The Samba-Bugzilla – Attachment 1952 Details for
Bug 3827
Unable to retrieve user groups
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Level 10 log of winbind, startup to -r fail
log.winbindd.sv (text/plain), 345.21 KB, created by
Doug VanLeuven
on 2006-06-07 13:32:35 UTC
(
hide
)
Description:
Level 10 log of winbind, startup to -r fail
Filename:
MIME Type:
Creator:
Doug VanLeuven
Created:
2006-06-07 13:32:35 UTC
Size:
345.21 KB
patch
obsolete
>[2006/06/07 11:02:58, 1] nsswitch/winbindd.c:main(953) > winbindd version 3.0.23pre2-SVN-build-15985 started. > Copyright The Samba Team 2000-2004 >[2006/06/07 11:02:58, 5] lib/debug.c:debug_dump_status(391) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > doing parameter syslog = 1 > doing parameter log file = /usr/local/samba3/var/log.%m > doing parameter max log size = 70550 > doing parameter idmap backend = ad > doing parameter use kerberos keytab = yes > doing parameter idmap uid = 30000-39999 > doing parameter idmap gid = 30000-39999 > doing parameter template shell = /bin/bash > doing parameter winbind trusted domains only = yes > doing parameter winbind nss info = sfu template > doing parameter winbind enum users = yes > doing parameter passdb backend = smbpasswd > doing parameter deadtime = 15 > doing parameter wins server = 192.168.200.35 > doing parameter guest account = guest > doing parameter create mask = 0664 > doing parameter directory mask = 0775 > doing parameter load printers = yes > doing parameter printing = cups > doing parameter printcap name = cups > doing parameter socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 > doing parameter keepalive = 0 > doing parameter interfaces = 192.168.200.25 >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[printers]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 0 for printers >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2536) > hash_a_service: creating tdb servicehash >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 0 for service name printers > doing parameter comment = SMB Print Spool > doing parameter path = /var/spool/samba > doing parameter browseable = no > doing parameter public = yes > doing parameter guest ok = no > doing parameter writable = no > doing parameter printable = yes > doing parameter write list = doug,root,administrator >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[print$]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 1 for print$ >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 1 for service name print$ > doing parameter comment = Printer Drivers > doing parameter path = /usr/local/samba3/drivers > doing parameter admin users = doug,root,administrator > doing parameter read only = yes > doing parameter write list = doug,root,administrator > doing parameter include = /usr/local/samba3/lib/smb.services >[2006/06/07 11:02:58, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file "/usr/local/samba3/lib/smb.services" >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[homes]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 2 for homes >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 2 for service name homes > doing parameter comment = Home Directories > doing parameter read only = No > doing parameter browseable = No > doing parameter dont descend = .gnome-desktop > doing parameter hide files = .desktop.ini/ntuser.dat > doing parameter csc policy = disable >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[netlogon]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 3 for netlogon >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 3 for service name netlogon > doing parameter comment = Network Logon Service > doing parameter root preexec = fortune |unix2dos > /home/netlogon/motd.txt;cp /home/netlogon/motd.txt /home/public/motd.txt > doing parameter path = /home/netlogon > doing parameter browseable = Yes > doing parameter writable = no >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[Profiles]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 4 for Profiles >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 4 for service name Profiles > doing parameter path = /home/profiles > doing parameter read only = no > doing parameter browseable = yes > doing parameter nt acl support = no > doing parameter create mask = 0600 > doing parameter directory mask = 0700 > doing parameter hide files = desktop.ini/ntuser.*/USER.* > doing parameter csc policy = disable >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[profilesNT]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 5 for profilesNT >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 5 for service name profilesNT > doing parameter comment = Roaming Profiles for 2000 domain > doing parameter path = /home/profilesNT > doing parameter nt acl support = no > doing parameter create mask = 0711 > doing parameter directory mask = 0711 > doing parameter read only = no > doing parameter csc policy = disable > doing parameter map system = yes > doing parameter map hidden = yes > doing parameter map archive = yes >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[test]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 6 for test >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 6 for service name test > doing parameter comment = Temporary file space > doing parameter path = /tmp > doing parameter read only = No > doing parameter create mask = 0775 > doing parameter strict locking = yes >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[temp]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 7 for temp >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 7 for service name temp > doing parameter comment = Temporary file space > doing parameter path = /tmp > doing parameter read only = No > doing parameter create mask = 0777 > doing parameter nt acl support = yes > doing parameter ea support = yes >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[public]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 8 for public >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 8 for service name public > doing parameter comment = Public Stuff > doing parameter path = /home/public > doing parameter write list = @staff > doing parameter read only = No > doing parameter create mask = 0666 >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[web_folder]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 9 for web_folder >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 9 for service name web_folder > doing parameter comment = Web publishing directory > doing parameter path = /var/www/pubhtml/pictures > doing parameter write list = @staff > doing parameter read only = No > doing parameter create mask = 0775 >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[download]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 10 for download >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 10 for service name download > doing parameter comment = Download Area > doing parameter path = /vol/download > doing parameter write list = @staff > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[vol]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 11 for vol >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 11 for service name vol > doing parameter comment = Download Area > doing parameter path = /vol > doing parameter write list = @staff > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[POBox]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 12 for POBox >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 12 for service name POBox > doing parameter comment = MS Post Office > doing parameter path = /home/POBox > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[www]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 13 for www >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 13 for service name www > doing parameter comment = http root > doing parameter path = /var/www/html > doing parameter write list = @staff > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[amanda]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 14 for amanda >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 14 for service name amanda > doing parameter comment = Amanda archive > doing parameter path = /var/lib/amanda > doing parameter admin users = administrator > doing parameter write list = @staff,@finances > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[winapps]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 15 for winapps >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 15 for service name winapps > doing parameter comment = Shared Windows Applications > doing parameter path = /winapps > doing parameter admin users = administrator > doing parameter write list = @staff,@finances > doing parameter read only = No > doing parameter nt acl support = no >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[opt]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 16 for opt >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 16 for service name opt > doing parameter comment = Shared Unix Applications > doing parameter path = /opt > doing parameter admin users = administrator > doing parameter write list = @wheel,@finances > doing parameter read only = No > doing parameter nt acl support = no >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[photo_cd2]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 17 for photo_cd2 >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 17 for service name photo_cd2 > doing parameter comment = MS PhotoDraw CD #2 > doing parameter path = /winapps/ms/photodrw > doing parameter admin users = administrator > doing parameter write list = @staff,@finances > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[photocd2]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 18 for photocd2 >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 18 for service name photocd2 > doing parameter comment = MS PhotoDraw CD #2 > doing parameter path = /winapps/ms/photodrw > doing parameter admin users = administrator > doing parameter write list = @staff,@finances > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[games]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 19 for games >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 19 for service name games > doing parameter comment = Windows Games > doing parameter path = /winapps/games > doing parameter admin users = administrator > doing parameter write list = @staff > doing parameter read only = No > doing parameter nt acl support = no >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[docs]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 20 for docs >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 20 for service name docs > doing parameter comment = Unix Documentation > doing parameter path = /usr/share/doc >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[cdrom]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 21 for cdrom >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 21 for service name cdrom > doing parameter comment = CD-ROM > doing parameter path = /mnt/cdrom > doing parameter fake oplocks = Yes >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[pub-html]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 22 for pub-html >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 22 for service name pub-html > doing parameter comment = test isp http root > doing parameter path = /home/httpd/isp_html > doing parameter write list = @staff > doing parameter read only = No >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[Installs]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 23 for Installs >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 23 for service name Installs > doing parameter comment = sysprep distribution point > doing parameter path = /vol/stor/Installs > doing parameter write list = @staff > doing parameter read only = No > doing parameter create mask = 0666 >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[vfs]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 24 for vfs >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 24 for service name vfs > doing parameter comment = Audit test directory > doing parameter path = /tmp > doing parameter vfs objects = audit > doing parameter writeable = yes > doing parameter browseable = yes >[2006/06/07 11:02:58, 2] param/loadparm.c:do_section(3708) > Processing section "[top-dir]" >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 25 for top-dir >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 25 for service name top-dir > doing parameter comment = Root Directory > doing parameter path = / > doing parameter valid users = administrator doug > doing parameter admin users = administrator doug > doing parameter read only = No > doing parameter dont descend = /proc ./proc /dev proc dev > doing parameter guest ok = No > doing parameter include = /usr/local/samba3/lib/smb.services.%U >[2006/06/07 11:02:58, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file "/usr/local/samba3/lib/smb.services." >[2006/06/07 11:02:58, 4] param/loadparm.c:lp_load(4980) > pm_process() returned Yes >[2006/06/07 11:02:58, 8] param/loadparm.c:add_a_service(2499) > add_a_service: Creating snum = 26 for IPC$ >[2006/06/07 11:02:58, 10] param/loadparm.c:hash_a_service(2546) > hash_a_service: hashing index 26 for service name IPC$ >[2006/06/07 11:02:58, 3] param/loadparm.c:lp_add_ipc(2633) > adding IPC service >[2006/06/07 11:02:58, 10] param/loadparm.c:set_server_role(4225) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2006/06/07 11:02:58, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.200.25 bcast=192.168.200.255 nmask=255.255.255.0 >[2006/06/07 11:02:58, 5] lib/util.c:init_names(286) > Netbios name list:- > my_netbios_names[0]="GATE" >[2006/06/07 11:02:58, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.200.25 bcast=192.168.200.255 nmask=255.255.255.0 >[2006/06/07 11:02:58, 5] lib/gencache.c:gencache_init(59) > Opening cache file at /usr/local/samba3/var/locks/gencache.tdb >[2006/06/07 11:02:58, 5] libsmb/namecache.c:namecache_enable(58) > namecache_enable: enabling netbios namecache, timeout 660 seconds >[2006/06/07 11:02:58, 5] sam/idmap.c:smb_register_idmap(93) > smb_register_idmap: Successfully added idmap backend 'ldap' >[2006/06/07 11:02:58, 5] sam/idmap.c:smb_register_idmap(93) > smb_register_idmap: Successfully added idmap backend 'tdb' >[2006/06/07 11:02:58, 10] sam/idmap_tdb.c:db_idmap_init(462) > db_idmap_init: Opening tdbfile /usr/local/samba3/var/locks/winbindd_idmap.tdb >[2006/06/07 11:02:58, 3] sam/idmap.c:idmap_init(142) > idmap_init: using 'ad' as remote backend >[2006/06/07 11:02:58, 5] lib/module.c:smb_probe_module(108) > Probing module 'ad' >[2006/06/07 11:02:58, 5] lib/module.c:smb_probe_module(119) > Probing module 'ad': Trying to load from /usr/local/samba3/lib/idmap/ad.so >[2006/06/07 11:02:58, 2] lib/module.c:do_smb_load_module(64) > Module '/usr/local/samba3/lib/idmap/ad.so' loaded >[2006/06/07 11:02:58, 5] sam/idmap.c:smb_register_idmap(93) > smb_register_idmap: Successfully added idmap backend 'ad' >[2006/06/07 11:02:58, 8] lib/util.c:fcntl_lock(1952) > fcntl_lock fd=8 op=13 offset=0 count=1 type=1 >[2006/06/07 11:02:58, 8] lib/util.c:fcntl_lock(1971) > fcntl_lock: Lock call successful >[2006/06/07 11:02:58, 4] lib/time.c:TimeInit(136) > TimeInit: Serverzone is 25200 >[2006/06/07 11:02:58, 2] lib/tallocmsg.c:register_msg_pool_usage(61) > Registered MSG_REQ_POOL_USAGE >[2006/06/07 11:02:58, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2006/06/07 11:02:58, 2] nsswitch/winbindd_util.c:add_trusted_domain(175) > Added domain FOREST NT.LDXNET.COM S-1-5-21-484763869-746137067-1343024091 >[2006/06/07 11:02:58, 2] nsswitch/winbindd_util.c:add_trusted_domain(175) > Added domain GATE S-1-5-21-3088879221-4048462968-515935220 >[2006/06/07 11:02:58, 2] nsswitch/winbindd_util.c:add_trusted_domain(175) > Added domain BUILTIN S-1-5-32 >[2006/06/07 11:02:58, 10] lib/events.c:add_timed_event(77) > Added timed event "account_lockout_policy_handler": 82bccf0 >[2006/06/07 11:02:58, 10] lib/events.c:run_events(100) > Running event "account_lockout_policy_handler" 82bccf0 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_dual.c:account_lockout_policy_handler(529) > account_lockout_policy_handler called >[2006/06/07 11:02:58, 10] lib/events.c:timed_event_destructor(30) > Destroying timed event 82bccf0 "account_lockout_policy_handler" >[2006/06/07 11:02:58, 8] nsswitch/winbindd_cm.c:connection_ok(898) > Connection to for domain FOREST has NULL cli! >[2006/06/07 11:02:58, 10] lib/gencache.c:gencache_get(272) > Returning valid cache entry: key = SAF/DOMAIN/FOREST, value = 192.168.200.35, timeout = Wed Jun 7 11:17:56 2006 >[2006/06/07 11:02:58, 5] libsmb/namequery.c:saf_fetch(108) > saf_fetch: Returning "192.168.200.35" for "FOREST" domain >[2006/06/07 11:02:58, 8] lib/util.c:fcntl_lock(1952) > fcntl_lock fd=13 op=13 offset=0 count=1 type=0 >[2006/06/07 11:02:58, 3] lib/util.c:fcntl_lock(1965) > fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) >[2006/06/07 11:02:58, 4] libsmb/clidgram.c:cli_send_mailslot(100) > send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from GATE<00> to FOREST<1c> IP 192.168.200.35 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_util.c:open_winbindd_socket(913) > open_winbindd_socket: opened socket fd 12 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_util.c:open_winbindd_priv_socket(925) > open_winbindd_priv_socket: opened socket fd 14 >[2006/06/07 11:02:58, 5] nsswitch/winbindd_cm.c:receive_getdc_response(530) > Received packet for \MAILSLOT\NET\GETDC23C8A8C0 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cm.c:receive_getdc_response(574) > GetDC gave name RANGER1 for domain FOREST >[2006/06/07 11:02:58, 5] libsmb/namecache.c:namecache_store(131) > namecache_store: storing 1 address for RANGER1#20: 192.168.200.35:0 >[2006/06/07 11:02:58, 10] lib/gencache.c:gencache_set(130) > Adding cache entry with key = NBT/RANGER1#20; value = 192.168.200.35:0 and timeout = Wed Jun 7 11:13:58 2006 > (660 seconds ahead) >[2006/06/07 11:02:58, 10] libsmb/namequery.c:internal_resolve_name(1112) > internal_resolve_name: looking up RANGER1#20 >[2006/06/07 11:02:58, 10] lib/gencache.c:gencache_get(272) > Returning valid cache entry: key = NBT/RANGER1#20, value = 192.168.200.35:0, timeout = Wed Jun 7 11:13:58 2006 >[2006/06/07 11:02:58, 5] libsmb/namecache.c:namecache_fetch(201) > name RANGER1#20 found. >[2006/06/07 11:02:58, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(91) > cm_get_ipc_userpass: Retrieved auth-user from secrets.tdb [FOREST\administrator] >[2006/06/07 11:02:58, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for RANGER1 >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,183) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,183) wrote 183 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 179 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=179 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55297 > smb_tid=0 > smb_pid=32155 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=24704 (0x6080) > smb_vwv[12]= 2520 (0x9D8) > smb_vwv[13]=23708 (0x5C9C) > smb_vwv[14]=50826 (0xC68A) > smb_vwv[15]=41985 (0xA401) > smb_vwv[16]= 1 (0x1) > smb_bcc=110 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] CA A8 09 C4 73 11 B8 46 AC C0 B0 20 AE A4 5F AB ʨ.