3F 40 2B 8B E0 9C 4B 95 C3 AB 42 72...?@+ ...K...B >[0E0] 7E 45 06 AA 50 09 E4 D5 13 08 01 01 25 E1 A0 87 ~E..P... ....%... >[0F0] B4 EA AA 7D 0C BA 96 0E 11 2C 07 AA 13 E5 ED 56 ...}.... .,.....V >[100] F9 56 46 01 70 98 E8 02 9F 3C 5B BF D2 9F 7B 1E .VF.p... .<[...{. >[110] A5 45 06 FC 06 AA EF 33 8B B1 1C 69 05 BC 9D A3 .E.....3 ...i.... >[120] F4 6E 47 8F FE 36 9D 91 D5 38 EE E0 4B FE 8F CF .nG..6.. .8..K... >[130] ED 8A B5 2B 17 B0 30 54 09 22 95 25 58 1C DA 4D ...+..0T .".%X..M >[140] 8E 4B BC CC 56 DA 2A 5A 0F 2C 3F 07 26 7A 2E B4 .K..V.*Z .,?.&z.. >[150] 99 53 7B C6 9E 1D F0 AE B9 C8 DB 32 65 00 94 E3 .S{..... ...2e... >[160] 7E B2 BD B8 D4 0E F0 0F 0F 55 6B FE 49 62 72 77 ~....... .Uk.Ibrw >[170] 04 E9 7C E6 4D B5 FD 44 06 06 00 01 00 00 00 77 ..|.M..D .......w >[180] 00 7A 00 FF FF 00 00 34 E8 0E 31 A7 AF D8 8B 5C .z.....4 ..1....\ >[190] 91 82 53 42 B7 8A 5B 30 7A 78 0F 5A BF B9 E5 ..SB..[0 zx.Z... >write_socket(11,486) >write_socket(11,486) wrote 486 >got smb length of 152 >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0D 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 A8 B0 B8 03 DE 9C ED . ...... ........ >[020] 65 21 59 FC 43 42 4E E0 63 5A FC 20 8E BA 7A 8E e!Y.CBN. cZ. ..z. >[030] AD 11 86 CF 3C FD 80 7B BF 44 06 00 00 01 00 00 ....<..{ .D...... >[040] 00 77 00 7A 00 FF FF 00 00 0E D3 46 B5 B1 95 D5 .w.z.... ...F.... >[050] 88 3C 93 0C 80 FC 64 79 EC 5B 9C 05 6A 4C 46 77 .<....dy .[..jLFw >[060] E8 . >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0D 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 A8 B0 B8 03 DE 9C ED . ...... ........ >[020] 65 21 59 FC 43 42 4E E0 63 5A FC 20 8E BA 7A 8E e!Y.CBN. cZ. ..z. >[030] AD 11 86 CF 3C FD 80 7B BF 44 06 00 00 01 00 00 ....<..{ .D...... >[040] 00 77 00 7A 00 FF FF 00 00 0E D3 46 B5 B1 95 D5 .w.z.... ...F.... >[050] 88 3C 93 0C 80 FC 64 79 EC 5B 9C 05 6A 4C 46 77 .<....dy .[..jLFw >[060] E8 . >rpc_check_hdr: rdata->data_size = 96 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0020 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 96 >rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: 0e d3 46 b5 b1 95 d5 88 > 0018 packet_digest: 3c 93 0c 80 fc 64 79 ec > 0020 confounder: 5b 9c 05 6a 4c 46 77 e8 >SCHANNEL: netsec_encode seq_num=7 data_len=32 >SCHANNEL: netsec_decode seq_num=7 data_len=32 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_sam_logon > 0018 buffer_creds: 00000000 > 00001c smb_io_cred > 00001c smb_io_chal > 001c data: 00 00 00 00 00 00 00 00 > 000024 smb_io_utime > 0024 time: 00000000 > 0028 switch_value: 0003 > 00002c net_io_user_info3 > 002c ptr_user_info : 00000000 > 0030 auth_resp : 00000001 > 0034 status : NT_STATUS_INVALID_HANDLE >NTLM CRAP authentication for user [CROPRAHA]\[uzivatel2] returned NT_STATUS_INVALID_HANDLE (PAM: 4) >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702 >accepted socket 15 >process_request: request fn INTERFACE_VERSION >[ 0]: request interface version >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 0]: request location of privileged pipe >accepted socket 16 >process_request: request fn PAM_AUTH >[ 0]: pam auth CROPRAHA\uzivatel2 >is_myname("CROPRAHA") returns 0 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 12 >process_request: request fn PAM_AUTH >[15700]: pam auth CROPRAHA\uzivatel2 >is_myname("CROPRAHA") returns 0 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: D55CA79DCE1D7DFA > timestamp: 4327ece0 > timecred : B549CFE0CE1D7DFA > calc_cred: F908AF9748E465F5 >init_id_info2: 1178 >make_logon_id: 1586 >init_sam_info: 1272 >make_clnt_info: 1501 >init_clnt_srv: 1346 >000000 net_io_q_sam_logon > 000000 smb_io_sam_info > 000000 smb_io_clnt_info2 > 000000 smb_io_clnt_srv > 0000 undoc_buffer : 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 0020 undoc_buffer2: 00000001 > 000024 smb_io_unistr2 unistr2 > 0024 uni_max_len: 00000008 > 0028 offset : 00000000 > 002c uni_str_len: 00000008 > 0030 buffer : M.S.F.S.3.7.0... > 0040 ptr_cred: 00000001 > 000044 smb_io_cred > 000044 smb_io_chal > 0044 data: f9 08 af 97 48 e4 65 f5 > 00004c smb_io_utime > 004c time: 4327ece0 > 0050 ptr_rtn_cred : 00000001 > 000054 smb_io_cred > 000054 smb_io_chal > 0054 data: 00 00 00 00 00 00 00 00 > 00005c smb_io_utime > 005c time: 00000000 > 0060 logon_level : 0002 > 000062 smb_io_sam_info logon_info > 0062 switch_value : 0002 > 000064 net_io_id_info2 > 0064 ptr_id_info2: 00000001 > 000068 smb_io_unihdr unihdr > 0068 uni_str_len: 0010 > 006a uni_max_len: 0010 > 006c buffer : 00000001 > 0070 param_ctrl: 00000000 > 000074 smb_io_logon_id > 0074 low : 0000dead > 0078 high: 0000beef > 00007c smb_io_unihdr unihdr > 007c uni_str_len: 0012 > 007e uni_max_len: 0012 > 0080 buffer : 00000001 > 000084 smb_io_unihdr unihdr > 0084 uni_str_len: 0012 > 0086 uni_max_len: 0012 > 0088 buffer : 00000001 > 008c lm_chal: 5f d2 d2 c1 5e e1 48 c8 > 000094 smb_io_strhdr hdr_nt_chal_resp > 0094 str_str_len: 0018 > 0096 str_max_len: 0018 > 0098 buffer : 00000001 > 00009c smb_io_strhdr hdr_lm_chal_resp > 009c str_str_len: 0018 > 009e str_max_len: 0018 > 00a0 buffer : 00000001 > 0000a4 smb_io_unistr2 uni_domain_name > 00a4 uni_max_len: 00000008 > 00a8 offset : 00000000 > 00ac uni_str_len: 00000008 > 00b0 buffer : C.R.O.P.R.A.H.A. > 0000c0 smb_io_unistr2 uni_user_name > 00c0 uni_max_len: 00000009 > 00c4 offset : 00000000 > 00c8 uni_str_len: 00000009 > 00cc buffer : u.z.i.v.a.t.e.l.2. > 0000de smb_io_unistr2 uni_wksta_name > 00e0 uni_max_len: 00000009 > 00e4 offset : 00000000 > 00e8 uni_str_len: 00000009 > 00ec buffer : \.