./net rpc join -U administrator%password -d10 [2007/04/06 11:58:36, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2007/04/06 11:58:36, 3] param/loadparm.c:lp_load(4945) lp_load: refreshing parameters [2007/04/06 11:58:36, 3] param/loadparm.c:init_globals(1410) Initialising global parameters [2007/04/06 11:58:36, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" [2007/04/06 11:58:36, 3] param/loadparm.c:do_section(3687) Processing section "[global]" doing parameter workgroup = D2d doing parameter server string = Geneva Samba Server doing parameter security = domain doing parameter client schannel = No doing parameter server schannel = No doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter dns proxy = no [2007/04/06 11:58:36, 4] param/loadparm.c:lp_load(4976) pm_process() returned Yes [2007/04/06 11:58:36, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find homes [2007/04/06 11:58:36, 10] param/loadparm.c:set_server_role(4221) set_server_role: role = ROLE_DOMAIN_MEMBER [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'ISO8859-1' for LOCALE [2007/04/06 11:58:37, 5] lib/util.c:init_names(286) Netbios name list:- my_netbios_names[0]="GENEVA" [2007/04/06 11:58:37, 2] lib/interface.c:add_interface(81) added interface ip=192.168.30.21 bcast=192.168.30.255 nmask=255.255.255.0 [2007/04/06 11:58:37, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up D2D#1b [2007/04/06 11:58:37, 5] lib/gencache.c:gencache_init(61) Opening cache file at /usr/local/samba/var/locks/gencache.tdb [2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Fri Apr 6 12:08:20 2007 [2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_fetch(201) name D2D#1B found. [2007/04/06 11:58:37, 6] libsmb/namequery.c:get_pdc_ip(1348) get_pdc_ip: PDC has 2 IP addresses! [2007/04/06 11:58:37, 10] libsmb/namequery.c:name_status_find(276) name_status_find: looking up D2D#1b at 192.168.30.206 [2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Fri Apr 6 12:08:20 2007 [2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_status_fetch(314) namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_start_connection(1426) Connecting to host=D2DMAIL [2007/04/06 11:58:37, 3] lib/util_sock.c:open_socket_out(874) Connecting to 192.168.30.206 at port 445 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 49152 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 49640 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDLOWAT. [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVLOWAT. [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDTIMEO. [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVTIMEO. [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,183) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,183) wrote 183 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 173 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=17024 (0x4280) smb_vwv[12]=51168 (0xC7E0) smb_vwv[13]=25711 (0x646F) smb_vwv[14]=51064 (0xC778) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=17024 (0x4280) smb_vwv[12]=51168 (0xC7E0) smb_vwv[13]=25711 (0x646F) smb_vwv[14]=51064 (0xC778) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,92) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,92) wrote 92 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 177 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=4099 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=4099 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,82) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,82) wrote 82 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=25491 smb_uid=4099 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 49 50 43 00 00 00 00 IPC.... [2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2007/04/06 11:58:37, 10] libsmb/namequery.c:saf_store(71) saf_store: domain = [D2D], server = [D2DMAIL], expire = [1175876017] [2007/04/06 11:58:37, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Fri Apr 6 12:13:37 2007 (900 seconds ahead) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,104) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,104) wrote 104 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=25491 smb_uid=4099 smb_mid=4 smt_wct=0 smb_bcc=0 [2007/04/06 11:58:37, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED [2007/04/06 11:58:37, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/local/samba/lib/C.msg: No such file or directory Could not initialise lsa pipe [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,39) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,39) wrote 39 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=25491 smb_uid=4099 smb_mid=5 smt_wct=0 smb_bcc=0 [2007/04/06 11:58:37, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up D2D#1b [2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Fri Apr 6 12:08:20 2007 [2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_fetch(201) name D2D#1B found. [2007/04/06 11:58:37, 6] libsmb/namequery.c:get_pdc_ip(1348) get_pdc_ip: PDC has 2 IP addresses! [2007/04/06 11:58:37, 10] libsmb/namequery.c:name_status_find(276) name_status_find: looking up D2D#1b at 192.168.30.206 [2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Fri Apr 6 12:08:20 2007 [2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_status_fetch(314) namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_start_connection(1426) Connecting to host=D2DMAIL [2007/04/06 11:58:37, 3] lib/util_sock.c:open_socket_out(874) Connecting to 192.168.30.206 at port 445 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 49152 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 49640 [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDLOWAT. [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVLOWAT. [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDTIMEO. [2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVTIMEO. [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,183) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,183) wrote 183 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 173 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]= 1152 (0x480) smb_vwv[12]=54220 (0xD3CC) smb_vwv[13]=25711 (0x646F) smb_vwv[14]=51064 (0xC778) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]= 1152 (0x480) smb_vwv[12]=54220 (0xD3CC) smb_vwv[13]=25711 (0x646F) smb_vwv[14]=51064 (0xC778) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721) Doing spnego session setup (blob length=104) [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 48018 1 2 2 [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 3 [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 3 6 1 4 1 311 2 2 10 [2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754) got principal=d2dmail$@D2D.COM [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,160) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,160) wrote 160 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 348 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=348 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=6144 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 348 (0x15C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 177 (0xB1) smb_bcc=305 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 [030] 00 00 00 15 02 89 62 42 56 43 CD 8D 92 A2 33 00 ......bB VCÍ..