Äs.¸F ¬À° ®¤_« > [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 30 `\..+... .. R0P 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 1C 30 1A A0 18 1B 16 72 61 6E 67 65 72 31 24 £.0. ... ranger1$ > [060] 40 4E 54 2E 4C 44 58 4E 45 54 2E 43 4F 4D @NT.LDXN ET.COM >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=179 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55297 > smb_tid=0 > smb_pid=32155 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=24704 (0x6080) > smb_vwv[12]= 2520 (0x9D8) > smb_vwv[13]=23708 (0x5C9C) > smb_vwv[14]=50826 (0xC68A) > smb_vwv[15]=41985 (0xA401) > smb_vwv[16]= 1 (0x1) > smb_bcc=110 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] CA A8 09 C4 73 11 B8 46 AC C0 B0 20 AE A4 5F AB ʨ.Äs.¸F ¬À° ®¤_« > [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 30 `\..+... .. R0P 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 1C 30 1A A0 18 1B 16 72 61 6E 67 65 72 31 24 £.0. ... ranger1$ > [060] 40 4E 54 2E 4C 44 58 4E 45 54 2E 43 4F 4D @NT.LDXN ET.COM >[2006/06/07 11:02:58, 5] nsswitch/winbindd_cm.c:cm_prepare_connection(272) > connecting to RANGER1 from GATE with kerberos principal [GATE$@NT.LDXNET.COM] >[2006/06/07 11:02:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(723) > Doing spnego session setup (blob length=110) >[2006/06/07 11:02:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(748) > got OID=1 2 840 48018 1 2 2 >[2006/06/07 11:02:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(748) > got OID=1 2 840 113554 1 2 2 >[2006/06/07 11:02:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(748) > got OID=1 2 840 113554 1 2 2 3 >[2006/06/07 11:02:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(748) > got OID=1 3 6 1 4 1 311 2 2 10 >[2006/06/07 11:02:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(757) > got principal=ranger1$@NT.LDXNET.COM >[2006/06/07 11:02:58, 10] libads/kerberos.c:kerberos_kinit_password_ext(88) > kerberos_kinit_password: using MEMORY:cliconnect as ccache >[2006/06/07 11:02:58, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(546) > Doing kerberos session setup >[2006/06/07 11:02:58, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Wed, 07 Jun 2006 21:02:58 PDT >[2006/06/07 11:02:58, 10] libsmb/clikrb5.c:ads_krb5_mk_req(581) > ads_krb5_mk_req: Ticket (ranger1$@NT.LDXNET.COM) in ccache (MEMORY:cliconnect) is valid until: (Wed, 07 Jun 2006 21:02:58 PDT - 1149739378) >[2006/06/07 11:02:58, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) > Got KRB5 session key of length 16 >[2006/06/07 11:02:58, 5] libsmb/smb_signing.c:set_smb_signing_real_common(124) > SMB signing enabled! >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:cli_simple_set_signing(446) > cli_simple_set_signing: user_session_key >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] E0 0F 86 D5 51 CB 62 E9 1A 45 38 02 E0 CF 8C 50 à..ÕQËbé .E8.àÏ.P >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:cli_simple_set_signing(454) > cli_simple_set_signing: NULL response_data >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] F8 0F 6F 76 93 ED 63 9B ø.ov.íc. >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,1242) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,1242) wrote 1242 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 197 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=197 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=0 > smb_pid=32155 > smb_uid=63490 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 197 (0xC5) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 26 (0x1A) > smb_bcc=154 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ¡.0. ... .¡...*.H > [010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E .÷....¢. ...W.i.n > [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n > [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 1 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 1: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 8C D9 37 41 9A FE 26 F6 .Ù7A.þ&ö >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=197 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=0 > smb_pid=32155 > smb_uid=63490 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 197 (0xC5) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 26 (0x1A) > smb_bcc=154 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ¡.0. ... .¡...*.H > [010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E .÷....¢. ...W.i.n > [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n > [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >[2006/06/07 11:02:58, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user GATE$ domain FOREST >[2006/06/07 11:02:58, 10] libsmb/namequery.c:saf_store(71) > saf_store: domain = [FOREST], server = [RANGER1], expire = [1149704278] >[2006/06/07 11:02:58, 10] lib/gencache.c:gencache_set(130) > Adding cache entry with key = SAF/DOMAIN/FOREST; value = RANGER1 and timeout = Wed Jun 7 11:17:58 2006 > (900 seconds ahead) >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 2 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 51 99 07 34 07 F4 B5 C9 Q..4.ôµÉ >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,82) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,82) wrote 82 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 3 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 3: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] C6 87 7F 3A 72 E4 B8 7C Æ..:rä¸| >[2006/06/07 11:02:58, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for RANGER1 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:set_global_winbindd_state_online(2334) > set_global_winbindd_state_online: online requested. >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:set_global_winbindd_state_online(2337) > set_global_winbindd_state_online: rejecting. >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 4 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 92 3C 05 83 B5 54 11 E4 .<..µT.ä >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,104) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,104) wrote 104 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=4 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 3840 (0xF00) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 5 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 5: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] D0 A4 7B A8 2E B2 42 50 Ф{¨.²BP >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[800f]: \lsarpc auth_type 0, auth_level 0 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.±Ð. .¨.ÀOÙ.õ > [010] 00 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 3919286a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : b10c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11d0 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9b a8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 00 c0 4f d9 2e f5 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x800f >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32783 (0x800F) > smb_bcc=87 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A .¸...... .......j > [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9.±Ð.. ¨.ÀOÙ.õ. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 6 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 7C 64 43 A1 2B DF 1E EA |dC¡+ß.ê >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,158) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,158) wrote 158 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6C 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ls. ...\PIPE > [020] 5C 6C 73 61 73 73 00 AE 67 01 00 00 00 00 00 00 \lsass.® g....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 7 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 7: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 07 B4 F8 8F 5D 29 F9 23 .´ø.])ù# >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6C 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ls. ...\PIPE > [020] 5C 6C 73 61 73 73 00 AE 67 01 00 00 00 00 00 00 \lsass.® g....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x800f returned 68 bytes. >[2006/06/07 11:02:58, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine RANGER1 pipe \lsarpc fnum 0x800f bind request returned ok. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0000736c >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine RANGER1 and bound anonymously. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 ds_io_q_getprimdominfo >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 level: 0001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 001a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000002 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0000 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x800f >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32783 (0x800F) > smb_bcc=41 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ > [020] 00 00 00 00 00 00 00 01 00 ........ . >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 8 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 5C 51 5B D9 94 A6 4F 5D \Q[Ù.¦O] >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,112) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,112) wrote 112 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 236 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=236 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 180 (0xB4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=181 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 1A 05 00 02 03 10 00 00 00 B4 00 00 00 02 00 00 ........ .´...... > [010] 00 9C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ > [020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ > [030] 00 0C 00 02 00 12 DB 58 36 E3 CE 26 46 B0 D2 CA ......ÛX 6ãÎ&F°ÒÊ > [040] 3E AA 25 A9 1D 07 00 00 00 00 00 00 00 07 00 00 >ª%©.... ........ > [050] 00 46 00 4F 00 52 00 45 00 53 00 54 00 00 00 45 .F.O.R.E .S.T...E > [060] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 6E 00 74 ........ .....n.t > [070] 00 2E 00 6C 00 64 00 78 00 6E 00 65 00 74 00 2E ...l.d.x .n.e.t.. > [080] 00 63 00 6F 00 6D 00 00 00 0E 00 00 00 00 00 00 .c.o.m.. ........ > [090] 00 0E 00 00 00 6E 00 74 00 2E 00 6C 00 64 00 78 .....n.t ...l.d.x > [0A0] 00 6E 00 65 00 74 00 2E 00 63 00 6F 00 6D 00 00 .n.e.t.. .c.o.m.. > [0B0] 00 00 00 00 00 ..... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 9 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 9: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] EE 2B 5B 92 87 A7 BD 83 î+[..§½. >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=236 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 180 (0xB4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=181 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 1A 05 00 02 03 10 00 00 00 B4 00 00 00 02 00 00 ........ .´...... > [010] 00 9C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ > [020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ > [030] 00 0C 00 02 00 12 DB 58 36 E3 CE 26 46 B0 D2 CA ......ÛX 6ãÎ&F°ÒÊ > [040] 3E AA 25 A9 1D 07 00 00 00 00 00 00 00 07 00 00 >ª%©.... ........ > [050] 00 46 00 4F 00 52 00 45 00 53 00 54 00 00 00 45 .F.O.R.E .S.T...E > [060] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 6E 00 74 ........ .....n.t > [070] 00 2E 00 6C 00 64 00 78 00 6E 00 65 00 74 00 2E ...l.d.x .n.e.t.. > [080] 00 63 00 6F 00 6D 00 00 00 0E 00 00 00 00 00 00 .c.o.m.. ........ > [090] 00 0E 00 00 00 6E 00 74 00 2E 00 6C 00 64 00 78 .....n.t ...l.d.x > [0A0] 00 6E 00 65 00 74 00 2E 00 63 00 6F 00 6D 00 00 .n.e.t.. .c.o.m.. > [0B0] 00 00 00 00 00 ..... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00b4 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000009c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 180, data_len 156, ss_len 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 180 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x800f returned 312 bytes. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 ds_io_r_getprimdominfo >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 00020000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 level: 0001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 unknown0: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 machine_role: 0005 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a unknown: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c flags: 01000001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 netbios_ptr: 00020004 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 dnsname_ptr: 00020008 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 forestname_ptr: 0002000c >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_uuid domain_guid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c data : 3658db12 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0020 data : cee3 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0022 data : 4626 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0024 data : b0 d2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0026 data : ca 3e aa 25 a9 1d >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_unistr2 netbios_domain >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_max_len: 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 uni_str_len: 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0038 buffer : F.O.R.E.S.T... >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unistr2 dns_domain >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 uni_str_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0054 buffer : n.t...l.d.x.n.e.t...c.o.m... >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unistr2 forest_domain >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 uni_str_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 007c buffer : n.t...l.d.x.n.e.t...c.o.m... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0098 status: NT_STATUS_OK >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 10 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] C2 23 49 02 06 17 8C 23 Â#I....# >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,45) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,45) wrote 45 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=7 > smt_wct=0 > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 11 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 11: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] BF 70 D7 B8 2B 35 FD D9 ¿p׸+5ýÙ >[2006/06/07 11:02:58, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \lsarpc to machine RANGER1 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 12 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] A7 E6 AA BA 38 3D 9C A7 §æªº8=.§ >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,104) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,104) wrote 104 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=8 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2048 (0x800) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 13 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 13: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 13 8A AA 03 9B 17 13 9B ..ª..... >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[8008]: \lsarpc auth_type 0, auth_level 0 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« > [010] 00 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345778 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 89 ab >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x8008 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32776 (0x8008) > smb_bcc=87 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 14 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] F7 41 58 CB 39 C2 9A F5 ÷AXË9Â.õ >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,158) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,158) wrote 158 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6D 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ms. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 15 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 15: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 3B 34 46 CB 2D DE CC 03 ;4FË-ÞÌ. >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6D 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ms. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x8008 returned 68 bytes. >[2006/06/07 11:02:58, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine RANGER1 pipe \lsarpc fnum 0x8008 bind request returned ok. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0000736d >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine RANGER1 and bound anonymously. >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) > init_lsa_sec_qos >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_q_open_pol2(368) > init_q_open_pol2: attr:0 da:33554432 >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) > init_lsa_obj_attr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr : 00000001 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.R.A.N.G.E.R.1... >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 lsa_io_obj_attr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 len : 00000018 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 ptr_root_dir: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c ptr_obj_name: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 attributes : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 ptr_sec_desc: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 ptr_sec_qos : 00000001 >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00003c lsa_io_obj_qos sec_qos >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c len : 0000000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 sec_imp_level : 0002 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0042 sec_ctxt_mode : 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0043 effective_only: 00 >[2006/06/07 11:02:58, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) > lsa_io_sec_qos: length c does not match size 8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 des_access: 02000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0060 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000048 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 002c >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x8008 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32776 (0x8008) > smb_bcc=111 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 00 00 04 00 00 00 48 .......` .......H > [020] 00 00 00 00 00 2C 00 01 00 00 00 0A 00 00 00 00 .....,.. ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 52 00 41 00 4E .......\ .