\.M.S.F.S.3.7.0. > 0000fe smb_io_string2 nt_chal_resp > 0100 str_max_len: 00000018 > 0104 offset : 00000000 > 0108 str_str_len: 00000018 > 010c buffer : ....#7.K...g....HZ+..:N. > 000124 smb_io_string2 lm_chal_resp > 0124 str_max_len: 00000018 > 0128 offset : 00000000 > 012c str_str_len: 00000018 > 0130 buffer : .N..../9W(#M^..Q..n{pQ., > 0148 validation_level: 0003 >000150 smb_io_rpc_hdr_auth hdr_auth > 0150 auth_type : 44 > 0151 auth_level : 06 > 0152 auth_pad_len : 06 > 0153 auth_reserved: 00 > 0154 auth_context_id: 00000001 >SCHANNEL seq_num=8 >SCHANNEL: netsec_encode seq_num=8 data_len=336 >000158 smb_io_rpc_auth_netsec_chk > 0158 sig : 77 00 7a 00 ff ff 00 00 > 0160 seq_num: 85 f3 5a ed fc c9 8e 14 > 0168 packet_digest: c7 a4 5e b2 aa 3e 1e 86 > 0170 confounder: 83 ce 2d cb 22 2f 49 ae >create_rpc_request: opnum: 0x2 data_len: 0x190 >create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0190 > 000a auth_len : 0020 > 000c call_id : 0000000e >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000158 > 0014 context_id: 0000 > 0016 opnum : 0002 >rpc_api_pipe: fnum:73e4 >size=482 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=22 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 400 (0x190) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29668 (0x73E4) >smb_bcc=415 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 01 20 00 0E 00 00 00 58 ........ . .....X >[020] 01 00 00 00 00 02 00 40 A2 AF 33 35 F0 54 AA 1E .......@ ..35.T.. >[030] 92 53 5F A6 9B 3A 36 BF C4 50 35 67 9A 87 04 DC .S_..:6. .P5g.... >[040] 6E 39 E3 95 DD 68 DE 47 EF 22 A6 F0 42 31 3C DC n9...h.G ."..B1<. >[050] 8C B6 AD A4 64 2A AE 86 9C B4 78 F3 9D 25 75 31 ....d*.. ..x..%u1 >[060] 14 46 EF 3D EB 80 93 01 D6 98 63 AF 34 64 BE 9A .F.=.... ..c.4d.. >[070] BE 26 A0 64 71 C5 13 2C DC ED 34 AB 46 A2 10 88 .&.dq.., ..4.F... >[080] A9 1F BD 38 56 65 C7 25 49 7C F9 D1 45 78 9F 2F ...8Ve.% I|..Ex./ >[090] 3D 5B BC AB 76 4D 8C DD C4 79 15 0E D4 02 61 D7 =[..vM.. .y....a. >[0A0] 26 FD 42 6F 2C DA 8B E8 6D D4 55 35 E4 1D E9 48 &.Bo,... m.U5...H >[0B0] E0 63 36 F1 05 42 79 ED 13 11 F7 CC DD E8 4A E6 .c6..By. ......J. >[0C0] B1 94 A5 E7 66 25 96 AA DE CA F7 2C 71 CA 4C 88 ....f%.. ...,q.L. >[0D0] D1 05 97 1C 67 73 43 81 B6 79 E9 72 00 4F 4C B3 ....gsC. .y.r.OL. >[0E0] 3C C1 F7 32 CB DA 0C CB 3D E6 28 46 AC C0 FB B0 <..2.... =.(F.... >[0F0] 9D E5 40 CC BD 99 96 DB 7C 50 5C 67 D1 0D B7 CF ..