¢3. [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [130] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=348 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=6144 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 348 (0x15C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 177 (0xB1) smb_bcc=305 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 [030] 00 00 00 15 02 89 62 42 56 43 CD 8D 92 A2 33 00 ......bB VCÍ..¢3. [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [130] 00 . [2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950) Got challenge flags: [2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x62890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972) NTLMSSP: Set final flags: [2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/04/06 11:58:37, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1046) NTLMSSP challenge set by NTLM2 [2007/04/06 11:58:37, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) challenge is: [2007/04/06 11:58:37, 5] lib/util.c:dump_data(2222) [000] 76 A8 4C 09 08 E3 E8 2D v¨L..ãè- [2007/04/06 11:58:37, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,270) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,270) wrote 270 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 180 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=180 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=6144 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=137 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=180 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=6144 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=137 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,82) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,82) wrote 82 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 49 50 43 00 00 00 00 IPC.... [2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user administrator domain D2D [2007/04/06 11:58:37, 10] libsmb/namequery.c:saf_store(71) saf_store: domain = [D2D], server = [D2DMAIL], expire = [1175876017] [2007/04/06 11:58:37, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Fri Apr 6 12:13:37 2007 (900 seconds ahead) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,104) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,104) wrote 104 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[4002]: \lsarpc auth_type 0, auth_level 0 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AB .4Wx.4«Í ï..#Eg.« [010] 00 00 00 00 .... [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345778 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 89 ab [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000000 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=87 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.??ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,158) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,158) wrote 158 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 8A 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 8A 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 68 bytes. [2007/04/06 11:58:37, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 bind request returned ok.[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 0000308a [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine D2DMAIL and bound anonymously. [2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) init_lsa_sec_qos [2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) init_open_pol: attr:0 da:33554432 [2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr : 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 system_name: 005c [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 len : 00000018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_root_dir: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 ptr_obj_name: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 attributes : 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr_sec_desc: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c ptr_sec_qos : 00000001 [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_qos sec_qos [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 len : 0000000c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 sec_imp_level : 0002 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0026 sec_ctxt_mode : 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0027 effective_only: 00 [2007/04/06 11:58:37, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 des_access: 02000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000002c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0006 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=83 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,154) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,154) wrote 154 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F5 29 1E ........ .....õ). [020] A6 4B 9B 39 40 A1 7D 32 8B 26 57 63 A5 00 00 00 ¦K.9@¡}2 .&Wc¥... [030] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F5 29 1E ........ .....õ). [020] A6 4B 9B 39 40 A1 7D 32 8B 26 57 63 A5 00 00 00 ¦K.9@¡}2 .&Wc¥... [030] 00 . [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 48 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: a61e29f5 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 9b4b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 4039 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: a1 7d 32 8b 26 57 63 a5 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_q_query(488) init_q_query [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: a61e29f5 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 9b4b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 4039 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: a1 7d 32 8b 26 57 63 a5 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 info_class: 0005 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000016 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0007 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=61 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 F5 29 1E A6 4B ........ ...õ).¦K [030] 9B 39 40 A1 7D 32 8B 26 57 63 A5 05 00 .9@¡}2.& Wc¥.. [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,132) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,132) wrote 132 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 152 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 1E .H...... ........ [020] A6 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 ¦....... ........ [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... [060] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 1E .H...... ........ [020] A6 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 ¦....... ........ [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... [060] 00 . [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0060 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000048 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 96, data_len 72, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 96 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 144 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 dom_ptr: 00020000 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 info_class: 0005 [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 uni_dom_max_len: 0006 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a uni_dom_str_len: 0008 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buffer_dom_name: 00020004 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buffer_dom_sid : 00020008 [2007/04/06 11:58:37, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 uni_max_len: 00000004 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 offset : 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_str_len: 00000003 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0020 buffer : D.2.D. [2007/04/06 11:58:37, 8] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_dom_sid2 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 num_auths: 00000004 [2007/04/06 11:58:37, 9] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid sid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002c sid_rev_num: 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002d num_auths : 04 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002e id_auth[0] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 002f id_auth[1] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0030 id_auth[2] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0031 id_auth[3] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0032 id_auth[4] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0033 id_auth[5] : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0034 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0044 status: NT_STATUS_OK [2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(2126) init_lsa_q_close [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: a61e29f5 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 9b4b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 4039 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: a1 7d 32 8b 26 57 63 a5 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000014 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0000 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=59 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 F5 29 1E A6 4B ........ ...õ).¦K [030] 9B 39 40 A1 7D 32 8B 26 57 63 A5 .9@¡}2.& Wc¥ [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,130) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,130) wrote 130 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 48 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,45) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,45) wrote 45 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=10 smt_wct=0 smb_bcc=0 [2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) cli_rpc_pipe_close: closed pipe \lsarpc to machine D2DMAIL [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,100) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,100) wrote 100 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=11 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[4003]: \samr auth_type 0, auth_level 0 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AC .4Wx.4«Í ï..#Eg.¬ [010] 00 00 00 01 .... [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345778 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 89 ac [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=87 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.??ï ..#Eg.¬. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,158) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,158) wrote 158 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 8B 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 8B 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 68 bytes. [2007/04/06 11:58:37, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine D2DMAIL pipe \samr fnum 0x4003 bind request returned ok. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 0000308b [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) cli_rpc_pipe_open_noauth: opened pipe \samr to machine D2DMAIL and bound anonymously. [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_connect(36) cli_samr_connect to D2DMAIL [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_connect(6978) init_samr_q_connect [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_connect [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name: 00000001 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000008 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000008 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : D.2.D.M.A.I.L... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 access_mask: 02000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000024 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0039 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=75 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 24 .......< .......$ [020] 00 00 00 00 00 39 00 01 00 00 00 08 00 00 00 00 .....9.. ........ [030] 00 00 00 08 00 00 00 44 00 32 00 44 00 4D 00 41 .......D .2.D.M.A [040] 00 49 00 4C 00 00 00 00 00 00 02 .I.L.... ... [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,146) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,146) wrote 146 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CB 93 6A ........ .....Ë.j [020] B1 0E 49 EF 4E AC E0 E2 A6 FE DB 61 5F 00 00 00 ±.IïN¬àâ ¦þÛa_... [030] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CB 93 6A ........ .....Ë.j [020] B1 0E 49 EF 4E AC E0 E2 A6 FE DB 61 5F 00 00 00 ±.IïN¬àâ ¦þÛa_... [030] 00 . [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_connect [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd connect_pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: b16a93cb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 490e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 4eef [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: ac e0 e2 a6 fe db 61 5f [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_open_domain(149) cli_samr_open_domain with sid S-1-5-21-1027589457-4058082779-2152882814 [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_open_domain(248) samr_init_samr_q_open_domain [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_domain [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: b16a93cb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 490e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 4eef [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: ac e0 e2 a6 fe db 61 5f [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 flags: 02000000 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_dom_sid2 sid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 num_auths: 00000004 [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_dom_sid sid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001c sid_rev_num: 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001d num_auths : 04 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e id_auth[0] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001f id_auth[1] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0020 id_auth[2] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0021 id_auth[3] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0022 id_auth[4] : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0023 id_auth[5] : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0024 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 004c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000007 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000034 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0007 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=91 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 [020] 00 00 00 00 00 07 00 00 00 00 00 CB 93 6A B1 0E ........ ...Ë.j±. [030] 49 EF 4E AC E0 E2 A6 FE DB 61 5F 00 00 00 02 04 IïN¬àâ¦þ Ûa_..... [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 51 ........ .......Q [050] C5 3F 3D DB 6D E1 F1 7E 62 52 80 Å?=Ûmáñ~ bR. [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,162) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,162) wrote 162 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F7 AA 37 ........ .....÷ª7 [020] C0 B1 A3 7D 42 9A ED AA 7E D4 74 FA BB 00 00 00 1£}B.íª ~Ôtú»... [030] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F7 AA 37 ........ .....÷ª7 [020] C0 B1 A3 7D 42 9A ED AA 7E D4 74 FA BB 00 00 00 1£}B.íª ~Ôtú»... [030] 00 . [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000007 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_domain [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: c037aaf7 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: a3b1 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 427d [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 9a ed aa 7e d4 74 fa bb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_create_dom_user(1601) cli_samr_create_dom_user geneva$ [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_create_user(5168) samr_init_samr_q_create_user [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_create_user [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: c037aaf7 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: a3b1 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 427d [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 9a ed aa 7e d4 74 fa bb [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr hdr_name [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 uni_str_len: 000e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 uni_max_len: 000e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 buffer : 00000001 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 uni_name [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000007 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000007 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : g.e.n.e.v.a.$. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 acb_info : 00000080 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c access_mask: e005000b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000008 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000040 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0032 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=103 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 00 00 08 00 00 00 40 .......X .......@ [020] 00 00 00 00 00 32 00 00 00 00 00 F7 AA 37 C0 B1 .....2.. ...÷ª71 [030] A3 7D 42 9A ED AA 7E D4 74 FA BB 0E 00 0E 00 01 £}B.íª~Ô tú»..... [040] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g [050] 00 65 00 6E 00 65 00 76 00 61 00 24 00 00 00 80 .e.n.e.v .a.$.... [060] 00 00 00 0B 00 05 E0 ......