\.R.A.N > [040] 00 47 00 45 00 52 00 31 00 00 00 18 00 00 00 00 .G.E.R.1 ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ........ ........ > [060] 00 00 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 16 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 1C 1C D7 E4 CF 6A 6B DC ..×äÏjkÜ >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,182) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,182) wrote 182 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 `....... .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0C 41 33 ........ ......A3 > [020] 34 1E 97 6E 44 AE 36 07 73 4A A0 A4 E4 00 00 00 4..nD®6. sJ ¤ä... > [030] 00 . >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 17 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 17: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] CB 27 76 4D 55 F9 37 14 Ë'vMUù7. >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 `....... .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0C 41 33 ........ ......A3 > [020] 34 1E 97 6E 44 AE 36 07 73 4A A0 A4 E4 00 00 00 4..nD®6. sJ ¤ä... > [030] 00 . >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x8008 returned 48 bytes. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 3433410c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 971e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 446e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: ae 36 07 73 4a a0 a4 e4 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_q_query2(3113) > init_q_query2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query_info2 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 3433410c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 971e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 446e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: ae 36 07 73 4a a0 a4 e4 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 info_class: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000016 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 002e >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x8008 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32776 (0x8008) > smb_bcc=61 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 0C 41 33 34 1E ........ ....A34. > [030] 97 6E 44 AE 36 07 73 4A A0 A4 E4 0C 00 .nD®6.sJ ¤ä.. >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 18 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] B4 0A 11 F2 5F 54 FF C2 ´..ò_Tÿ >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,132) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,132) wrote 132 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 268 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 212 (0xD4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 212 (0xD4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=213 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 2E 05 00 02 03 10 00 00 00 D4 00 00 00 05 00 00 ........ .Ô...... > [010] 00 BC 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 .¼...... ........ > [020] 00 0C 00 0E 00 04 00 02 00 1A 00 1C 00 08 00 02 ........ ........ > [030] 00 1A 00 1C 00 0C 00 02 00 12 DB 58 36 E3 CE 26 ........ ..ÛX6ãÎ& > [040] 46 B0 D2 CA 3E AA 25 A9 1D 10 00 02 00 07 00 00 F°ÒÊ>ª%© ........ > [050] 00 00 00 00 00 06 00 00 00 46 00 4F 00 52 00 45 ........ .F.O.R.E > [060] 00 53 00 54 00 0E 00 00 00 00 00 00 00 0D 00 00 .S.T.... ........ > [070] 00 6E 00 74 00 2E 00 6C 00 64 00 78 00 6E 00 65 .n.t...l .d.x.n.e > [080] 00 74 00 2E 00 63 00 6F 00 6D 00 00 00 0E 00 00 .t...c.o .m...... > [090] 00 00 00 00 00 0D 00 00 00 6E 00 74 00 2E 00 6C ........ .n.t...l > [0A0] 00 64 00 78 00 6E 00 65 00 74 00 2E 00 63 00 6F .d.x.n.e .t...c.o > [0B0] 00 6D 00 00 00 04 00 00 00 01 04 00 00 00 00 00 .m...... ........ > [0C0] 05 15 00 00 00 DD E8 E4 1C EB 25 79 2C DB EB 0C .....Ýèä .ë%y,Ûë. > [0D0] 50 00 00 00 00 P.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 19 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 19: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] DD 49 9A BB 3D 04 C1 EF ÝI.»=.Áï >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 212 (0xD4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 212 (0xD4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=213 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 2E 05 00 02 03 10 00 00 00 D4 00 00 00 05 00 00 ........ .Ô...... > [010] 00 BC 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 .¼...... ........ > [020] 00 0C 00 0E 00 04 00 02 00 1A 00 1C 00 08 00 02 ........ ........ > [030] 00 1A 00 1C 00 0C 00 02 00 12 DB 58 36 E3 CE 26 ........ ..ÛX6ãÎ& > [040] 46 B0 D2 CA 3E AA 25 A9 1D 10 00 02 00 07 00 00 F°ÒÊ>ª%© ........ > [050] 00 00 00 00 00 06 00 00 00 46 00 4F 00 52 00 45 ........ .F.O.R.E > [060] 00 53 00 54 00 0E 00 00 00 00 00 00 00 0D 00 00 .S.T.... ........ > [070] 00 6E 00 74 00 2E 00 6C 00 64 00 78 00 6E 00 65 .n.t...l .d.x.n.e > [080] 00 74 00 2E 00 63 00 6F 00 6D 00 00 00 0E 00 00 .t...c.o .m...... > [090] 00 00 00 00 00 0D 00 00 00 6E 00 74 00 2E 00 6C ........ .n.t...l > [0A0] 00 64 00 78 00 6E 00 65 00 74 00 2E 00 63 00 6F .d.x.n.e .t...c.o > [0B0] 00 6D 00 00 00 04 00 00 00 01 04 00 00 00 00 00 .m...... ........ > [0C0] 05 15 00 00 00 DD E8 E4 1C EB 25 79 2C DB EB 0C .....Ýèä .ë%y,Ûë. > [0D0] 50 00 00 00 00 P.... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00d4 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 000000bc >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 212, data_len 188, ss_len 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 212 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x8008 returned 376 bytes. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query_info2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 dom_ptr: 00020000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 info_class: 000c >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000006 lsa_io_dom_query_12 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_unihdr nb_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 uni_str_len: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a uni_max_len: 000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buffer : 00020004 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_unihdr dns_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 uni_str_len: 001a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 uni_max_len: 001c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 buffer : 00020008 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_unihdr forest >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 uni_str_len: 001a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001a uni_max_len: 001c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c buffer : 0002000c >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid dom_guid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 3658db12 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : cee3 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 4626 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : b0 d2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : ca 3e aa 25 a9 1d >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 dom_sid: 00020010 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_unistr2 nb_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 uni_max_len: 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c uni_str_len: 00000006 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0040 buffer : F.O.R.E.S.T. >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_unistr2 dns_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 uni_str_len: 0000000d >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0058 buffer : n.t...l.d.x.n.e.t...c.o.m. >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000072 smb_io_unistr2 forest >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c uni_str_len: 0000000d >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0080 buffer : n.t...l.d.x.n.e.t...c.o.m. >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00009a smb_io_dom_sid2 dom_sid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c num_auths: 00000004 >[2006/06/07 11:02:58, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_dom_sid sid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a0 sid_rev_num: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a1 num_auths : 04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a2 id_auth[0] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a3 id_auth[1] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a4 id_auth[2] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a5 id_auth[3] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a6 id_auth[4] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a7 id_auth[5] : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00a8 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 00b8 status: NT_STATUS_OK >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 20 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 02 12 73 07 4C BC BB CA ..s.L¼»Ê >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,45) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,45) wrote 45 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=12 > smt_wct=0 > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 21 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 21: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 23 F1 82 FA 9E 44 DE 2A #ñ.ú.DÞ* >[2006/06/07 11:02:58, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \lsarpc to machine RANGER1 >[2006/06/07 11:02:58, 5] nsswitch/winbindd_cache.c:get_cache(125) > get_cache: Setting ADS methods for domain FOREST >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:wcache_flush_cache(2144) > wcache_flush_cache success >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(337) > fetch_cache_seqnum: success [FOREST][1108190 @ 1149703320] >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(427) > refresh_sequence_number: FOREST seq number is now 1108190 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:centry_expired(469) > centry_expired: Key LOC_POL/FOREST for domain FOREST is good. >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:wcache_fetch(556) > wcache_fetch: returning entry LOC_POL/FOREST for domain FOREST >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:lockout_policy(1764) > lockout_policy: [Cached] - cached info for domain FOREST status Success >[2006/06/07 11:02:58, 10] lib/events.c:add_timed_event(77) > Added timed event "account_lockout_policy_handler": 82e0378 >[2006/06/07 11:02:58, 10] lib/events.c:get_timed_events_timeout(118) > timed_events_timeout: 3599/999955 >[2006/06/07 11:02:58, 4] nsswitch/winbindd_dual.c:fork_domain_child(802) > child daemon request 41 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_dual.c:child_process_request(393) > process_request: request fn INIT_CONNECTION >[2006/06/07 11:02:58, 10] libsmb/namequery.c:internal_resolve_name(1112) > internal_resolve_name: looking up RANGER1#20 >[2006/06/07 11:02:58, 10] lib/gencache.c:gencache_get(272) > Returning valid cache entry: key = NBT/RANGER1#20, value = 192.168.200.35:0, timeout = Wed Jun 7 11:13:58 2006 >[2006/06/07 11:02:58, 5] libsmb/namecache.c:namecache_fetch(201) > name RANGER1#20 found. >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 22 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 1B E2 35 69 25 48 46 06 .â5i%HF. >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,104) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,104) wrote 104 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=13 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 23 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 23: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 75 4C 16 AB CE AA B3 C7 uL.«Îª³Ç >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[c001]: \lsarpc auth_type 0, auth_level 0 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.±Ð. .¨.ÀOÙ.õ > [010] 00 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 3919286a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : b10c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 11d0 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : 9b a8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 00 c0 4f d9 2e f5 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0xc001 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49153 (0xC001) > smb_bcc=87 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A .¸...... .......j > [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9.±Ð.. ¨.ÀOÙ.õ. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 24 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] CD 24 C5 EF 12 B1 BC EC Í$Åï.±¼ì >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,158) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,158) wrote 158 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6E 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ns. ...\PIPE > [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 25 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 25: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] F8 3D A5 08 76 D2 28 D7 ø=¥.vÒ(× >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6E 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ns. ...\PIPE > [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0xc001 returned 68 bytes. >[2006/06/07 11:02:58, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine RANGER1 pipe \lsarpc fnum 0xc001 bind request returned ok. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0000736e >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine RANGER1 and bound anonymously. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 ds_io_q_getprimdominfo >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 level: 0001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 001a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000002 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0000 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0xc001 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49153 (0xC001) > smb_bcc=41 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 1A 00 00 00 07 00 00 00 02 ........ ........ > [020] 00 00 00 00 00 00 00 01 00 ........ . >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 26 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 10 2C 09 2D 94 25 93 CB .,.-.%.Ë >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,112) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,112) wrote 112 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 236 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=236 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 180 (0xB4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=181 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 1A 05 00 02 03 10 00 00 00 B4 00 00 00 07 00 00 ........ .´...... > [010] 00 9C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ > [020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ > [030] 00 0C 00 02 00 12 DB 58 36 E3 CE 26 46 B0 D2 CA ......ÛX 6ãÎ&F°ÒÊ > [040] 3E AA 25 A9 1D 07 00 00 00 00 00 00 00 07 00 00 >ª%©.... ........ > [050] 00 46 00 4F 00 52 00 45 00 53 00 54 00 00 00 45 .F.O.R.E .S.T...E > [060] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 6E 00 74 ........ .....n.t > [070] 00 2E 00 6C 00 64 00 78 00 6E 00 65 00 74 00 2E ...l.d.x .n.e.t.. > [080] 00 63 00 6F 00 6D 00 00 00 0E 00 00 00 00 00 00 .c.o.m.. ........ > [090] 00 0E 00 00 00 6E 00 74 00 2E 00 6C 00 64 00 78 .....n.t ...l.d.x > [0A0] 00 6E 00 65 00 74 00 2E 00 63 00 6F 00 6D 00 00 .n.e.t.. .c.o.m.. > [0B0] 00 00 00 00 00 ..... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 27 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 27: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 2A 5B 59 0C 5F 5E FB A2 *[Y._^û¢ >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=236 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 180 (0xB4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=181 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 1A 05 00 02 03 10 00 00 00 B4 00 00 00 07 00 00 ........ .´...... > [010] 00 9C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ > [020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ > [030] 00 0C 00 02 00 12 DB 58 36 E3 CE 26 46 B0 D2 CA ......ÛX 6ãÎ&F°ÒÊ > [040] 3E AA 25 A9 1D 07 00 00 00 00 00 00 00 07 00 00 >ª%©.... ........ > [050] 00 46 00 4F 00 52 00 45 00 53 00 54 00 00 00 45 .F.O.R.E .S.T...E > [060] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 6E 00 74 ........ .....n.t > [070] 00 2E 00 6C 00 64 00 78 00 6E 00 65 00 74 00 2E ...l.d.x .n.e.t.. > [080] 00 63 00 6F 00 6D 00 00 00 0E 00 00 00 00 00 00 .c.o.m.. ........ > [090] 00 0E 00 00 00 6E 00 74 00 2E 00 6C 00 64 00 78 .....n.t ...l.d.x > [0A0] 00 6E 00 65 00 74 00 2E 00 63 00 6F 00 6D 00 00 .n.e.t.. .c.o.m.. > [0B0] 00 00 00 00 00 ..... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00b4 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000009c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 180, data_len 156, ss_len 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 180 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0xc001 returned 312 bytes. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 ds_io_r_getprimdominfo >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr: 00020000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 level: 0001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0006 unknown0: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 machine_role: 0005 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a unknown: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c flags: 01000001 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 netbios_ptr: 00020004 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 dnsname_ptr: 00020008 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 forestname_ptr: 0002000c >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_uuid domain_guid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c data : 3658db12 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0020 data : cee3 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0022 data : 4626 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0024 data : b0 d2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0026 data : ca 3e aa 25 a9 1d >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_unistr2 netbios_domain >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_max_len: 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 uni_str_len: 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0038 buffer : F.O.R.E.S.T... >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unistr2 dns_domain >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 uni_str_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0054 buffer : n.t...l.d.x.n.e.t...c.o.m... >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unistr2 forest_domain >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 uni_str_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 007c buffer : n.t...l.d.x.n.e.t...c.o.m... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0098 status: NT_STATUS_OK >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 28 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 26 65 38 ED CD ED 2C 05 &e8íÍí,. >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,45) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,45) wrote 45 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=16 > smt_wct=0 > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 29 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 29: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 61 8A 03 E6 71 88 F0 73 a..æq.ðs >[2006/06/07 11:02:58, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \lsarpc to machine RANGER1 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 30 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 EA 1A C7 CD 33 54 5B Hê.ÇÍ3T[ >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,104) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,104) wrote 104 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=17 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 31 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 31: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 65 E3 6B 8C A5 72 D0 8E eãk.¥rÐ. >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[4000]: \lsarpc auth_type 0, auth_level 0 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« > [010] 00 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000008 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345778 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 89 ab >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x4000 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16384 (0x4000) > smb_bcc=87 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 08 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 32 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] E3 7A C5 E8 25 2F A8 98 ãzÅè%/¨. >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,158) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,158) wrote 158 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6F 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.os. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 33 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 33: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 79 AE ED 3D 27 FD A5 19 y®í='ý¥. >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 H....... .D...... > [010] 00 B8 10 B8 10 6F 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.os. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000008 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x4000 returned 68 bytes. >[2006/06/07 11:02:58, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine RANGER1 pipe \lsarpc fnum 0x4000 bind request returned ok. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000008 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0000736f >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine RANGER1 and bound anonymously. >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) > init_lsa_sec_qos >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_q_open_pol2(368) > init_q_open_pol2: attr:0 da:33554432 >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) > init_lsa_obj_attr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr : 00000001 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.R.A.N.G.E.R.1... >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 lsa_io_obj_attr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 len : 00000018 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 ptr_root_dir: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c ptr_obj_name: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 attributes : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 ptr_sec_desc: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 ptr_sec_qos : 00000001 >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00003c lsa_io_obj_qos sec_qos >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c len : 0000000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 sec_imp_level : 0002 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0042 sec_ctxt_mode : 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0043 effective_only: 00 >[2006/06/07 11:02:58, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) > lsa_io_sec_qos: length c does not match size 8 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 des_access: 02000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0060 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000009 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000048 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 002c >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x4000 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16384 (0x4000) > smb_bcc=111 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 00 00 09 00 00 00 48 .......` .......H > [020] 00 00 00 00 00 2C 00 01 00 00 00 0A 00 00 00 00 .....,.. ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 52 00 41 00 4E .......\ .\.R.A.N > [040] 00 47 00 45 00 52 00 31 00 00 00 18 00 00 00 00 .G.E.R.1 ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ........ ........ > [060] 00 00 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 34 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 01 AC C8 BA 0F 3E 84 40 .¬Èº.>.@ >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,182) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,182) wrote 182 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 `....... .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 68 E0 B5 ........ .....hൠ> [020] 03 86 11 7E 44 95 DE 50 E8 04 5D D7 92 00 00 00 ...~D.ÞP è.]×.... > [030] 00 . >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 35 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 35: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 41 77 94 74 AC 89 01 F9 Aw.t¬..ù >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 `....... .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 68 E0 B5 ........ .....hൠ> [020] 03 86 11 7E 44 95 DE 50 E8 04 5D D7 92 00 00 00 ...~D.ÞP è.]×.... > [030] 00 . >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000009 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x4000 returned 48 bytes. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 03b5e068 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 1186 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 447e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 95 de 50 e8 04 5d d7 92 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2006/06/07 11:02:58, 5] rpc_parse/parse_lsa.c:init_q_query2(3113) > init_q_query2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query_info2 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 03b5e068 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 1186 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 447e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 95 de 50 e8 04 5d d7 92 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 info_class: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000016 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 002e >[2006/06/07 11:02:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x4000 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16384 (0x4000) > smb_bcc=61 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 0A 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 68 E0 B5 03 86 ........ ...hàµ.. > [030] 11 7E 44 95 DE 50 E8 04 5D D7 92 0C 00 .~D.ÞPè. ]×... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 36 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 33 5D 0A 94 4E 9F B7 68 3]..N.·h >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,132) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,132) wrote 132 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 268 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 212 (0xD4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 212 (0xD4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=213 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 2E 05 00 02 03 10 00 00 00 D4 00 00 00 0A 00 00 ........ .Ô...... > [010] 00 BC 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 .¼...... ........ > [020] 00 0C 00 0E 00 04 00 02 00 1A 00 1C 00 08 00 02 ........ ........ > [030] 00 1A 00 1C 00 0C 00 02 00 12 DB 58 36 E3 CE 26 ........ ..ÛX6ãÎ& > [040] 46 B0 D2 CA 3E AA 25 A9 1D 10 00 02 00 07 00 00 F°ÒÊ>ª%© ........ > [050] 00 00 00 00 00 06 00 00 00 46 00 4F 00 52 00 45 ........ .F.O.R.E > [060] 00 53 00 54 00 0E 00 00 00 00 00 00 00 0D 00 00 .S.T.... ........ > [070] 00 6E 00 74 00 2E 00 6C 00 64 00 78 00 6E 00 65 .n.t...l .d.x.n.e > [080] 00 74 00 2E 00 63 00 6F 00 6D 00 00 00 0E 00 00 .t...c.o .m...... > [090] 00 00 00 00 00 0D 00 00 00 6E 00 74 00 2E 00 6C ........ .n.t...l > [0A0] 00 64 00 78 00 6E 00 65 00 74 00 2E 00 63 00 6F .d.x.n.e .t...c.o > [0B0] 00 6D 00 00 00 04 00 00 00 01 04 00 00 00 00 00 .m...... ........ > [0C0] 05 15 00 00 00 DD E8 E4 1C EB 25 79 2C DB EB 0C .....Ýèä .ë%y,Ûë. > [0D0] 50 00 00 00 00 P.... >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 37 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 37: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 74 7B 05 DF 63 38 2B 96 t{.ßc8+. >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 212 (0xD4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 212 (0xD4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=213 >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 2E 05 00 02 03 10 00 00 00 D4 00 00 00 0A 00 00 ........ .Ô...... > [010] 00 BC 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 .¼...... ........ > [020] 00 0C 00 0E 00 04 00 02 00 1A 00 1C 00 08 00 02 ........ ........ > [030] 00 1A 00 1C 00 0C 00 02 00 12 DB 58 36 E3 CE 26 ........ ..ÛX6ãÎ& > [040] 46 B0 D2 CA 3E AA 25 A9 1D 10 00 02 00 07 00 00 F°ÒÊ>ª%© ........ > [050] 00 00 00 00 00 06 00 00 00 46 00 4F 00 52 00 45 ........ .F.O.R.E > [060] 00 53 00 54 00 0E 00 00 00 00 00 00 00 0D 00 00 .S.T.... ........ > [070] 00 6E 00 74 00 2E 00 6C 00 64 00 78 00 6E 00 65 .n.t...l .d.x.n.e > [080] 00 74 00 2E 00 63 00 6F 00 6D 00 00 00 0E 00 00 .t...c.o .m...... > [090] 00 00 00 00 00 0D 00 00 00 6E 00 74 00 2E 00 6C ........ .n.t...l > [0A0] 00 64 00 78 00 6E 00 65 00 74 00 2E 00 63 00 6F .d.x.n.e .t...c.o > [0B0] 00 6D 00 00 00 04 00 00 00 01 04 00 00 00 00 00 .m...... ........ > [0C0] 05 15 00 00 00 DD E8 E4 1C EB 25 79 2C DB EB 0C .....Ýèä .ë%y,Ûë. > [0D0] 50 00 00 00 00 P.... >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 00d4 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 000000bc >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 212, data_len 188, ss_len 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 212 at offset 0 >[2006/06/07 11:02:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \lsarpc fnum 0x4000 returned 376 bytes. >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query_info2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 dom_ptr: 00020000 >[2006/06/07 11:02:58, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 info_class: 000c >[2006/06/07 11:02:58, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000006 lsa_io_dom_query_12 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_unihdr nb_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 uni_str_len: 000c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a uni_max_len: 000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buffer : 00020004 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_unihdr dns_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 uni_str_len: 001a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 uni_max_len: 001c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 buffer : 00020008 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_unihdr forest >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 uni_str_len: 001a >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001a uni_max_len: 001c >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c buffer : 0002000c >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid dom_guid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 3658db12 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : cee3 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : 4626 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : b0 d2 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : ca 3e aa 25 a9 1d >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 dom_sid: 00020010 >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_unistr2 nb_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 uni_max_len: 00000007 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c uni_str_len: 00000006 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0040 buffer : F.O.R.E.S.T. >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_unistr2 dns_name >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 uni_str_len: 0000000d >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0058 buffer : n.t...l.d.x.n.e.t...c.o.m. >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000072 smb_io_unistr2 forest >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 uni_max_len: 0000000e >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 offset : 00000000 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c uni_str_len: 0000000d >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0080 buffer : n.t...l.d.x.n.e.t...c.o.m. >[2006/06/07 11:02:58, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00009a smb_io_dom_sid2 dom_sid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c num_auths: 00000004 >[2006/06/07 11:02:58, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_dom_sid sid >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a0 sid_rev_num: 01 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a1 num_auths : 04 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a2 id_auth[0] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a3 id_auth[1] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a4 id_auth[2] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a5 id_auth[3] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a6 id_auth[4] : 00 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a7 id_auth[5] : 05 >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00a8 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb >[2006/06/07 11:02:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 00b8 status: NT_STATUS_OK >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 38 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 0C A2 44 84 6F 53 0B 71 .¢D.oS.q >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,45) >[2006/06/07 11:02:58, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,45) wrote 45 >[2006/06/07 11:02:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(478) >[2006/06/07 11:02:58, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=21 > smt_wct=0 > smb_bcc=0 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 39 >[2006/06/07 11:02:58, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 39: got good SMB signature of >[2006/06/07 11:02:58, 10] lib/util.c:dump_data(2215) > [000] 38 FC 44 25 18 61 0F E6 8üD%.a.æ >[2006/06/07 11:02:58, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \lsarpc to machine RANGER1 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:cache_store_response(1912) > Storing response for pid 32155, len 3192 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1952) > Retrieving response for pid 32155 >[2006/06/07 11:02:58, 5] nsswitch/winbindd_util.c:init_child_recv(420) > Received child initialization response for domain FOREST >[2006/06/07 11:02:58, 10] lib/events.c:get_timed_events_timeout(118) > timed_events_timeout: 3599/960516 >[2006/06/07 11:02:58, 4] nsswitch/winbindd_dual.c:fork_domain_child(802) > child daemon request 18 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_dual.c:child_process_request(393) > process_request: request fn LIST_TRUSTDOM >[2006/06/07 11:02:58, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(121) > [32152]: list trusted domains >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(399) > refresh_sequence_number: FOREST time ok >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(427) > refresh_sequence_number: FOREST seq number is now 1108190 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:centry_expired(469) > centry_expired: Key TRUSTDOMS/FOREST for domain FOREST is good. >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:wcache_fetch(556) > wcache_fetch: returning entry TRUSTDOMS/FOREST for domain FOREST >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:trusted_domains(1688) > trusted_domains: [Cached] - cached info for domain FOREST (0 trusts) status Success >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:cache_store_response(1912) > Storing response for pid 32155, len 3192 >[2006/06/07 11:02:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1952) > Retrieving response for pid 32155 >[2006/06/07 11:02:58, 10] lib/events.c:get_timed_events_timeout(118) > timed_events_timeout: 3599/959976 >[2006/06/07 11:03:15, 6] nsswitch/winbindd.c:new_connection(601) > accepted socket 18 >[2006/06/07 11:03:15, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn INTERFACE_VERSION >[2006/06/07 11:03:15, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(471) > [ 0]: request interface version >[2006/06/07 11:03:15, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn WINBINDD_PRIV_PIPE_DIR >[2006/06/07 11:03:15, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504) > [ 0]: request location of privileged pipe >[2006/06/07 11:03:15, 6] nsswitch/winbindd.c:new_connection(601) > accepted socket 19 >[2006/06/07 11:03:15, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn ENDPWENT >[2006/06/07 11:03:15, 3] nsswitch/winbindd_user.c:winbindd_endpwent(508) > [ 0]: endpwent >[2006/06/07 11:03:15, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn GETGROUPS >[2006/06/07 11:03:15, 3] nsswitch/winbindd_group.c:winbindd_getgroups(991) > [ 0]: getgroups root >[2006/06/07 11:03:15, 7] nsswitch/winbindd_group.c:winbindd_getgroups(1035) > winbindd_getpwnam: My domain -- rejecting getgroups() for FOREST\root. >[2006/06/07 11:03:35, 6] nsswitch/winbindd.c:new_connection(601) > accepted socket 18 >[2006/06/07 11:03:35, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn INTERFACE_VERSION >[2006/06/07 11:03:35, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(471) > [ 0]: request interface version >[2006/06/07 11:03:35, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn WINBINDD_PRIV_PIPE_DIR >[2006/06/07 11:03:35, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504) > [ 0]: request location of privileged pipe >[2006/06/07 11:03:35, 6] nsswitch/winbindd.c:new_connection(601) > accepted socket 19 >[2006/06/07 11:03:35, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn PAM_AUTH >[2006/06/07 11:03:35, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(657) > [ 0]: pam auth maint >[2006/06/07 11:03:35, 8] lib/util.c:is_myname(2036) > is_myname("FOREST") returns 0 >[2006/06/07 11:03:35, 4] nsswitch/winbindd_dual.c:fork_domain_child(802) > child daemon request 12 >[2006/06/07 11:03:35, 10] nsswitch/winbindd_dual.c:child_process_request(393) > process_request: request fn PAM_AUTH >[2006/06/07 11:03:35, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1095) > [32152]: dual pam auth maint >[2006/06/07 11:03:35, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1101) > winbindd_dual_pam_auth: domain: FOREST last was online >[2006/06/07 11:03:35, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_samlogon(940) > winbindd_dual_pam_auth_samlogon >[2006/06/07 11:03:35, 8] lib/util.c:is_myname(2036) > is_myname("FOREST") returns 0 >[2006/06/07 11:03:35, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) > Using cleartext machine password >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 40 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] BD 64 CA F0 7D F6 EA 6C ½dÊð}öêl >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,108) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,108) wrote 108 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=22 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2304 (0x900) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 41 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 41: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] BC 25 B2 A3 14 F1 6D AD ¼%²£.