@..... |P\g.... >[100] 6E 45 3F D2 D5 6F 38 FA DA C1 B0 96 C6 04 45 F5 nE?..o8. ......E. >[110] 04 19 EC 47 0F C4 38 01 3B D5 DA AE B7 93 A2 69 ...G..8. ;......i >[120] 46 2D 4B A4 F5 FE AD B2 C9 65 C8 32 29 62 7B 9E F-K..... .e.2)b{. >[130] 36 13 71 D6 75 99 BF 04 70 F1 3F 7C 96 46 49 DF 6.q.u... p.?|.FI. >[140] 45 18 20 73 59 6A BD 8E AD 5D FB 2D 41 C9 4B ED E. sYj.. .].-A.K. >[150] F4 51 D4 AA 27 C8 AD 8F C8 93 14 75 86 ED 31 F5 .Q..'... ...u..1. >[160] 27 3C 3D AB 20 57 AD 66 4D D3 3C 44 23 A4 36 93 '<=. W.f M.<D#.6. >[170] 41 35 F0 14 FE F4 1F 44 06 06 00 01 00 00 00 77 A5.....D .......w >[180] 00 7A 00 FF FF 00 00 85 F3 5A ED FC C9 8E 14 C7 .z...... .Z...... >[190] A4 5E B2 AA 3E 1E 86 83 CE 2D CB 22 2F 49 AE .^..>... .-."/I. >write_socket(11,486) >write_socket(11,486) wrote 486 >got smb length of 152 >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0E 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 9F 6D 5D BE DD 8B CA . ...... ..m].... >[020] AC AD 1A E6 F3 37 97 0E 34 64 3C 2C ED 14 65 D4 .....7.. 4d<,..e. >[030] 42 AD 20 14 8E AE 58 14 12 44 06 00 00 01 00 00 B. ...X. .D...... >[040] 00 77 00 7A 00 FF FF 00 00 66 A0 4A 7A 16 6C 2D .w.z.... .f.Jz.l- >[050] DE 83 A4 59 61 DC 7C 1D 41 6A 59 68 70 24 87 9D ...Ya.|. AjYhp$.. >[060] D9 . >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0E 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 9F 6D 5D BE DD 8B CA . ...... ..m].... >[020] AC AD 1A E6 F3 37 97 0E 34 64 3C 2C ED 14 65 D4 .....7.. 4d<,..e. >[030] 42 AD 20 14 8E AE 58 14 12 44 06 00 00 01 00 00 B. ...X. .D...... >[040] 00 77 00 7A 00 FF FF 00 00 66 A0 4A 7A 16 6C 2D .w.z.... .f.Jz.l- >[050] DE 83 A4 59 61 DC 7C 1D 41 6A 59 68 70 24 87 9D ...Ya.|. AjYhp$.. >[060] D9 . >rpc_check_hdr: rdata->data_size = 96 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0020 > 000c call_id : 0000000e >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 96 >rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: 66 a0 4a 7a 16 6c 2d de > 0018 packet_digest: 83 a4 59 61 dc 7c 1d 41 > 0020 confounder: 6a 59 68 70 24 87 9d d9 >SCHANNEL: netsec_encode seq_num=9 data_len=32 >SCHANNEL: netsec_decode seq_num=9 data_len=32 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_sam_logon > 0018 buffer_creds: 00000000 > 00001c smb_io_cred > 00001c smb_io_chal > 001c data: 00 00 00 00 00 00 00 00 > 000024 smb_io_utime > 0024 time: 00000000 > 0028 switch_value: 0003 > 00002c net_io_user_info3 > 002c ptr_user_info : 00000000 > 0030 auth_resp : 00000001 > 0034 status : NT_STATUS_INVALID_HANDLE >Plain-text authentication for user CROPRAHA\uzivatel2 returned NT_STATUS_INVALID_HANDLE (PAM: 4) >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702 >process_request: request fn INFO >[ 0]: request misc info >process_request: request fn AUTH_CRAP >[ 0]: pam auth crap domain: [CROPRAHA] user: uzivatel2 >is_myname("CROPRAHA") returns 0 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 13 >process_request: request fn AUTH_CRAP >[15700]: pam auth crap domain: CROPRAHA user: uzivatel2 >is_myname("CROPRAHA") returns 0 >cred_create > sess_key : 8FE37BD120A40267 > stor_cred: D55CA79DCE1D7DFA > timestamp: 4327ece0 > timecred : B549CFE0CE1D7DFA > calc_cred: F908AF9748E465F5 >init_id_info2: 1178 >make_logon_id: 1586 >init_sam_info: 1272 >make_clnt_info: 1501 >init_clnt_srv: 1346 >000000 net_io_q_sam_logon > 000000 smb_io_sam_info > 000000 smb_io_clnt_info2 > 000000 smb_io_clnt_srv > 0000 undoc_buffer : 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 00000008 > 0008 offset : 00000000 > 000c uni_str_len: 00000008 > 0010 buffer : \.\.M.S.D.S.1... > 0020 undoc_buffer2: 00000001 > 000024 smb_io_unistr2 unistr2 > 0024 uni_max_len: 00000008 > 0028 offset : 00000000 > 002c uni_str_len: 00000008 > 0030 buffer : M.S.F.S.3.7.0... > 0040 ptr_cred: 00000001 > 000044 smb_io_cred > 000044 smb_io_chal > 0044 data: f9 08 af 97 48 e4 65 f5 > 00004c smb_io_utime > 004c time: 4327ece0 > 0050 ptr_rtn_cred : 00000001 > 000054 smb_io_cred > 000054 smb_io_chal > 0054 data: 00 00 00 00 00 00 00 00 > 00005c smb_io_utime > 005c time: 00000000 > 0060 logon_level : 0002 > 000062 smb_io_sam_info logon_info > 0062 switch_value : 0002 > 000064 net_io_id_info2 > 0064 ptr_id_info2: 00000001 > 000068 smb_io_unihdr unihdr > 0068 uni_str_len: 0010 > 006a uni_max_len: 0010 > 006c buffer : 00000001 > 0070 param_ctrl: 00000000 > 000074 smb_io_logon_id > 0074 low : 0000dead > 0078 high: 0000beef > 00007c smb_io_unihdr unihdr > 007c uni_str_len: 0012 > 007e uni_max_len: 0012 > 0080 buffer : 00000001 > 000084 smb_io_unihdr unihdr > 0084 uni_str_len: 0012 > 0086 uni_max_len: 0012 > 0088 buffer : 00000001 > 008c lm_chal: 81 f2 17 98 b1 b4 fd 3e > 000094 smb_io_strhdr hdr_nt_chal_resp > 0094 str_str_len: 0018 > 0096 str_max_len: 0018 > 0098 buffer : 00000001 > 00009c smb_io_strhdr hdr_lm_chal_resp > 009c str_str_len: 0018 > 009e str_max_len: 0018 > 00a0 buffer : 00000001 > 0000a4 smb_io_unistr2 uni_domain_name > 00a4 uni_max_len: 00000008 > 00a8 offset : 00000000 > 00ac uni_str_len: 00000008 > 00b0 buffer : C.R.O.P.R.A.H.A. > 0000c0 smb_io_unistr2 uni_user_name > 00c0 uni_max_len: 00000009 > 00c4 offset : 00000000 > 00c8 uni_str_len: 00000009 > 00cc buffer : u.z.i.v.a.t.e.l.2. > 0000de smb_io_unistr2 uni_wksta_name > 00e0 uni_max_len: 00000009 > 00e4 offset : 00000000 > 00e8 uni_str_len: 00000009 > 00ec buffer : \.