à [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,174) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,174) wrote 174 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 112 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 63 00 00 C0 .....c.. À [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 63 00 00 C0 .....c.. À [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0038 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000008 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000020 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 56 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 64 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_create_user [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 access_granted: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 user_rid : 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 001c status: NT_STATUS_USER_EXISTS [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_lookup_names(1541) cli_samr_lookup_names [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_lookup_names(4817) init_samr_q_lookup_names [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_lookup_names [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: c037aaf7 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: a3b1 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 427d [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 9a ed aa 7e d4 74 fa bb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 num_names1: 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 flags : 000003e8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c ptr : 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 num_names2: 00000001 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unihdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 uni_str_len: 000e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 uni_max_len: 000e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 buffer : 00000001 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_max_len: 00000007 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 offset : 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 uni_str_len: 00000007 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0038 buffer : g.e.n.e.v.a.$. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 005e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000009 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000046 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0011 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=109 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5E 00 00 00 09 00 00 00 46 .......^ .......F [020] 00 00 00 00 00 11 00 00 00 00 00 F7 AA 37 C0 B1 ........ ...÷ª71 [030] A3 7D 42 9A ED AA 7E D4 74 FA BB 01 00 00 00 E8 £}B.íª~Ô tú»....è [040] 03 00 00 00 00 00 00 01 00 00 00 0E 00 0E 00 01 ........ ........ [050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g [060] 00 65 00 6E 00 65 00 76 00 61 00 24 00 .e.n.e.v .a.$. [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,180) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,180) wrote 180 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [020] 00 01 00 00 00 24 0C 00 00 01 00 00 00 04 00 02 .....$.. ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [020] 00 01 00 00 00 24 0C 00 00 01 00 00 00 04 00 02 .....$.. ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000009 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000024 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 60 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 72 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_lookup_names [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 num_rids1: 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_rids : 00020000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 num_rids2: 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c rid[00] : 00000c24 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 num_types1: 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr_types : 00020004 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 num_types2: 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c type[00] : 00000001 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0020 status: NT_STATUS_OK [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_open_user(187) cli_samr_open_user with rid 0xc24 [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_open_user(5099) samr_init_samr_q_open_user [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_user [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: c037aaf7 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: a3b1 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 427d [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 9a ed aa 7e d4 74 fa bb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 access_mask: 02000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 user_rid : 00000c24 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0034 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000a [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000001c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0022 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=67 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 0A 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 22 00 00 00 00 00 F7 AA 37 C0 B1 .....".. ...÷ª71 [030] A3 7D 42 9A ED AA 7E D4 74 FA BB 00 00 00 02 24 £}B.íª~Ô tú»....$ [040] 0C 00 00 ... [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,138) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,138) wrote 138 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 5F BF 1D ........ ....._¿. [020] 5B 09 13 2C 49 B9 9C 5B 57 18 E5 F7 59 00 00 00 [..,I¹.[ W.å÷Y... [030] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 5F BF 1D ........ ....._¿. [020] 5B 09 13 2C 49 B9 9C 5B 57 18 E5 F7 59 00 00 00 [..,I¹.[ W.å÷Y... [030] 00 . [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000a [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_user [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 5b1dbf5f [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 1309 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 492c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b9 9c 5b 57 18 e5 f7 59 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/04/06 11:58:37, 10] rpc_parse/parse_samr.c:init_sam_user_info24(5592) init_sam_user_info24: [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo(1645) cli_samr_set_userinfo [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo(6818) init_samr_q_set_userinfo [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_userinfo_ctr(6587) init_samr_userinfo_ctr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_set_userinfo [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 5b1dbf5f [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 1309 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 492c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b9 9c 5b 57 18 e5 f7 59 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 switch_value: 0018 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 samr_io_userinfo_ctr ctr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 switch_value: 0018 [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 sam_io_user_info24 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 password: c7 03 bb 45 8a 94 09 39 b7 f6 3e 51 3f af 84 b4 2a