ñm >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[c009]: \NETLOGON auth_type 0, auth_level 0 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû > [010] 01 00 00 00 .... >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000b >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc009 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=23 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=87 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 0B 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 42 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] F5 84 F2 F9 90 28 B8 21 õ.òù.(¸! >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,158) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,158) wrote 158 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 H....... .D...... > [010] 00 B8 10 B8 10 70 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ps. ...\PIPE > [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 43 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 43: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 60 53 B2 53 08 0A D6 99 `S²S..Ö. >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 H....... .D...... > [010] 00 B8 10 B8 10 70 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.ps. ...\PIPE > [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000b >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc009 returned 68 bytes. >[2006/06/07 11:03:35, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine RANGER1 pipe \NETLOGON fnum 0xc009 bind request returned ok. >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000b >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00007370 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine RANGER1 and bound anonymously. >[2006/06/07 11:03:35, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) > cli_net_req_chal: LSA Request Challenge from GATE to \\RANGER1 >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_q_req_chal(679) > init_q_req_chal: 679 >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_q_req_chal(688) > init_q_req_chal: 688 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.R.A.N.G.E.R.1... >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : G.A.T.E... >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00003a smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data: a5 8e 13 5a 25 58 50 90 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 005a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000042 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0004 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc009 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=24 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 90 (0x5A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 90 (0x5A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=105 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5A 00 00 00 0C 00 00 00 42 .......Z .......B > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 52 00 41 00 4E .......\ .\.R.A.N > [040] 00 47 00 45 00 52 00 31 00 00 00 05 00 00 00 00 .G.E.R.1 ........ > [050] 00 00 00 05 00 00 00 47 00 41 00 54 00 45 00 00 .......G .A.T.E.. > [060] 00 A5 8E 13 5A 25 58 50 90 .¥..Z%XP . >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 44 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] AB D1 CB 2C 8C 05 C4 FF «ÑË,..Äÿ >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,176) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,176) wrote 176 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 92 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 5A 05 00 02 03 10 00 00 00 24 00 00 00 0C 00 00 Z....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 3B 27 F0 83 59 A2 09 ........ .;'ð.Y¢. > [020] 0D 00 00 00 00 ..... >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 45 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 45: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] E6 AD 8D 9E 5D AE 0C 0A æ..]®.. >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 5A 05 00 02 03 10 00 00 00 24 00 00 00 0C 00 00 Z....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 3B 27 F0 83 59 A2 09 ........ .;'ð.Y¢. > [020] 0D 00 00 00 00 ..... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc009 returned 24 bytes. >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 3b 27 f0 83 59 a2 09 0d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0008 status: NT_STATUS_OK >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_init(286) > creds_client_init: neg_flags : 400701ff >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_init(287) > creds_client_init: client chal : A58E135A25585090 >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_init(288) > creds_client_init: server chal : 3B27F08359A2090D >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_init_64(117) > creds_init_64 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_init_64(118) > clnt_chal_in: A58E135A25585090 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_init_64(119) > srv_chal_in : 3B27F08359A2090D >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_init_64(120) > clnt+srv : E0B503DE7EFA599D >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_init_64(121) > sess_key_out : 0FE315ACDB5DAF3D >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_init(306) > creds_client_init: clnt : 165A011499CEE688 >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_init(307) > creds_client_init: server : 1A56BA1C3DD1768B >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_init(308) > creds_client_init: seed : 165A011499CEE688 >[2006/06/07 11:03:35, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) > cli_net_auth2: srv:\\RANGER1 acct:GATE$ sc:2 mc: GATE neg: 400701ff >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_q_auth_2(800) > init_q_auth_2: 800 >[2006/06/07 11:03:35, 5] rpc_parse/parse_misc.c:init_log_info(1454) > make_log_info 1454 >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_q_auth_2(806) > init_q_auth_2: 806 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.R.A.N.G.E.R.1... >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : G.A.T.E.$... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003c sec_chan: 0002 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00003e smb_io_unistr2 unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 uni_max_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 004c buffer : G.A.T.E... >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000056 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0056 data: 16 5a 01 14 99 ce e6 88 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00005e net_io_neg_flags >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 neg_flags: 400701ff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 007c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000064 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 000f >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc009 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=206 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=25 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 124 (0x7C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=139 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 7C 00 00 00 0D 00 00 00 64 .......| .......d > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 52 00 41 00 4E .......\ .\.R.A.N > [040] 00 47 00 45 00 52 00 31 00 00 00 06 00 00 00 00 .G.E.R.1 ........ > [050] 00 00 00 06 00 00 00 47 00 41 00 54 00 45 00 24 .......G .A.T.E.$ > [060] 00 00 00 02 00 00 00 05 00 00 00 00 00 00 00 05 ........ ........ > [070] 00 00 00 47 00 41 00 54 00 45 00 00 00 16 5A 01 ...G.A.T .E....Z. > [080] 14 99 CE E6 88 00 00 FF 01 07 40 ..Îæ...ÿ ..@ >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 46 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] A4 D9 94 F0 60 D0 1B 80 ¤Ù.ð`Ð.. >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,210) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,210) wrote 210 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 7C 05 00 02 03 10 00 00 00 28 00 00 00 0D 00 00 |....... .(...... > [010] 00 10 00 00 00 00 00 00 00 1A 56 BA 1C 3D D1 76 ........ ..Vº.=Ñv > [020] 8B FF 01 07 40 00 00 00 00 .ÿ..@... . >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 47 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 47: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 6C 48 33 3F 74 48 1E F3 lH3?tH.ó >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 7C 05 00 02 03 10 00 00 00 28 00 00 00 0D 00 00 |....... .(...... > [010] 00 10 00 00 00 00 00 00 00 1A 56 BA 1C 3D D1 76 ........ ..Vº.=Ñv > [020] 8B FF 01 07 40 00 00 00 00 .ÿ..@... . >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0028 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000010 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc009 returned 32 bytes. >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 1a 56 ba 1c 3d d1 76 8b >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 neg_flags: 400701ff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 000c status: NT_STATUS_OK >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/06/07 11:03:35, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346) > rpccli_netlogon_setup_creds: server RANGER1 credential chain established. >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 48 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 0F 18 93 E8 7C 3A CF DC ...è|:ÏÜ >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,108) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,108) wrote 108 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=26 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 49 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 49: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] BA 8E FD CF AD FF 3A 56 º.ýÏÿ:V >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[c00a]: \NETLOGON auth_type 2, auth_level 6 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû > [010] 01 00 00 00 .... >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 type1: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type2: 00000003 >[2006/06/07 11:03:35, 6] lib/util.c:dump_data(2215) > [000] 46 4F 52 45 53 54 FOREST >[2006/06/07 11:03:35, 6] lib/util.c:dump_data(2215) > [000] 47 41 54 45 GATE >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0064 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0014 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 auth_type : 44 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 auth_level : 06 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004a auth_pad_len : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004b auth_reserved: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c auth_context_id: 00000001 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc00a >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=182 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=27 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49162 (0xC00A) > smb_bcc=115 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 64 00 14 00 0E 00 00 00 B8 .......d .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 46 4F 52 45 53 54 00 47 41 .......F OREST.GA > [070] 54 45 00 TE. >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 50 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] B3 F5 9C 0E 0D 19 00 65 ³õ.....e >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,186) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,186) wrote 186 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 144 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=27 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 0E 00 00 d....... .X...... > [010] 00 B8 10 B8 10 71 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.qs. ...\PIPE > [020] 5C 6C 73 61 73 73 00 50 E8 01 00 00 00 00 00 00 \lsass.P è....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 00 00 00 ........ . >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 51 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 51: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 41 8D D8 52 77 C4 97 7D A.ØRwÄ.} >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=27 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 64 05 00 0C 03 10 00 00 00 58 00 0C 00 0E 00 00 d....... .X...... > [010] 00 B8 10 B8 10 71 73 00 00 0C 00 5C 50 49 50 45 .¸.¸.qs. ...\PIPE > [020] 5C 6C 73 61 73 73 00 50 E8 01 00 00 00 00 00 00 \lsass.P è....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 00 00 00 ........ . >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000e >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc00a returned 88 bytes. >[2006/06/07 11:03:35, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine RANGER1 pipe \NETLOGON fnum 0xc00a bind request returned ok. >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00007371 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine RANGER1 for domain FOREST and bound using schannel. >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 52 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 6A 52 9B 61 BD C5 28 AB jR.a½Å(« >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,45) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,45) wrote 45 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=28 > smt_wct=0 > smb_bcc=0 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 53 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 53: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 22 57 EC 65 6A F9 91 D9 "Wìejù.Ù >[2006/06/07 11:03:35, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine RANGER1 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(148) > sequence = 0x448714f9 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(150) > seed: 165A011499CEE688 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(155) > seed+seq 0F6F885899CEE688 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(159) > CLIENT 5C090E74C3D718F0 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(164) > seed+seq+1 106F885899CEE688 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(168) > SERVER 5E71A8C5F510AC46 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_reseed(238) > cred_reseed: seed 106F885899CEE688 >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_id_info2(1181) > init_id_info2: 1181 >[2006/06/07 11:03:35, 5] rpc_parse/parse_misc.c:init_logon_id(1633) > make_logon_id: 1633 >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_sam_info(1275) > init_sam_info: 1275 >[2006/06/07 11:03:35, 5] rpc_parse/parse_misc.c:init_clnt_info2(1548) > make_clnt_info: 1548 >[2006/06/07 11:03:35, 5] rpc_parse/parse_misc.c:init_clnt_srv(1393) > init_clnt_srv: 1393 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_sam_logon >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_sam_info >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_info2 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.R.A.N.G.E.R.1... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 undoc_buffer2: 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_unistr2 unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 uni_max_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0034 buffer : G.A.T.E... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 ptr_cred: 00000001 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000044 smb_io_cred >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000044 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0044 data: 5c 09 0e 74 c3 d7 18 f0 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_utime >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c time: 448714f9 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 ptr_rtn_cred : 00000001 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_cred >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0054 data: 00 00 00 00 00 00 00 00 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_utime >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c time: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 logon_level : 0002 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000062 smb_io_sam_info_ctr logon_info >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 switch_value : 0002 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 net_io_id_info2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 ptr_id_info2: 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr unihdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 param_ctrl: 00000000 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_logon_id >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 low : 0000dead >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 high: 0000beef >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_unihdr unihdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007c uni_str_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007e uni_max_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_unihdr unihdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0084 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer : 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 008c lm_chal: 40 6c 24 f1 0c 24 cc 86 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000094 smb_io_strhdr hdr_nt_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0094 str_str_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0096 str_max_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_strhdr hdr_lm_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c str_str_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e str_max_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_unistr2 uni_domain_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00b0 buffer : F.O.R.E.S.T. >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000bc smb_io_unistr2 uni_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc uni_max_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00c8 buffer : m.a.i.n.t. >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000d2 smb_io_unistr2 uni_wksta_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : \.\.G.A.T.E. >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ec smb_io_string2 nt_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec str_max_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 str_str_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 00f8 buffer : ¡Íõ.Mp.oÌóqÕU..àÃÜ.÷..a. >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000110 smb_io_string2 lm_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 str_max_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 str_str_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 011c buffer : ²Á»=..Ù.K.".¢à.þq[TtqÀ.. >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0134 validation_level: 0003 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0178 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000f >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000136 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0002 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000150 smb_io_rpc_hdr_auth hdr_auth >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0150 auth_type : 44 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0151 auth_level : 06 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0152 auth_pad_len : 02 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0153 auth_reserved: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 auth_context_id: 00000001 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) > add_schannel_auth_footer: SCHANNEL seq_num=0 >[2006/06/07 11:03:35, 10] rpc_parse/parse_prs.c:schannel_encode(1632) > SCHANNEL: schannel_encode seq_num=0 data_len=312 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000158 smb_io_rpc_auth_schannel_chk >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0158 sig : 77 00 7a 00 ff ff 00 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0160 seq_num: 21 59 0d f7 91 a8 77 92 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0168 packet_digest: 02 9a 7d d0 86 05 42 83 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0170 confounder: 57 89 9f c1 d6 8e d2 90 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc00a >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=458 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=29 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 376 (0x178) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 376 (0x178) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49162 (0xC00A) > smb_bcc=391 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 78 01 20 00 0F 00 00 00 36 .......x . .....6 > [020] 01 00 00 00 00 02 00 B6 DA DF 7E 17 81 F9 CD BF .......¶ Úß~..ùÍ¿ > [030] 9D 43 A9 C5 A7 4A 2E BE 50 02 8A 88 4C A7 4F 8D .C©Å§J.¾ P...L§O. > [040] E8 D2 F9 0A 74 F1 11 59 E1 58 FC 9B EE EE 5E 78 èÒù.tñ.Y áXü.îî^x > [050] C2 36 58 F4 10 23 9C 44 03 0D DF EE 39 1D 68 21 Â6Xô.#.D ..ßî9.h! > [060] 98 A2 CA 2F 23 23 CE 53 87 A1 41 CA CC 2C BF FB .¢Ê/##ÎS .¡AÊÌ,¿û > [070] 56 01 36 AB 20 77 32 D8 FC F6 E4 42 DD 1B DA 05 V.6« w2Ø üöäBÝ.Ú. > [080] 4A 9E 5C C3 AD F3 04 3E 70 C3 57 F8 AF 84 F9 43 J.\Ãó.> pÃWø¯.ùC > [090] 4F 1B 61 14 12 A1 24 A2 3D 7A A2 AC 73 42 AC CE O.a..¡$¢ =z¢¬sB¬Î > [0A0] 67 C8 26 1A 0E EC 2B D0 50 78 AA 56 50 81 6A F9 gÈ&..ì+Ð PxªVP.jù > [0B0] FC 0F 52 38 8B AD DF 09 6C E5 B2 92 CA B2 3D 72 ü.R8.ß. lå².ʲ=r > [0C0] 2A E3 FE 6C CF 4C 13 A0 79 38 AA C1 46 C1 F6 96 *ãþlÏL. y8ªÁFÁö. > [0D0] D9 91 D3 2F 53 9F 20 8A 31 1F 91 A3 16 63 47 9D Ù.Ó/S. . 1..£.cG. > [0E0] E5 F5 37 6A 9A B9 57 63 64 5B 86 2E 35 1B 51 46 åõ7j.¹Wc d[..5.QF > [0F0] 4A 5D A9 8D DF 3F 43 54 A1 F0 67 C3 AC B1 FA A0 J]©.ß?CT ¡ðgì±ú > [100] B2 A4 4B 79 A8 2E AC 91 8A F7 F4 68 94 FA F0 7C ²¤Ky¨.¬. .÷ôh.úð| > [110] 57 F2 18 36 6D EB 64 09 97 C6 45 4A 21 39 7C 38 Wò.6mëd. .ÆEJ!9|8 > [120] 2B 91 18 4D 3D CF 14 51 4F 74 4C B9 56 33 22 C2 +..M=Ï.Q OtL¹V3" > [130] C4 EE 11 08 FA 1B 22 AA E0 0B DF CD 98 C1 33 72 Äî..ú."ª à.ßÍ.Á3r > [140] 12 7D E5 EA 2E F9 44 DE 8D C2 44 46 90 54 86 78 .}åê.ùDÞ .ÂDF.T.x > [150] 59 20 92 83 C2 77 96 6F 30 B3 0C 79 97 2D D7 44 Y ..Âw.o 0³.y.-×D > [160] 06 02 00 01 00 00 00 77 00 7A 00 FF FF 00 00 21 .......w .z.ÿÿ..! > [170] 59 0D F7 91 A8 77 92 02 9A 7D D0 86 05 42 83 57 Y.÷.¨w.. .}Ð..B.W > [180] 89 9F C1 D6 8E D2 90 ..ÁÖ.Ò. >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 54 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] E6 A0 E7 BD 2E BB F8 D5 æ ç½.»øÕ >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,462) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,462) wrote 462 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 552 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=552 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=29 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 496 (0x1F0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 496 (0x1F0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=497 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 78 05 00 02 03 10 00 00 00 F0 01 20 00 0F 00 00 x....... .ð. .... > [010] 00 AC 01 00 00 00 00 00 00 C1 6D A8 FB B0 4F 22 .¬...... .Ám¨û°O" > [020] 7A 60 DC D2 87 80 27 80 05 1F 60 33 C9 6C FC 06 z`ÜÒ..'. ..`3Élü. > [030] 1B 5C 03 32 0D 00 04 DA 4F B3 4C 98 44 1F F0 37 .\.2...Ú O³L.D.ð7 > [040] D6 B5 8B 77 C9 9E 6B B1 8F 75 4B CB 15 03 62 19 Öµ.wÉ.k± .uKË..b. > [050] 54 CC 13 58 79 60 D8 ED 40 E4 CC BD A0 18 FF D1 TÌ.Xy`Øí @ä̽ .ÿÑ > [060] 20 64 06 D0 62 45 B7 F3 37 75 B6 F0 26 C0 16 66 d.ÐbE·ó 7u¶ð&À.f > [070] C9 72 E1 52 1A 59 A0 D4 18 9F ED 71 98 29 CE 69 ÉráR.Y Ô ..íq.)Îi > [080] 79 B9 6E AD 2B 0F 43 3E CF 63 47 D0 8F F2 DD EE y¹n+.C> ÏcGÐ.òÝî > [090] B2 C3 FE DC C1 70 12 3B DB 40 B2 13 BF E0 0A 4B ²ÃþÜÁp.; Û@².¿à.K > [0A0] 27 21 19 4C AA F3 2C 8D F7 43 66 E3 7D 46 9F 9B '!.Lªó,. ÷Cfã}F.. > [0B0] 55 57 22 E3 D6 21 F6 92 F1 B2 F9 7F FD 50 4A 85 UW"ãÖ!ö. ñ²ù.ýPJ. > [0C0] FA 55 05 F2 24 C8 F0 74 73 D3 A2 77 1C 21 80 B6 úU.ò$Èðt sÓ¢w.!.¶ > [0D0] 3A BE 1B B1 FD 94 A6 2A 55 D2 DE F8 09 F2 8B 12 :¾.±ý.¦* UÒÞø.ò.. > [0E0] 48 37 15 BA D8 23 6E 13 90 9D FC 33 AA 22 57 F2 H7.ºØ#n. ..ü3ª"Wò > [0F0] FB 2F C3 6D 66 ED 4C AE 7A 95 0B 06 0E 7B AF C5 û/ÃmfíL® z....{¯Å > [100] 4C 3D 4A 00 24 1F 40 20 98 AD F6 97 AC B3 04 18 L=J.$.@ .ö.¬³.. > [110] 42 D4 E8 08 7F 22 0A 92 5A D3 02 06 B2 29 9B C3 BÔè..".. ZÓ..²).à > [120] 7F 20 01 6B 2F 18 C4 7E 01 08 DC AB C1 22 B7 F1 . .k/.Ä~ ..Ü«Á"·ñ > [130] FE D8 E4 9B DE B2 4E 34 A4 FC 74 F9 57 AE 76 5E þØä.Þ²N4 ¤ütùW®v^ > [140] FE AF A8 74 E8 68 5D 4C 8B 02 60 4F 7E B1 9B 9E þ¯¨tèh]L ..`O~±.. > [150] B6 58 35 8A CC 8C 53 47 F2 62 D3 B7 9E BA F2 DF ¶X5.Ì.SG òbÓ·.ºòß > [160] F4 85 FB 58 CF 0D 4B 9E E0 2A D9 3C 6E 08 72 48 ô.ûXÏ.K. à*Ù<n.rH > [170] 7F 48 50 62 2C 48 02 A1 E9 AA DE 4D 1F 97 16 68 .HPb,H.¡ éªÞM...h > [180] DB A3 D2 B3 75 3F 3B 8D 9A 84 2A 16 79 C7 D5 EE Û£Ò³u?;. ..*.yÇÕî > [190] 65 33 02 22 5A F0 AB 6F 60 17 06 C3 35 AA 3C C7 e3."Zð«o `..Ã5ª<Ç > [1A0] 45 7A 52 A9 2E 05 D6 CE B1 5D C7 FF 05 82 43 B2 EzR©..ÖÎ ±]Çÿ..C² > [1B0] 71 9C 12 46 D1 7A 1E B1 8B D9 B3 71 4D CB 1E FA q..FÑz.± .Ù³qMË.ú > [1C0] BF 80 43 D9 EE 32 3B AD 12 44 06 04 00 01 00 00 ¿.CÙî2; .D...... > [1D0] 00 77 00 7A 00 FF FF 00 00 F9 EA A2 CA 30 59 78 .w.z.ÿÿ. .ùê¢Ê0Yx > [1E0] E0 F6 C9 DB CF 45 AB 6C 0E D8 81 C5 9A 51 32 6A àöÉÛÏE«l .Ø.Å.Q2j > [1F0] D8 Ø >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 55 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 55: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 73 DE 06 9B 2F 49 F2 F0 sÞ../Iòð >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=552 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=29 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 496 (0x1F0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 496 (0x1F0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=497 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 78 05 00 02 03 10 00 00 00 F0 01 20 00 0F 00 00 x....... .ð. .... > [010] 00 AC 01 00 00 00 00 00 00 C1 6D A8 FB B0 4F 22 .¬...... .Ám¨û°O" > [020] 7A 60 DC D2 87 80 27 80 05 1F 60 33 C9 6C FC 06 z`ÜÒ..'. ..`3Élü. > [030] 1B 5C 03 32 0D 00 04 DA 4F B3 4C 98 44 1F F0 37 .\.2...Ú O³L.D.ð7 > [040] D6 B5 8B 77 C9 9E 6B B1 8F 75 4B CB 15 03 62 19 Öµ.wÉ.k± .uKË..b. > [050] 54 CC 13 58 79 60 D8 ED 40 E4 CC BD A0 18 FF D1 TÌ.Xy`Øí @ä̽ .ÿÑ > [060] 20 64 06 D0 62 45 B7 F3 37 75 B6 F0 26 C0 16 66 d.ÐbE·ó 7u¶ð&À.f > [070] C9 72 E1 52 1A 59 A0 D4 18 9F ED 71 98 29 CE 69 ÉráR.Y Ô ..íq.)Îi > [080] 79 B9 6E AD 2B 0F 43 3E CF 63 47 D0 8F F2 DD EE y¹n+.C> ÏcGÐ.òÝî > [090] B2 C3 FE DC C1 70 12 3B DB 40 B2 13 BF E0 0A 4B ²ÃþÜÁp.; Û@².¿à.K > [0A0] 27 21 19 4C AA F3 2C 8D F7 43 66 E3 7D 46 9F 9B '!.Lªó,. ÷Cfã}F.. > [0B0] 55 57 22 E3 D6 21 F6 92 F1 B2 F9 7F FD 50 4A 85 UW"ãÖ!ö. ñ²ù.ýPJ. > [0C0] FA 55 05 F2 24 C8 F0 74 73 D3 A2 77 1C 21 80 B6 úU.ò$Èðt sÓ¢w.!.¶ > [0D0] 3A BE 1B B1 FD 94 A6 2A 55 D2 DE F8 09 F2 8B 12 :¾.±ý.¦* UÒÞø.ò.. > [0E0] 48 37 15 BA D8 23 6E 13 90 9D FC 33 AA 22 57 F2 H7.ºØ#n. ..ü3ª"Wò > [0F0] FB 2F C3 6D 66 ED 4C AE 7A 95 0B 06 0E 7B AF C5 û/ÃmfíL® z....{¯Å > [100] 4C 3D 4A 00 24 1F 40 20 98 AD F6 97 AC B3 04 18 L=J.$.@ .ö.¬³.. > [110] 42 D4 E8 08 7F 22 0A 92 5A D3 02 06 B2 29 9B C3 BÔè..".. ZÓ..²).à > [120] 7F 20 01 6B 2F 18 C4 7E 01 08 DC AB C1 22 B7 F1 . .k/.Ä~ ..Ü«Á"·ñ > [130] FE D8 E4 9B DE B2 4E 34 A4 FC 74 F9 57 AE 76 5E þØä.Þ²N4 ¤ütùW®v^ > [140] FE AF A8 74 E8 68 5D 4C 8B 02 60 4F 7E B1 9B 9E þ¯¨tèh]L ..`O~±.. > [150] B6 58 35 8A CC 8C 53 47 F2 62 D3 B7 9E BA F2 DF ¶X5.Ì.SG òbÓ·.ºòß > [160] F4 85 FB 58 CF 0D 4B 9E E0 2A D9 3C 6E 08 72 48 ô.ûXÏ.K. à*Ù<n.rH > [170] 7F 48 50 62 2C 48 02 A1 E9 AA DE 4D 1F 97 16 68 .HPb,H.¡ éªÞM...h > [180] DB A3 D2 B3 75 3F 3B 8D 9A 84 2A 16 79 C7 D5 EE Û£Ò³u?;. ..*.yÇÕî > [190] 65 33 02 22 5A F0 AB 6F 60 17 06 C3 35 AA 3C C7 e3."Zð«o `..Ã5ª<Ç > [1A0] 45 7A 52 A9 2E 05 D6 CE B1 5D C7 FF 05 82 43 B2 EzR©..ÖÎ ±]Çÿ..C² > [1B0] 71 9C 12 46 D1 7A 1E B1 8B D9 B3 71 4D CB 1E FA q..FÑz.± .Ù³qMË.ú > [1C0] BF 80 43 D9 EE 32 3B AD 12 44 06 04 00 01 00 00 ¿.CÙî2; .D...... > [1D0] 00 77 00 7A 00 FF FF 00 00 F9 EA A2 CA 30 59 78 .w.z.ÿÿ. .ùê¢Ê0Yx > [1E0] E0 F6 C9 DB CF 45 AB 6C 0E D8 81 C5 9A 51 32 6A àöÉÛÏE«l .Ø.Å.Q2j > [1F0] D8 Ø >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 01f0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000f >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 000001ac >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 0001c8 smb_io_rpc_hdr_auth hdr_auth >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01c8 auth_type : 44 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01c9 auth_level : 06 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01ca auth_pad_len : 04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01cb auth_reserved: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01cc auth_context_id: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 0001d0 smb_io_rpc_auth_schannel_chk >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01d0 sig : 77 00 7a 00 ff ff 00 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01d8 seq_num: f9 ea a2 ca 30 59 78 e0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01e0 packet_digest: f6 c9 db cf 45 ab 6c 0e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01e8 confounder: d8 81 c5 9a 51 32 6a d8 >[2006/06/07 11:03:35, 10] rpc_parse/parse_prs.c:schannel_decode(1709) > SCHANNEL: schannel_decode seq_num=1 data_len=432 >[2006/06/07 11:03:35, 10] rpc_parse/parse_prs.c:schannel_decode(1729) > SCHANNEL: schannel_decode seq_num=1 data_len=432 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 496, data_len 428, ss_len 4 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 496 at offset 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc00a returned 856 bytes. >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_sam_logon >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 buffer_creds: 00020000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_cred >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0004 data: 5e 71 a8 c5 f5 10 ac 46 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_utime >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c time: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 switch_value: 0003 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 net_io_user_info3 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr_user_info : 00020004 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time logon time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : 7d10b6be >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 01c68a5b >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time logoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 7fffffff >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time kickoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 7fffffff >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time last set time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 01c68a5b >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_time can change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c high: 01c68a5b >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_time must change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 high: 7fffffff >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00020008 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_full_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_logon_script >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_profile_path >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr hdr_home_dir >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr hdr_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 logon_count : 01e0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a bad_pw_count : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_rid : 00000476 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 group_rid : 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 num_groups : 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer_groups : 0002000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c user_flgs : 00000120 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0090 user_sess_key: 47 64 4d b2 5a 6b b0 9b 9a 7b f5 38 c1 2d 11 43 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_unihdr hdr_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a0 uni_str_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a2 uni_max_len: 0010 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 buffer : 00020010 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_unihdr hdr_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a8 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00aa uni_max_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac buffer : 00020014 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer_dom_id : 00020018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00b4 lm_sess_key: 4f 88 c2 da 83 45 41 5d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc acct_flags : 00000210 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 buffer_other_sids: 0002001c >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 uni_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00f0 buffer : m.a.i.n.t. >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_full_name >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_logon_script >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_profile_path >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_home_dir >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc num_groups2 : 00000005 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000100 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 g_rid: 0000049f >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000108 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 g_rid: 0000046c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000110 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 g_rid: 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 g_rid: 00000200 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000120 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 g_rid: 0000046d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000128 smb_io_unistr2 uni_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 uni_max_len: 00000008 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 uni_str_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0134 buffer : R.A.N.G.E.R.1. >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000142 smb_io_unistr2 uni_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0144 uni_max_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0150 buffer : F.O.R.E.S.T. >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00015c smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 015c num_auths: 00000004 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000160 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0160 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0161 num_auths : 04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0162 id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0163 id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0164 id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0165 id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0166 id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0167 id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0168 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c sid_ptr: 00020020 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 attribute: 00000007 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 num_auths: 00000005 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000188 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0188 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0189 num_auths : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018a id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018b id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018c id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018d id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018e id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018f id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0190 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb 00000468 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 auth_resp : 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 01a8 status : NT_STATUS_OK >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/06/07 11:03:35, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1153) > winbindd_dual_pam_auth_samlogon succeeded >[2006/06/07 11:03:35, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-484763869-746137067-1343024091-1142] >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 448714f7 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 00020004 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : 7d10b6be >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c68a5b >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01c68a5b >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01c68a5b >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00020008 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 01e0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 00000476 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0002000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000120 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 3a 84 17 d1 0a 13 8f 70 f7 53 cf 7e 22 72 ba e0 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 0010 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00020010 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 00020014 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 00020018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 32 68 98 b9 d3 3d 7e b6 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000210 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 0002001c >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : m.a.i.n.t. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_full_name >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_logon_script >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_profile_path >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_home_dir >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec num_groups2 : 00000005 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f0 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 g_rid: 0000049f >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f8 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 g_rid: 0000046c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000100 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 g_rid: 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000108 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 g_rid: 00000200 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000110 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 g_rid: 0000046d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_unistr2 uni_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 uni_max_len: 00000008 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_str_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0124 buffer : R.A.N.G.E.R.1. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000132 smb_io_unistr2 uni_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 uni_max_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0140 buffer : F.O.R.E.S.T. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00014c smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c num_auths: 00000004 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000150 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0150 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0151 num_auths : 04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0152 id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0153 id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0154 id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0155 id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0156 id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0157 id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0158 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0168 num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c sid_ptr: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0170 attribute: 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000174 smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0174 num_auths: 00000005 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000178 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0178 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0179 num_auths : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017a id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017b id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017c id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017d id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017e id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017f id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0180 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb 00000468 >[2006/06/07 11:03:35, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(86) > netsamlogon_clear_cached_user: clearing U/FOREST/1142 >[2006/06/07 11:03:35, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(97) > netsamlogon_clear_cached_user: clearing UG/FOREST/1142 >[2006/06/07 11:03:35, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(721) > wcache_save_name_to_sid: MAINT -> S-1-5-21-484763869-746137067-1343024091-1142 >[2006/06/07 11:03:35, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1273) > Plain-text authentication for user maint returned NT_STATUS_OK (PAM: 0) >[2006/06/07 11:03:35, 10] nsswitch/winbindd_cache.c:cache_store_response(1912) > Storing response for pid 32155, len 3192 >[2006/06/07 11:03:35, 10] lib/events.c:get_timed_events_timeout(118) > timed_events_timeout: 3563/481753 >[2006/06/07 11:03:35, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1952) > Retrieving response for pid 32155 >[2006/06/07 11:03:35, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn INFO >[2006/06/07 11:03:35, 3] nsswitch/winbindd_misc.c:winbindd_info(459) > [ 0]: request misc info >[2006/06/07 11:03:35, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn DOMAIN_NAME >[2006/06/07 11:03:35, 3] nsswitch/winbindd_misc.c:winbindd_domain_name(481) > [ 0]: request domain name >[2006/06/07 11:03:35, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn AUTH_CRAP >[2006/06/07 11:03:35, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1376) > [ 0]: pam auth crap domain: [FOREST] user: maint >[2006/06/07 11:03:35, 8] lib/util.c:is_myname(2036) > is_myname("FOREST") returns 0 >[2006/06/07 11:03:35, 4] nsswitch/winbindd_dual.c:fork_domain_child(802) > child daemon request 13 >[2006/06/07 11:03:35, 10] nsswitch/winbindd_dual.c:child_process_request(393) > process_request: request fn AUTH_CRAP >[2006/06/07 11:03:35, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1442) > [32152]: pam auth crap domain: FOREST user: maint >[2006/06/07 11:03:35, 8] lib/util.c:is_myname(2036) > is_myname("FOREST") returns 0 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(148) > sequence = 0x448714fb >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(150) > seed: 106F885899CEE688 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(155) > seed+seq 0B840F9D99CEE688 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(159) > CLIENT 7DB48A27F68F8420 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(164) > seed+seq+1 0C840F9D99CEE688 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_step(168) > SERVER 69F434183A442D93 >[2006/06/07 11:03:35, 5] libsmb/credentials.c:creds_reseed(238) > cred_reseed: seed 0C840F9D99CEE688 >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_id_info2(1181) > init_id_info2: 1181 >[2006/06/07 11:03:35, 5] rpc_parse/parse_misc.c:init_logon_id(1633) > make_logon_id: 1633 >[2006/06/07 11:03:35, 5] rpc_parse/parse_net.c:init_sam_info(1275) > init_sam_info: 1275 >[2006/06/07 11:03:35, 5] rpc_parse/parse_misc.c:init_clnt_info2(1548) > make_clnt_info: 1548 >[2006/06/07 11:03:35, 5] rpc_parse/parse_misc.c:init_clnt_srv(1393) > init_clnt_srv: 1393 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_sam_logon >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_sam_info >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_info2 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.R.A.N.G.E.R.1... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 undoc_buffer2: 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_unistr2 unistr2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 uni_max_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0034 buffer : G.A.T.E... >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 ptr_cred: 00000001 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000044 smb_io_cred >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000044 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0044 data: 7d b4 8a 27 f6 8f 84 20 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_utime >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c time: 448714fb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 ptr_rtn_cred : 00000001 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_cred >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0054 data: 00 00 00 00 00 00 00 00 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_utime >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c time: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 logon_level : 0002 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000062 smb_io_sam_info_ctr logon_info >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 switch_value : 0002 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 net_io_id_info2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 ptr_id_info2: 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr unihdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 param_ctrl: 00000820 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_logon_id >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 low : 0000dead >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 high: 0000beef >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_unihdr unihdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007c uni_str_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007e uni_max_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_unihdr unihdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0084 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer : 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 008c lm_chal: dd 80 f2 61 43 a5 49 39 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000094 smb_io_strhdr hdr_nt_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0094 str_str_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0096 str_max_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_strhdr hdr_lm_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c str_str_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e str_max_len: 0018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 00000001 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_unistr2 uni_domain_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00b0 buffer : F.O.R.E.S.T. >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000bc smb_io_unistr2 uni_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc uni_max_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00c8 buffer : m.a.i.n.t. >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000d2 smb_io_unistr2 uni_wksta_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : \.\.G.A.T.E. >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ec smb_io_string2 nt_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec str_max_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 str_str_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 00f8 buffer : #6¼X.;rª.l.@.³8g¾½ÂKÖ«.M >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000110 smb_io_string2 lm_chal_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 str_max_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 str_str_len: 00000018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 011c buffer : 5Î,PêµdàË..-¤âhv..IF.}©À >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0134 validation_level: 0003 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0178 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000010 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000136 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0002 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000150 smb_io_rpc_hdr_auth hdr_auth >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0150 auth_type : 44 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0151 auth_level : 06 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0152 auth_pad_len : 02 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0153 auth_reserved: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 auth_context_id: 00000001 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) > add_schannel_auth_footer: SCHANNEL seq_num=2 >[2006/06/07 11:03:35, 10] rpc_parse/parse_prs.c:schannel_encode(1632) > SCHANNEL: schannel_encode seq_num=2 data_len=312 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000158 smb_io_rpc_auth_schannel_chk >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0158 sig : 77 00 7a 00 ff ff 00 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0160 seq_num: 87 6f 70 7e 87 10 b6 ce >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0168 packet_digest: 4b e4 93 7b bd 0f 9b dc >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0170 confounder: ea e0 ac c6 98 90 eb e6 >[2006/06/07 11:03:35, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc00a >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=458 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=30 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 376 (0x178) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 376 (0x178) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49162 (0xC00A) > smb_bcc=391 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 78 01 20 00 10 00 00 00 36 .......x . .....6 > [020] 01 00 00 00 00 02 00 2B A5 9D 9D 4D 9F A5 0F 66 .......+ ¥..M.¥.f > [030] C2 BC 58 C6 C3 38 B7 28 1A C3 5A 87 B3 32 77 6F ¼XÆÃ8·( .ÃZ.³2wo > [040] 12 D4 1A 02 C9 72 4E 5D 9A 96 14 82 27 08 39 60 .Ô..ÉrN] ....'.9` > [050] DF A7 54 8F 40 B9 72 1F EE CA 1F E4 02 F8 69 56 ߧT.@¹r. îÊ.ä.øiV > [060] BB 52 EB BC C8 5A BE FA DC 72 E1 52 AD FE 71 F6 »Rë¼ÈZ¾ú ÜráRþqö > [070] 88 9E 7F 0D 43 69 B3 ED 04 D0 D9 F8 EE 3E 24 65 ....Ci³í .ÐÙøî>$e > [080] 75 F1 AE BA C2 86 4B 30 5A BE 80 DC D4 E9 27 6F uñ®ºÂ.K0 Z¾.ÜÔé'o > [090] E1 BC C5 51 5A BE 1D A9 27 EE 7A CD 10 12 0B 6D á¼ÅQZ¾.© 'îzÍ...m > [0A0] 75 D0 73 2F 99 87 79 67 BC B3 8D 33 BE 45 4D 7F uÐs/..yg ¼³.3¾EM. > [0B0] 19 C2 0E 1A 8E 7F 64 62 F6 49 B6 75 8F 85 61 3E .Â....db öI¶u..a> > [0C0] A0 DD 67 7E C5 A0 38 07 CD F8 8A 2F 43 8C 14 AF Ýg~Å 8. Íø./C..¯ > [0D0] 9C D5 D1 A2 C0 E2 EC 81 2A 80 54 D6 04 96 55 70 .ÕÑ¢Àâì. *.TÖ..Up > [0E0] C3 5B 0A 6C 81 96 EB AB E7 B2 4A 59 03 67 4D 6D Ã[.l..ë« ç²JY.gMm > [0F0] E9 09 BB 18 FA 38 1F E7 8C 29 B6 18 44 8B 48 FB é.».ú8.ç .)¶.D.Hû > [100] C2 68 55 57 24 82 E7 7A 74 A4 53 9A 61 C2 4B 4A ÂhUW$.çz t¤S.aÂKJ > [110] 57 57 33 0E 3D C5 D6 6B AB 07 1A 1D 55 52 78 E0 WW3.=ÅÖk «...URxà > [120] 1D 89 90 AB E7 B6 B5 62 E8 00 40 C8 68 DB 7E 25 ...«ç¶µb è.@ÈhÛ~% > [130] 5C D2 3E A9 07 39 DE C3 52 88 F3 D2 E5 3B 0B B3 \Ò>©.9Þà R.óÒå;.³ > [140] AD BC 9C 72 4E 22 0D 9E 78 E2 07 1D 6A 7D 4C AC ¼.rN".. xâ..j}L¬ > [150] B3 10 3A 45 1C 6B 79 57 2A 22 D0 0E 25 05 7B 44 ³.:E.kyW *"Ð.%.{D > [160] 06 02 00 01 00 00 00 77 00 7A 00 FF FF 00 00 87 .......w .z.ÿÿ... > [170] 6F 70 7E 87 10 B6 CE 4B E4 93 7B BD 0F 9B DC EA op~..¶ÎK ä.{½..Üê > [180] E0 AC C6 98 90 EB E6 à¬Æ..ëæ >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 56 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_sign_outgoing_message(327) > client_sign_outgoing_message: sent SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] BB 5B 27 6A B5 DC 3B EA »['jµÜ;ê >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(132) > write_socket(13,462) >[2006/06/07 11:03:35, 6] libsmb/clientgen.c:write_socket(135) > write_socket(13,462) wrote 462 >[2006/06/07 11:03:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 552 >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=552 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=30 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 496 (0x1F0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 496 (0x1F0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=497 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 78 05 00 02 03 10 00 00 00 F0 01 20 00 10 00 00 x....... .ð. .... > [010] 00 AC 01 00 00 00 00 00 00 2C 5A DA 04 AA 57 E1 .¬...... .,ZÚ.ªWá > [020] 2C 5E 84 87 1C 76 90 23 81 52 8E 8C E8 4D 0C E0 ,^...v.# .R..èM.à > [030] E5 54 19 74 0B 22 57 E8 80 5E 21 11 A2 9C 24 4D åT.t."Wè .^!.¢.$M > [040] 52 F2 E6 66 6B BE EF 50 22 E9 11 EE 69 78 08 84 Ròæfk¾ïP "é.îix.. > [050] 1A 48 0A 05 09 A6 4A 36 8E E7 C1 6C 3B E9 4E C8 .H...¦J6 .çÁl;éNÈ > [060] 27 6D CA 52 EE 2F BF EE E6 44 29 A5 9D 94 77 E0 'mÊRî/¿î æD)¥..wà > [070] E4 FA 42 0B BE E5 88 8C EA 42 C8 19 71 1B 3E 77 äúB.¾å.. êBÈ.q.>w > [080] AD BE 8F 8E 86 17 6A D7 D8 0F A8 78 93 6C 4A 42 ¾....j× Ø.¨x.lJB > [090] 5E 57 C7 42 5E 6F 6D 55 D9 FF AF 7B 9B 80 25 A9 ^WÇB^omU Ùÿ¯{..%© > [0A0] 15 36 8C F3 84 2E 62 6A 8E DC BD 25 F5 4B 10 FF .6.ó..bj .ܽ%õK.ÿ > [0B0] 2A B4 4A 28 75 DD 3A 9B 3D 66 6A 8E FB 3F 4A 2C *´J(uÝ:. =fj.û?J, > [0C0] 2B AE 20 48 EA 7E E5 DE 2A FA 4F C9 55 F5 CD FB +® Hê~åÞ *úOÉUõÍû > [0D0] 7B BA A8 2F FA AD E1 5E EB FB FF 24 88 2A E6 6F {º¨/úá^ ëûÿ$.*æo > [0E0] E8 86 65 4E 55 4C 6C 2A 5A 7A 1E A5 94 C8 5E 6B è.eNULl* Zz.¥.È^k > [0F0] 6C 8B 8E A6 AD A6 3F CC 43 B8 BD F4 D5 6D 76 8F l..¦¦?Ì C¸½ôÕmv. > [100] 88 31 63 21 09 66 62 76 92 D0 F3 00 13 58 AA B2 .1c!.fbv .Ðó..Xª² > [110] 74 8B FF 28 02 E5 B0 91 0F 52 E4 00 D4 48 6C 21 t.ÿ(.å°. .Rä.ÔHl! > [120] 9B E2 D9 7E AB B5 AA 2B 82 EA 1B 66 F4 6F F2 B0 .âÙ~«µª+ .ê.fôoò° > [130] 23 81 0D 4A 26 A5 BC 6E DB D0 65 0D 6F C8 39 80 #..J&¥¼n ÛÐe.oÈ9. > [140] CA 22 6C 06 AC 18 18 35 75 C0 8C 05 2D 56 14 DD Ê"l.¬..5 uÀ..-V.Ý > [150] 35 E8 40 A0 78 1A 6A 29 96 83 E8 3C A0 F3 8C BB 5è@ x.j) ..è< ó.» > [160] AD EF 18 77 86 AA 81 7A E6 8C 43 B4 DA 33 92 2A ï.w.ª.z æ.C´Ú3.* > [170] 82 A2 AC 50 08 F8 2D DD 0F 61 E0 E7 83 42 4D 77 .¢¬P.ø-Ý .aàç.BMw > [180] 83 D3 CA 32 CA C1 BA CA 9D D7 1E F0 4F 51 9A C7 .ÓÊ2ÊÁºÊ .×.ðOQ.Ç > [190] C9 13 9D 5C 11 83 4E D2 8A 29 52 FA B5 31 CB 29 É..\..NÒ .)Rúµ1Ë) > [1A0] AB 96 86 64 D2 98 E7 3E 45 1F 50 B0 60 A2 19 82 «..dÒ.ç> E.P°`¢.. > [1B0] C1 BD 4D 8C 9A 88 37 1E 6C 0B 63 8E 0A 1F AD BB Á½M...7. l.c...» > [1C0] 28 5F 22 5F 7F 92 45 06 E3 44 06 04 00 01 00 00 (_"_..E. ãD...... > [1D0] 00 77 00 7A 00 FF FF 00 00 1D CC 0D 87 A2 DD 62 .w.z.ÿÿ. ..Ì..¢Ýb > [1E0] D2 BC 1E 8F 93 D2 69 35 F0 9A 4C 17 07 EE C2 03 Ò¼...Òi5 ð.L..