\.M.S.F.S.3.7.0. > 0000fe smb_io_string2 nt_chal_resp > 0100 str_max_len: 00000018 > 0104 offset : 00000000 > 0108 str_str_len: 00000018 > 010c buffer : C.....J7..k.n.....Uy.._. > 000124 smb_io_string2 lm_chal_resp > 0124 str_max_len: 00000018 > 0128 offset : 00000000 > 012c str_str_len: 00000018 > 0130 buffer : .......;.GR.B..._2...... > 0148 validation_level: 0003 >000150 smb_io_rpc_hdr_auth hdr_auth > 0150 auth_type : 44 > 0151 auth_level : 06 > 0152 auth_pad_len : 06 > 0153 auth_reserved: 00 > 0154 auth_context_id: 00000001 >SCHANNEL seq_num=10 >SCHANNEL: netsec_encode seq_num=10 data_len=336 >000158 smb_io_rpc_auth_netsec_chk > 0158 sig : 77 00 7a 00 ff ff 00 00 > 0160 seq_num: a0 e7 54 e6 fa 02 56 98 > 0168 packet_digest: db ba 29 d7 b9 5c 60 51 > 0170 confounder: 73 73 7f 4c 14 3f 42 d9 >create_rpc_request: opnum: 0x2 data_len: 0x190 >create_rpc_request: data_len: 190 auth_len: 20 alloc_hint: 158 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0190 > 000a auth_len : 0020 > 000c call_id : 0000000f >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000158 > 0014 context_id: 0000 > 0016 opnum : 0002 >rpc_api_pipe: fnum:73e4 >size=482 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=23 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 400 (0x190) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=29668 (0x73E4) >smb_bcc=415 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 01 20 00 0F 00 00 00 58 ........ . .....X >[020] 01 00 00 00 00 02 00 1D 09 E1 27 1F 6E 3F C5 58 ........ ..'.n?.X >[030] 2E 6B BB E3 14 FE F0 AB 2F 23 AF D3 04 82 8C B7 .k...... /#...... >[040] 08 F6 3A 40 2D 88 88 32 F1 73 3C 2E 2E 85 8D 3A ..:@-..2 .s<....: >[050] 2A 9B C1 FE 93 37 7A D9 28 36 EA 01 34 81 E1 AE *....7z. (6..4... >[060] 8A A7 50 EC EF 19 8F 0F E3 EA A7 AC E4 7D 4E 39 ..P..... .....}N9 >[070] 0B 23 8E 26 4C DA 41 32 CE 50 E9 2A 8B FF C0 B6 .#.&L.A2 .P.*.... >[080] 1F FC 7F 94 F9 A8 0E 72 34 ED D5 36 AF FC DC 48 .......r 4..6...H >[090] 2E 8A 10 23 CD 67 A7 EE EC 09 F0 9E 29 D7 8A 42 ...#.g.. ....)..B >[0A0] D6 83 6B 61 37 42 55 21 F4 78 C1 24 D7 22 06 B9 ..ka7BU! .x.$.".. >[0B0] 92 F7 A8 94 56 EA 0A 8B 29 9E 84 2E 91 BA 90 98 ....V... )....... >[0C0] 16 F1 FB E7 ED B4 1E 5D B5 57 29 16 B3 02 B8 C3 .......] .W)..... >[0D0] F2 0D E0 75 EA E3 89 70 7C DE 05 5E 5A 11 DC 3A ...u...p |..^Z..: >[0E0] A6 A5 9E FF 35 00 35 DD 8E E3 EA E4 0A 2C C2 49 ....5.5. .....,.I >[0F0] 54 2D C9 3C 08 B8 07 04 CE 23 20 D0 E4 5D 5A D5 T-.<.... .# ..]Z. >[100] C5 92 6E 6D 10 FF FC 1D 63 82 ED B3 C8 39 90 B3 ..nm.... c....9.. >[110] EB F5 60 28 76 AC C3 47 9F 6E 39 6A C8 77 EE 07 ..