db eb 7b 93 bf 23 96 4d 95 2d 63 8e b8 6c 79 62 23 e4 97 5c 42 97 c2 ff f1 2d 6e 1c 0c c1 e3 e3 ce f9 ac f6 48 5d 94 b5 07 17 e8 20 ce 47 42 06 84 97 59 d6 b5 f9 c4 65 26 db 70 8e 23 16 14 62 d9 c5 75 83 09 c9 9a 6b 84 15 b2 78 1d 13 e1 8a 79 02 11 1d 12 16 15 18 76 60 c6 24 c0 02 94 0f 78 ee 71 be 45 f0 96 5d bc 5e ca f3 64 5e ef e7 e4 01 bb 8f 2c 7c 55 4f 03 b5 59 af 05 a7 75 39 5b 66 2e 4f f4 c7 a3 1a e4 b5 dc 75 c6 57 60 0f 8e 38 b4 9a 09 93 ca f1 f3 bb 4e e6 02 2e 84 0a 35 f3 9b c1 47 59 a9 fa b1 9c af ea c1 b6 65 01 18 dc f8 34 90 ad f1 64 ce c3 12 3a 0e b8 ba 69 aa 77 84 ed e2 ac b7 0a 00 a8 11 2f 21 a9 19 ee 7d f4 b6 e1 e6 2d 31 2f a2 e8 b1 96 28 67 23 33 24 fe 2c f2 fb be 81 f7 9b e9 cd c1 c3 84 f6 42 69 b3 73 7a cb 72 f7 d7 5b ad 88 f1 e2 19 38 ce 4c 4e 49 87 c5 93 d8 8d 94 92 df 6a 43 fb 19 57 de e9 5c ed f0 b3 82 90 86 b6 df eb b8 c9 2a 63 3e 4c 33 31 cb 9d 3c cf 58 52 d4 22 12 9a 14 1f 6f 8b 2a 12 0a d0 72 49 bf ee 6 +> f da 7e 23 c7 7c e6 72 7c 48 e6 1c 8c 43 8b 4b 6d 9f c9 53 1c 94 71 2c fb b8 2a b9 a4 a6 33 5e 91 69 e4 30 03 82 76 24 46 74 e4 6f 59 fc e8 72 d6 5e c6 88 a2 7e 46 b3 22 ae c8 7c c3 38 37 0a 04 5e 94 89 54 7d b0 af 7f e5 e7 e7 1e a4 62 4d 45 12 96 96 b4 f6 44 30 a3 35 37 ac dd 70 74 9e 5c 7e 40 d5 08 48 a2 6e fd d4 6a b8 fb 4e 32 f0 b9 d5 b6 3c 26 15 83 7c 4e 56 8d 08 6e ae e2 ca 25 68 ef be c3 80 eb 00 a3 8e ad c7 ff be ee aa 3f 6b 67 e0 ae f4 9c 30 c5 d3 f7 a5 db e0 03 41 95 eb 5b 91 7e b1 65 11 dc 13 3d 1c 09 a3 5c 2a ac 28 75 a5 46 54 6b fa a8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 021c pw_len: 0018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0236 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000021e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 003a [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=648 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 566 (0x236) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 566 (0x236) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=581 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 36 02 00 00 0B 00 00 00 1E .......6 ........ [020] 02 00 00 00 00 3A 00 00 00 00 00 5F BF 1D 5B 09 .....:.. ..._¿.[. [030] 13 2C 49 B9 9C 5B 57 18 E5 F7 59 18 00 18 00 C7 .,I¹.[W. å÷Y....Ç [040] 03 BB 45 8A 94 09 39 B7 F6 3E 51 3F AF 84 B4 2A .»E...9· ö>Q?¯.´* [050] DB EB 7B 93 BF 23 96 4D 95 2D 63 8E B8 6C 79 62 Ûë{.¿#.M .-c.¸lyb [060] 23 E4 97 5C 42 97 C2 FF F1 2D 6E 1C 0C C1 E3 E3 #ä.\B.Âÿ ñ-n..Áãã [070] CE F9 AC F6 48 5D 94 B5 07 17 E8 20 CE 47 42 06 Îù¬öH].µ ..è ÎGB. [080] 84 97 59 D6 B5 F9 C4 65 26 DB 70 8E 23 16 14 62 ..Y??ùÄe &Ûp.#..b [090] D9 C5 75 83 09 C9 9A 6B 84 15 B2 78 1D 13 E1 8A ÙÅu..É.k ..²x..á. [0A0] 79 02 11 1D 12 16 15 18 76 60 C6 24 C0 02 94 0F y....... v`Æ$À... [0B0] 78 EE 71 BE 45 F0 96 5D BC 5E CA F3 64 5E EF E7 xîq¾Eð.] ¼^Êód^ïç [0C0] E4 01 BB 8F 2C 7C 55 4F 03 B5 59 AF 05 A7 75 39 ä.».,|UO .µY¯.§u9 [0D0] 5B 66 2E 4F F4 C7 A3 1A E4 B5 DC 75 C6 57 60 0F [f.OôÇ£. äµÜuÆW`. [0E0] 8E 38 B4 9A 09 93 CA F1 F3 BB 4E E6 02 2E 84 0A .8´...Êñ ó»Næ.... [0F0] 35 F3 9B C1 47 59 A9 FA B1 9C AF EA C1 B6 65 01 5ó.ÁGY©ú ±.¯êÁ¶e. [100] 18 DC F8 34 90 AD F1 64 CE C3 12 3A 0E B8 BA 69 .Üø4.­ñd ÎÃ.:.¸ºi [110] AA 77 84 ED E2 AC B7 0A 00 A8 11 2F 21 A9 19 EE ªw.í⬷. .¨./!©.î [120] 7D F4 B6 E1 E6 2D 31 2F A2 E8 B1 96 28 67 23 33 }ô¶áæ-1/ ¢è±.(g#3 [130] 24 FE 2C F2 FB BE 81 F7 9B E9 CD C1 C3 84 F6 42 $þ,òû¾.÷ .éÍÁÃ.öB [140] 69 B3 73 7A CB 72 F7 D7 5B AD 88 F1 E2 19 38 CE i³szËr÷× [­.ñâ.8Î [150] 4C 4E 49 87 C5 93 D8 8D 94 92 DF 6A 43 FB 19 57 LNI.Å.Ø. ..ßjCû.W [160] DE E9 5C ED F0 B3 82 90 86 B6 DF EB B8 C9 2A 63 Þé\íð³.. .¶ßë¸É*c [170] 3E 4C 33 31 CB 9D 3C CF 58 52 D4 22 12 9A 14 1F >L31Ë.<Ï XRÔ".... [180] 6F 8B 2A 12 0A D0 72 49 BF EE 6F DA 7E 23 C7 7C o.*..ÐrI ¿îoÚ~#Ç| [190] E6 72 7C 48 E6 1C 8C 43 8B 4B 6D 9F C9 53 1C 94 ær|Hæ..C .Km.ÉS.. [1A0] 71 2C FB B8 2A B9 A4 A6 33 5E 91 69 E4 30 03 82 q,û¸*¹¤¦ 3^.iä0.. [1B0] 76 24 46 74 E4 6F 59 FC E8 72 D6 5E C6 88 A2 7E v$FtäoYü èrÖ^Æ.¢~ [1C0] 46 B3 22 AE C8 7C C3 38 37 0A 04 5E 94 89 54 7D F³"®È|Ã8 7..^..T} [1D0] B0 AF 7F E5 E7 E7 1E A4 62 4D 45 12 96 96 B4 F6 °¯.åçç.¤ bME...´ö [1E0] 44 30 A3 35 37 AC DD 70 74 9E 5C 7E 40 D5 08 48 D0£57¬Ýp t.\~@Õ.H [1F0] A2 6E FD D4 6A B8 FB 4E 32 F0 B9 D5 B6 3C 26 15 ¢nýÔj¸ûN 2ð¹Õ¶<&. [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,652) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,652) wrote 652 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 001c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000004 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 28 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 8 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0000 status: NT_STATUS_OK [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_sam_user_info16(5437) init_sam_user_info16 [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo2(1696) cli_samr_set_userinfo2 [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo2(6892) init_samr_q_set_userinfo2 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_set_userinfo2 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 5b1dbf5f [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 1309 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 492c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b9 9c 5b 57 18 e5 f7 59 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 switch_value: 0010 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 samr_io_userinfo_ctr ctr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 switch_value: 0010 [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 samr_io_r_user_info16 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 acb_info: 00000080 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0034 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000001c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0025 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=67 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 0C 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 25 00 00 00 00 00 5F BF 1D 5B 09 .....%.. ..._¿.[. [030] 13 2C 49 B9 9C 5B 57 18 E5 F7 59 10 00 10 00 80 .,I¹.