îÂ. > [1F0] 8C . >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:simple_packet_signature(262) > simple_packet_signature: sequence number 57 >[2006/06/07 11:03:35, 10] libsmb/smb_signing.c:client_check_incoming_message(387) > client_check_incoming_message: seq 57: got good SMB signature of >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] CB 9A 97 46 FD FF 45 53 Ë..FýÿES >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(478) >[2006/06/07 11:03:35, 5] lib/util.c:show_msg(488) > size=552 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55301 > smb_tid=53253 > smb_pid=32155 > smb_uid=63490 > smb_mid=30 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 496 (0x1F0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 496 (0x1F0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=497 >[2006/06/07 11:03:35, 10] lib/util.c:dump_data(2215) > [000] 78 05 00 02 03 10 00 00 00 F0 01 20 00 10 00 00 x....... .ð. .... > [010] 00 AC 01 00 00 00 00 00 00 2C 5A DA 04 AA 57 E1 .¬...... .,ZÚ.ªWá > [020] 2C 5E 84 87 1C 76 90 23 81 52 8E 8C E8 4D 0C E0 ,^...v.# .R..èM.à > [030] E5 54 19 74 0B 22 57 E8 80 5E 21 11 A2 9C 24 4D åT.t."Wè .^!.¢.$M > [040] 52 F2 E6 66 6B BE EF 50 22 E9 11 EE 69 78 08 84 Ròæfk¾ïP "é.îix.. > [050] 1A 48 0A 05 09 A6 4A 36 8E E7 C1 6C 3B E9 4E C8 .H...¦J6 .çÁl;éNÈ > [060] 27 6D CA 52 EE 2F BF EE E6 44 29 A5 9D 94 77 E0 'mÊRî/¿î æD)¥..wà > [070] E4 FA 42 0B BE E5 88 8C EA 42 C8 19 71 1B 3E 77 äúB.¾å.. êBÈ.q.>w > [080] AD BE 8F 8E 86 17 6A D7 D8 0F A8 78 93 6C 4A 42 ¾....j× Ø.¨x.lJB > [090] 5E 57 C7 42 5E 6F 6D 55 D9 FF AF 7B 9B 80 25 A9 ^WÇB^omU Ùÿ¯{..%© > [0A0] 15 36 8C F3 84 2E 62 6A 8E DC BD 25 F5 4B 10 FF .6.ó..bj .ܽ%õK.ÿ > [0B0] 2A B4 4A 28 75 DD 3A 9B 3D 66 6A 8E FB 3F 4A 2C *´J(uÝ:. =fj.û?J, > [0C0] 2B AE 20 48 EA 7E E5 DE 2A FA 4F C9 55 F5 CD FB +® Hê~åÞ *úOÉUõÍû > [0D0] 7B BA A8 2F FA AD E1 5E EB FB FF 24 88 2A E6 6F {º¨/úá^ ëûÿ$.*æo > [0E0] E8 86 65 4E 55 4C 6C 2A 5A 7A 1E A5 94 C8 5E 6B è.eNULl* Zz.¥.È^k > [0F0] 6C 8B 8E A6 AD A6 3F CC 43 B8 BD F4 D5 6D 76 8F l..¦¦?Ì C¸½ôÕmv. > [100] 88 31 63 21 09 66 62 76 92 D0 F3 00 13 58 AA B2 .1c!.fbv .Ðó..Xª² > [110] 74 8B FF 28 02 E5 B0 91 0F 52 E4 00 D4 48 6C 21 t.ÿ(.å°. .Rä.ÔHl! > [120] 9B E2 D9 7E AB B5 AA 2B 82 EA 1B 66 F4 6F F2 B0 .âÙ~«µª+ .ê.fôoò° > [130] 23 81 0D 4A 26 A5 BC 6E DB D0 65 0D 6F C8 39 80 #..J&¥¼n ÛÐe.oÈ9. > [140] CA 22 6C 06 AC 18 18 35 75 C0 8C 05 2D 56 14 DD Ê"l.¬..5 uÀ..-V.Ý > [150] 35 E8 40 A0 78 1A 6A 29 96 83 E8 3C A0 F3 8C BB 5è@ x.j) ..è< ó.» > [160] AD EF 18 77 86 AA 81 7A E6 8C 43 B4 DA 33 92 2A ï.w.ª.z æ.C´Ú3.* > [170] 82 A2 AC 50 08 F8 2D DD 0F 61 E0 E7 83 42 4D 77 .¢¬P.ø-Ý .aàç.BMw > [180] 83 D3 CA 32 CA C1 BA CA 9D D7 1E F0 4F 51 9A C7 .ÓÊ2ÊÁºÊ .×.ðOQ.Ç > [190] C9 13 9D 5C 11 83 4E D2 8A 29 52 FA B5 31 CB 29 É..\..NÒ .)Rúµ1Ë) > [1A0] AB 96 86 64 D2 98 E7 3E 45 1F 50 B0 60 A2 19 82 «..dÒ.ç> E.P°`¢.. > [1B0] C1 BD 4D 8C 9A 88 37 1E 6C 0B 63 8E 0A 1F AD BB Á½M...7. l.c...» > [1C0] 28 5F 22 5F 7F 92 45 06 E3 44 06 04 00 01 00 00 (_"_..E. ãD...... > [1D0] 00 77 00 7A 00 FF FF 00 00 1D CC 0D 87 A2 DD 62 .w.z.ÿÿ. ..Ì..¢Ýb > [1E0] D2 BC 1E 8F 93 D2 69 35 F0 9A 4C 17 07 EE C2 03 Ò¼...Òi5 ð.L..îÂ. > [1F0] 8C . >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 01f0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000010 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 000001ac >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 0001c8 smb_io_rpc_hdr_auth hdr_auth >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01c8 auth_type : 44 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01c9 auth_level : 06 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01ca auth_pad_len : 04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01cb auth_reserved: 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01cc auth_context_id: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 0001d0 smb_io_rpc_auth_schannel_chk >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01d0 sig : 77 00 7a 00 ff ff 00 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01d8 seq_num: 1d cc 0d 87 a2 dd 62 d2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01e0 packet_digest: bc 1e 8f 93 d2 69 35 f0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 01e8 confounder: 9a 4c 17 07 ee c2 03 8c >[2006/06/07 11:03:35, 10] rpc_parse/parse_prs.c:schannel_decode(1709) > SCHANNEL: schannel_decode seq_num=3 data_len=432 >[2006/06/07 11:03:35, 10] rpc_parse/parse_prs.c:schannel_decode(1729) > SCHANNEL: schannel_decode seq_num=3 data_len=432 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 496, data_len 428, ss_len 4 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 496 at offset 0 >[2006/06/07 11:03:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine RANGER1 pipe \NETLOGON fnum 0xc00a returned 856 bytes. >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_sam_logon >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 buffer_creds: 00020000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_cred >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_chal >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0004 data: 69 f4 34 18 3a 44 2d 93 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_utime >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c time: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 switch_value: 0003 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 net_io_user_info3 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr_user_info : 00020004 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time logon time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : 7d10b6be >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 01c68a5b >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time logoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 7fffffff >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time kickoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 7fffffff >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time last set time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 01c68a5b >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_time can change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c high: 01c68a5b >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_time must change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 high: 7fffffff >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00020008 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_full_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_logon_script >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_profile_path >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr hdr_home_dir >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000000 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr hdr_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 logon_count : 01e0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a bad_pw_count : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_rid : 00000476 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 group_rid : 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 num_groups : 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer_groups : 0002000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c user_flgs : 00000120 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0090 user_sess_key: 47 64 4d b2 5a 6b b0 9b 9a 7b f5 38 c1 2d 11 43 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_unihdr hdr_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a0 uni_str_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a2 uni_max_len: 0010 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 buffer : 00020010 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_unihdr hdr_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a8 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00aa uni_max_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac buffer : 00020014 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer_dom_id : 00020018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00b4 lm_sess_key: 4f 88 c2 da 83 45 41 5d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc acct_flags : 00000210 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 buffer_other_sids: 0002001c >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 uni_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00f0 buffer : m.a.i.n.t. >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_full_name >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_logon_script >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_profile_path >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_home_dir >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000fa smb_io_unistr2 - NULL uni_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc num_groups2 : 00000005 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000100 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 g_rid: 0000049f >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000108 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 g_rid: 0000046c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000110 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 g_rid: 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 g_rid: 00000200 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000120 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 g_rid: 0000046d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 attr : 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000128 smb_io_unistr2 uni_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 uni_max_len: 00000008 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 uni_str_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0134 buffer : R.A.N.G.E.R.1. >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000142 smb_io_unistr2 uni_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0144 uni_max_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0150 buffer : F.O.R.E.S.T. >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00015c smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 015c num_auths: 00000004 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000160 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0160 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0161 num_auths : 04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0162 id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0163 id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0164 id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0165 id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0166 id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0167 id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0168 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c sid_ptr: 00020020 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 attribute: 00000007 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 num_auths: 00000005 >[2006/06/07 11:03:35, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000188 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0188 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0189 num_auths : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018a id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018b id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018c id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018d id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018e id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 018f id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0190 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb 00000468 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 auth_resp : 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 01a8 status : NT_STATUS_OK >[2006/06/07 11:03:35, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/06/07 11:03:35, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-484763869-746137067-1343024091-1142] >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 448714f7 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 00020004 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : 7d10b6be >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c68a5b >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01c68a5b >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ba7541b4 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01c68a5b >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000a >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00020008 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 01e0 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 00000476 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0002000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000120 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 3a 84 17 d1 0a 13 8f 70 f7 53 cf 7e 22 72 ba e0 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 0010 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00020010 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 000c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 000e >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 00020014 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 00020018 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 32 68 98 b9 d3 3d 7e b6 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000210 >[2006/06/07 11:03:35, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 0002001c >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000005 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : m.a.i.n.t. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_full_name >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_logon_script >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_profile_path >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_home_dir >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ea smb_io_unistr2 - NULL uni_dir_drive >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec num_groups2 : 00000005 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f0 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 g_rid: 0000049f >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f8 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 g_rid: 0000046c >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000100 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 g_rid: 00000201 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000108 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 g_rid: 00000200 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000110 smb_io_gid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 g_rid: 0000046d >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 attr : 00000007 >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_unistr2 uni_logon_srv >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 uni_max_len: 00000008 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_str_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0124 buffer : R.A.N.G.E.R.1. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000132 smb_io_unistr2 uni_logon_dom >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 uni_max_len: 00000007 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 offset : 00000000 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_str_len: 00000006 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0140 buffer : F.O.R.E.S.T. >[2006/06/07 11:03:35, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00014c smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c num_auths: 00000004 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000150 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0150 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0151 num_auths : 04 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0152 id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0153 id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0154 id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0155 id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0156 id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0157 id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0158 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0168 num_other_sids: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c sid_ptr: 00000001 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0170 attribute: 00000007 >[2006/06/07 11:03:35, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000174 smb_io_dom_sid2 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0174 num_auths: 00000005 >[2006/06/07 11:03:35, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000178 smb_io_dom_sid sid >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0178 sid_rev_num: 01 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0179 num_auths : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017a id_auth[0] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017b id_auth[1] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017c id_auth[2] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017d id_auth[3] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017e id_auth[4] : 00 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 017f id_auth[5] : 05 >[2006/06/07 11:03:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0180 sub_auths : 00000015 1ce4e8dd 2c7925eb 500cebdb 00000468 >[2006/06/07 11:03:35, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(86) > netsamlogon_clear_cached_user: clearing U/FOREST/1142 >[2006/06/07 11:03:35, 10] libsmb/samlogon_cache.c:netsamlogon_clear_cached_user(97) > netsamlogon_clear_cached_user: clearing UG/FOREST/1142 >[2006/06/07 11:03:35, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1616) > NTLM CRAP authentication for user [FOREST]\[maint] returned NT_STATUS_OK (PAM: 0) >[2006/06/07 11:03:35, 10] nsswitch/winbindd_cache.c:cache_store_response(1912) > Storing response for pid 32155, len 3192 >[2006/06/07 11:03:35, 10] lib/events.c:get_timed_events_timeout(118) > timed_events_timeout: 3563/450667 >[2006/06/07 11:03:35, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1952) > Retrieving response for pid 32155 >[2006/06/07 11:03:46, 6] nsswitch/winbindd.c:new_connection(601) > accepted socket 18 >[2006/06/07 11:03:46, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn INTERFACE_VERSION >[2006/06/07 11:03:46, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(471) > [ 0]: request interface version >[2006/06/07 11:03:46, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn WINBINDD_PRIV_PIPE_DIR >[2006/06/07 11:03:46, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504) > [ 0]: request location of privileged pipe >[2006/06/07 11:03:46, 6] nsswitch/winbindd.c:new_connection(601) > accepted socket 19 >[2006/06/07 11:03:46, 10] nsswitch/winbindd.c:process_request(287) > process_request: request fn GETGROUPS >[2006/06/07 11:03:46, 3] nsswitch/winbindd_group.c:winbindd_getgroups(991) > [ 0]: getgroups maint >[2006/06/07 11:03:46, 7] nsswitch/winbindd_group.c:winbindd_getgroups(1035) > winbindd_getpwnam: My domain -- rejecting getgroups() for FOREST\maint.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1952">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3827
: 1952 |
1953