`(v..G .n9j.w.. >[120] 6C A0 4A F4 8C D2 78 41 58 3D 0A E9 A9 09 F4 27 l.J...xA X=.....' >[130] 0E 15 4D 7C 7D 60 19 1B F8 CA 1E 6A 76 4B 51 CF ..M|}`.. ...jvKQ. >[140] 45 33 81 B9 A7 4B AA D6 E2 66 54 65 9C AF 78 77 E3...K.. .fTe..xw >[150] C3 55 55 4F 85 26 C8 50 16 4C 12 20 2D 5A EE CE .UUO.&.P .L. -Z.. >[160] 2D 00 7E AC 83 59 85 3B 38 9B A1 25 39 BC F0 83 -.~..Y.; 8..%9... >[170] CA 56 E0 A1 06 AE 6B 44 06 06 00 01 00 00 00 77 .V....kD .......w >[180] 00 7A 00 FF FF 00 00 A0 E7 54 E6 FA 02 56 98 DB .z...... .T...V.. >[190] BA 29 D7 B9 5C 60 51 73 73 7F 4C 14 3F 42 D9 .)..\`Qs s.L.?B. >write_socket(11,486) >write_socket(11,486) wrote 486 >got smb length of 152 >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=23 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0F 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 D0 CD 71 62 2C E5 7C . ...... ...qb,.| >[020] 87 5D 5C 04 BC 1B 2E 19 D7 65 62 2C 20 5C F7 C2 .]\..... .eb, \.. >[030] 30 CF 44 FD F3 D5 18 17 C7 44 06 00 00 01 00 00 0.D..... .D...... >[040] 00 77 00 7A 00 FF FF 00 00 0E F4 8D 14 6C 54 D9 .w.z.... .....lT. >[050] 46 AC 24 00 FD 16 FE CC 0B D0 91 38 33 98 68 4C F.$..... ...83.hL >[060] 92 . >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=1 >smb_pid=15702 >smb_uid=100 >smb_mid=23 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 0F 00 00 ........ .`. .... >[010] 00 20 00 00 00 00 00 00 00 D0 CD 71 62 2C E5 7C . ...... ...qb,.| >[020] 87 5D 5C 04 BC 1B 2E 19 D7 65 62 2C 20 5C F7 C2 .]\..... .eb, \.. >[030] 30 CF 44 FD F3 D5 18 17 C7 44 06 00 00 01 00 00 0.D..... .D...... >[040] 00 77 00 7A 00 FF FF 00 00 0E F4 8D 14 6C 54 D9 .w.z.... .....lT. >[050] 46 AC 24 00 FD 16 FE CC 0B D0 91 38 33 98 68 4C F.$..... ...83.hL >[060] 92 . >rpc_check_hdr: rdata->data_size = 96 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0020 > 000c call_id : 0000000f >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 96 >rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: 0e f4 8d 14 6c 54 d9 46 > 0018 packet_digest: ac 24 00 fd 16 fe cc 0b > 0020 confounder: d0 91 38 33 98 68 4c 92 >SCHANNEL: netsec_encode seq_num=11 data_len=32 >SCHANNEL: netsec_decode seq_num=11 data_len=32 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_sam_logon > 0018 buffer_creds: 00000000 > 00001c smb_io_cred > 00001c smb_io_chal > 001c data: 00 00 00 00 00 00 00 00 > 000024 smb_io_utime > 0024 time: 00000000 > 0028 switch_value: 0003 > 00002c net_io_user_info3 > 002c ptr_user_info : 00000000 > 0030 auth_resp : 00000001 > 0034 status : NT_STATUS_INVALID_HANDLE >NTLM CRAP authentication for user [CROPRAHA]\[uzivatel2] returned NT_STATUS_INVALID_HANDLE (PAM: 4) >Storing response for pid 15702, len 1300 >Retrieving response for pid 15702
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 3095
:
1443
| 1444 |
1446
|
1447
|
1451