[W. å÷Y..... [040] 00 00 00 ... [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,138) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,138) wrote 138 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 001c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000004 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 28 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 8 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo2 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0000 status: NT_STATUS_OK [2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_close(109) cli_samr_close [2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_close_hnd(38) init_samr_q_close_hnd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_close_hnd [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 5b1dbf5f [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 1309 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 492c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: b9 9c 5b 57 18 e5 f7 59 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000d [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000014 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0001 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=59 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 00 14 ......., ........ [020] 00 00 00 00 00 01 00 00 00 00 00 5F BF 1D 5B 09 ........ ..._¿.[. [030] 13 2C 49 B9 9C 5B 57 18 E5 F7 59 .,I¹.[W. å÷Y [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,130) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,130) wrote 130 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000d [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_close_hnd [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,45) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,45) wrote 45 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=21 smt_wct=0 smb_bcc=0 [2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) cli_rpc_pipe_close: closed pipe \samr to machine D2DMAIL [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,108) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,108) wrote 108 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=22 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[4004]: \NETLOGON auth_type 0, auth_level 0 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4«Í ï..#EgÏû [010] 00 00 00 01 .... [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000e [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=87 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0E 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.??ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,158) [2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,158) wrote 158 [2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... [010] 00 B8 10 B8 10 8C 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... [010] 00 B8 10 B8 10 8C 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000e [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 returned 68 bytes. [2007/04/06 11:58:38, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 bind request returned ok. [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000e [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 0000308c [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2007/04/06 11:58:38, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine D2DMAIL and bound anonymously. [2007/04/06 11:58:38, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) cli_net_req_chal: LSA Request Challenge from GENEVA to \\D2DMAIL [2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.D.2.D.M.A.I.L... [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000007 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000007 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : G.E.N.E.V.A... [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 00003e smb_io_chal [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data: 53 a3 37 e0 3e cf ce a1 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 005e [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000f [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000046 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0004 [2007/04/06 11:58:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=109 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5E 00 00 00 0F 00 00 00 46 .......^ .......F [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D [040] 00 4D 00 41 00 49 00 4C 00 00 00 07 00 00 00 00 .M.A.I.L ........ [050] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V [060] 00 41 00 00 00 53 A3 37 E0 3E CF CE A1 .A...S£7 à>ÏΡ [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,180) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,180) wrote 180 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 F6 44 9B 96 60 81 95 ........ .öD..`.. [020] 53 00 00 00 00 S.... [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 F6 44 9B 96 60 81 95 ........ .öD..`.. [020] 53 00 00 00 00 S.... [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000f [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 36 at offset 0 [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 returned 24 bytes. [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: f6 44 9b 96 60 81 95 53 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0008 status: NT_STATUS_OK [2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(286) creds_client_init: neg_flags : 701ff [2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(287) creds_client_init: client chal : 53A337E03ECFCEA1 [2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: server chal : F6449B9660819553 [2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(117) creds_init_64 [2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(118) clnt_chal_in: 53A337E03ECFCEA1 [2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(119) srv_chal_in : F6449B9660819553 [2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(120) clnt+srv : 49E8D2769E5064F5 [2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(121) sess_key_out : DD349E35A0783B0C [2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(306) creds_client_init: clnt : 50362D5696D18372 [2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(307) creds_client_init: server : 049D6162809D3C25 [2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: seed : 50362D5696D18372 [2007/04/06 11:58:38, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) cli_net_auth2: srv:\\D2DMAIL acct:GENEVA$ sc:2 mc: GENEVA neg: 701ff [2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2007/04/06 11:58:38, 5] rpc_parse/parse_misc.c:init_log_info(1409) make_log_info 1409 [2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.D.2.D.M.A.I.L... [2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 unistr2 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000008 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000008 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : G.E.N.E.V.A.$... [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0040 sec_chan: 0002 [2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_unistr2 unistr2 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 uni_max_len: 00000007 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 offset : 00000000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c uni_str_len: 00000007 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0050 buffer : G.E.N.E.V.A... [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 00005e smb_io_chal [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 005e data: 50 36 2d 56 96 d1 83 72 [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000066 net_io_neg_flags [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 neg_flags: 000701ff [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0084 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000010 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000006c [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 000f [2007/04/06 11:58:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=214 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=25 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 132 (0x84) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=147 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 84 00 00 00 10 00 00 00 6C ........ .......l [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D [040] 00 4D 00 41 00 49 00 4C 00 00 00 08 00 00 00 00 .M.A.I.L ........ [050] 00 00 00 08 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V [060] 00 41 00 24 00 00 00 02 00 00 00 07 00 00 00 00 .A.$.... ........ [070] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V [080] 00 41 00 00 00 50 36 2D 56 96 D1 83 72 00 00 FF .A...P6- V.Ñ.r..ÿ [090] 01 07 00 ... [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,218) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,218) wrote 218 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 04 9D 61 62 80 9D 3C ........ ...ab..< [020] 25 FF 01 07 00 00 00 00 00 %ÿ...... . [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 04 9D 61 62 80 9D 3C ........ ...ab..< [020] 25 FF 01 07 00 00 00 00 00 %ÿ...... . [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0028 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000010 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000010 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 40 at offset 0 [2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 returned 32 bytes. [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 04 9d 61 62 80 9d 3c 25 [2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 neg_flags: 000701ff [2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 000c status: NT_STATUS_OK [2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2007/04/06 11:58:38, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346) rpccli_netlogon_setup_creds: server D2DMAIL credential chain established. [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,45) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,45) wrote 45 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=26 smt_wct=0 smb_bcc=0 [2007/04/06 11:58:38, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) cli_rpc_pipe_close: closed pipe \NETLOGON to machine D2DMAIL [2007/04/06 11:58:38, 3] libsmb/cliconnect.c:cli_start_connection(1426) Connecting to host=D2DMAIL [2007/04/06 11:58:38, 3] lib/util_sock.c:open_socket_out(874) Connecting to 192.168.30.206 at port 445 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 49152 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 49640 [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDLOWAT. [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVLOWAT. [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDTIMEO. [2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVTIMEO. [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(7,183) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(7,183) wrote 183 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 173 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=51840 (0xCA80) smb_vwv[12]=36901 (0x9025) smb_vwv[13]=25712 (0x6470) smb_vwv[14]=51064 (0xC778) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=51840 (0xCA80) smb_vwv[12]=36901 (0x9025) smb_vwv[13]=25712 (0x6470) smb_vwv[14]=51064 (0xC778) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(7,92) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(7,92) wrote 92 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 177 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=6146 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=25491 smb_uid=6146 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(7,82) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(7,82) wrote 82 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4098 smb_pid=25491 smb_uid=6146 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) [000] 49 50 43 00 00 00 00 IPC.... [2007/04/06 11:58:38, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2007/04/06 11:58:38, 10] libsmb/namequery.c:saf_store(71) saf_store: domain = [D2D], server = [D2DMAIL], expire = [1175876018] [2007/04/06 11:58:38, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Fri Apr 6 12:13:38 2007 (900 seconds ahead) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(7,108) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(7,108) wrote 108 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=4098 smb_pid=25491 smb_uid=6146 smb_mid=4 smt_wct=0 smb_bcc=0 [2007/04/06 11:58:38, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED [2007/04/06 11:58:38, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) net_rpc_join_ok: failed to get schannel session key from server D2DMAIL for domain D2D. Error was NT_STATUS_ACCESS_DENIED [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(7,39) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(7,39) wrote 39 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4098 smb_pid=25491 smb_uid=6146 smb_mid=5 smt_wct=0 smb_bcc=0 Unable to join domain D2D. [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,39) [2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,39) wrote 39 [2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) [2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4097 smb_pid=25491 smb_uid=6144 smb_mid=27 smt_wct=0 smb_bcc=0 [2007/04/06 11:58:38, 2] utils/net.c:main(988) return code = -1 #