[2007/04/23 15:44:06, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2007/04/23 15:44:06, 3] param/loadparm.c:lp_load(5024) lp_load: refreshing parameters [2007/04/23 15:44:06, 3] param/loadparm.c:init_globals(1424) Initialising global parameters [2007/04/23 15:44:06, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/opt/samba/lib/smb.conf" [2007/04/23 15:44:06, 3] param/loadparm.c:do_section(3763) Processing section "[global]" doing parameter workgroup = D2d doing parameter server string = Geneva Samba Server doing parameter security = domain doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter dns proxy = no [2007/04/23 15:44:06, 4] param/loadparm.c:lp_load(5055) pm_process() returned Yes [2007/04/23 15:44:06, 7] param/loadparm.c:lp_servicenumber(5193) lp_servicenumber: couldn't find homes [2007/04/23 15:44:06, 10] param/loadparm.c:set_server_role(4299) set_server_role: role = ROLE_DOMAIN_MEMBER [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) Substituting charset 'ISO8859-1' for LOCALE [2007/04/23 15:44:06, 5] lib/util.c:init_names(287) Netbios name list:- my_netbios_names[0]="GENEVA" [2007/04/23 15:44:06, 2] lib/interface.c:add_interface(81) added interface ip=192.168.30.21 bcast=192.168.30.255 nmask=255.255.255.0 [2007/04/23 15:44:06, 10] libsmb/namequery.c:internal_resolve_name(1166) internal_resolve_name: looking up D2D#1b (sitename (NULL)) [2007/04/23 15:44:06, 5] lib/gencache.c:gencache_init(61) Opening cache file at /opt/samba/var/locks/gencache.tdb [2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Mon Apr 23 15:52:57 2007 [2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_fetch(214) name D2D#1B found. [2007/04/23 15:44:06, 6] libsmb/namequery.c:get_pdc_ip(1395) get_pdc_ip: PDC has 2 IP addresses! [2007/04/23 15:44:06, 10] libsmb/namequery.c:name_status_find(303) name_status_find: looking up D2D#1b at 192.168.30.206 [2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Mon Apr 23 15:52:57 2007 [2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_status_fetch(350) namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL [2007/04/23 15:44:06, 3] libsmb/cliconnect.c:cli_start_connection(1503) Connecting to host=D2DMAIL [2007/04/23 15:44:06, 3] lib/util_sock.c:open_socket_out(874) Connecting to 192.168.30.206 at port 445 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 49152 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 49640 [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDLOWAT. [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVLOWAT. [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDTIMEO. [2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVTIMEO. [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,194) [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,194) wrote 194 [2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 173 [2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]= 6272 (0x1880) smb_vwv[12]=14932 (0x3A54) smb_vwv[13]=57281 (0xDFC1) smb_vwv[14]=51077 (0xC785) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]= 6272 (0x1880) smb_vwv[12]=14932 (0x3A54) smb_vwv[13]=57281 (0xDFC1) smb_vwv[14]=51077 (0xC785) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,92) [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,92) wrote 92 [2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 177 [2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=16384 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=16384 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,82) [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,82) wrote 82 [2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 56 [2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=28677 smb_pid=2726 smb_uid=16384 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) [000] 49 50 43 00 00 00 00 IPC.... [2007/04/23 15:44:06, 10] libsmb/clientgen.c:cli_init_creds(254) cli_init_creds: user domain [2007/04/23 15:44:06, 10] libsmb/namequery.c:saf_store(74) saf_store: domain = [D2D], server = [D2DMAIL], expire = [1177358346] [2007/04/23 15:44:06, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Mon Apr 23 15:59:06 2007 (900 seconds ahead) [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,104) [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,104) wrote 104 [2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=28677 smb_pid=2726 smb_uid=16384 smb_mid=4 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:06, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED [2007/04/23 15:44:06, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /opt/samba/lib/C.msg: No such file or directory Could not initialise lsa pipe [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,39) [2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,39) wrote 39 [2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=28677 smb_pid=2726 smb_uid=16384 smb_mid=5 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:06, 10] libsmb/namequery.c:internal_resolve_name(1166) internal_resolve_name: looking up D2D#1b (sitename (NULL)) [2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Mon Apr 23 15:52:57 2007 [2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_fetch(214) name D2D#1B found. [2007/04/23 15:44:06, 6] libsmb/namequery.c:get_pdc_ip(1395) get_pdc_ip: PDC has 2 IP addresses! [2007/04/23 15:44:06, 10] libsmb/namequery.c:name_status_find(303) name_status_find: looking up D2D#1b at 192.168.30.206 [2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Mon Apr 23 15:52:57 2007 [2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_status_fetch(350) namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL [2007/04/23 15:44:06, 3] libsmb/cliconnect.c:cli_start_connection(1503) Connecting to host=D2DMAIL [2007/04/23 15:44:06, 3] lib/util_sock.c:open_socket_out(874) Connecting to 192.168.30.206 at port 445 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 49152 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 49640 [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDLOWAT. [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVLOWAT. [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDTIMEO. [2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVTIMEO. [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,194) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,194) wrote 194 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 173 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=13440 (0x3480) smb_vwv[12]=18594 (0x48A2) smb_vwv[13]=57281 (0xDFC1) smb_vwv[14]=51077 (0xC785) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=13440 (0x3480) smb_vwv[12]=18594 (0x48A2) smb_vwv[13]=57281 (0xDFC1) smb_vwv[14]=51077 (0xC785) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(787) Doing spnego session setup (blob length=104) [2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) got OID=1 2 840 48018 1 2 2 [2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) got OID=1 2 840 113554 1 2 2 [2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) got OID=1 2 840 113554 1 2 2 3 [2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) got OID=1 3 6 1 4 1 311 2 2 10 [2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(820) got principal=d2dmail$@D2D.COM [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,160) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,160) wrote 160 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 348 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=348 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=2726 smb_uid=10240 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 348 (0x15C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 177 (0xB1) smb_bcc=305 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 [030] 00 00 00 15 82 89 62 D0 2F C2 C4 AA 8A CB 8A 00 ......bÐ /ÂĪ.Ë.. [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [130] 00 . [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=348 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=2726 smb_uid=10240 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 348 (0x15C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 177 (0xB1) smb_bcc=305 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 [030] 00 00 00 15 82 89 62 D0 2F C2 C4 AA 8A CB 8A 00 ......bÐ /ÂĪ.Ë.. [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [130] 00 . [2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018) Got challenge flags: [2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040) NTLMSSP: Set final flags: [2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/04/23 15:44:07, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1112) NTLMSSP challenge set by NTLM2 [2007/04/23 15:44:07, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1113) challenge is: [2007/04/23 15:44:07, 5] lib/util.c:dump_data(2249) [000] E2 7F B4 A0 13 A2 0B 27 â.´ .¢.' [2007/04/23 15:44:07, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,270) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,270) wrote 270 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 180 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=180 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=2726 smb_uid=10240 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=137 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=180 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=2726 smb_uid=10240 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=137 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . [2007/04/23 15:44:07, 5] libsmb/smb_signing.c:set_smb_signing_real_common(141) Mandatory SMB signing enabled! [2007/04/23 15:44:07, 5] libsmb/smb_signing.c:set_smb_signing_real_common(145) SMB signing enabled! [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:cli_simple_set_signing(490) cli_simple_set_signing: user_session_key [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] CF A8 EE 72 E5 9E C2 95 1C A0 82 02 9A B7 C5 BB ??îrå.Â. . ...·Å» [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:cli_simple_set_signing(498) cli_simple_set_signing: NULL response_data [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 0 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 36 4D A0 2D 1B 9E 3D E0 6M -..=à [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 1 mid = 3 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 1 mid = 3 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 1 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 1: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] F2 6A D6 E5 74 A3 A3 A1 òjÖåt££¡ [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 2 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 15 A4 70 1E AD B8 26 AF .¤p.­¸&¯ [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 3 mid = 4 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,82) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,82) wrote 82 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 56 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 49 50 43 00 00 00 00 IPC.... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 3 mid = 4 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 3 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 3: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] E7 86 52 57 7D B7 06 88 ç.RW}·.. [2007/04/23 15:44:07, 10] libsmb/clientgen.c:cli_init_creds(254) cli_init_creds: user Administrator domain D2D [2007/04/23 15:44:07, 10] libsmb/namequery.c:saf_store(74) saf_store: domain = [D2D], server = [D2DMAIL], expire = [1177358347] [2007/04/23 15:44:07, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Mon Apr 23 15:59:07 2007 (900 seconds ahead) [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 4 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 5A 72 43 AA 14 65 F3 F7 ZrCª.eó÷ [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 5 mid = 5 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,104) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,104) wrote 104 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 5 mid = 5 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 5 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 5: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] CB C7 2D AD 3B 00 5F E1 ËÇ-­;._á [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[c007]: \lsarpc auth_type 0, auth_level 0 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AB .4Wx.4«Í ï..#Eg.« [010] 00 00 00 00 .... [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0048 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001c context_id : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 data : 12345778 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 data : 1234 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 data : abcd [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0028 data : ef 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 002a data : 01 23 45 67 89 ab [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 version: 00000000 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 data : 8a885d04 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0038 data : 1ceb [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 003a data : 11c9 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003c data : 9f e8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003e data : 08 00 2b 10 48 60 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0044 version: 00000002 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49159 (0xC007) smb_bcc=87 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.??ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 6 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] B5 36 C0 84 55 DD CA B9 µ6À.UÝʹ [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 7 mid = 6 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,158) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,158) wrote 158 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 BF 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.¿.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 7 mid = 6 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 7 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 7: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] C6 43 A4 85 AE F5 9F B7 ÆC¤.®õ.· [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 BF 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.¿.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 7 mid = 6 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000001 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 68 bytes. [2007/04/23 15:44:07, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 bind request returned ok. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 000182bf [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0018 len: 000c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 001a str: \PIPE\lsass. [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002c result : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002e reason : 0000 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 data : 8a885d04 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0034 data : 1ceb [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0036 data : 11c9 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0038 data : 9f e8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003a data : 08 00 2b 10 48 60 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0040 version: 00000002 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine D2DMAIL and bound anonymously. [2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) init_lsa_sec_qos [2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) init_open_pol: attr:0 da:33554432 [2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 ptr : 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 system_name: 005c [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 len : 00000018 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c ptr_root_dir: 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 ptr_obj_name: 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 attributes : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 ptr_sec_desc: 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c ptr_sec_qos : 00000001 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_qos sec_qos [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 len : 0000000c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 sec_imp_level : 0002 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0026 sec_ctxt_mode : 01 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0027 effective_only: 00 [2007/04/23 15:44:07, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0028 des_access: 02000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000002 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 0000002c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0006 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49159 (0xC007) smb_bcc=83 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 8 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] B4 FE 7C 5D 67 50 3E 5F ´þ|]gP>_ [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 9 mid = 7 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,154) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,154) wrote 154 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 71 92 D1 ........ .....q.Ñ [020] 6A FB 54 BE 43 97 98 61 D6 08 2A E1 76 00 00 00 jûT¾C..a Ö.*áv... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 9 mid = 7 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 9 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 9: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 80 E0 B3 59 4D 90 64 50 .à³YM.dP [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 71 92 D1 ........ .....q.Ñ [020] 6A FB 54 BE 43 97 98 61 D6 08 2A E1 76 00 00 00 jûT¾C..a Ö.*áv... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 9 mid = 7 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000002 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 48 bytes. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 6ad19271 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 54fb [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 43be [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 97 98 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 61 d6 08 2a e1 76 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_q_query(488) init_q_query [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 6ad19271 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 54fb [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 43be [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 97 98 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 61 d6 08 2a e1 76 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 info_class: 0005 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 002e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000003 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000016 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0007 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49159 (0xC007) smb_bcc=61 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 71 92 D1 6A FB ........ ...q.Ñjû [030] 54 BE 43 97 98 61 D6 08 2A E1 76 05 00 T¾C..aÖ. *áv.. [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 10 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] D7 8D 43 15 06 91 35 CB ×.C...5Ë [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 11 mid = 8 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,132) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,132) wrote 132 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 152 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 D1 .H...... .......Ñ [020] 6A 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 j....... ........ [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... [060] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 11 mid = 8 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 11 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 11: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] FF 7C FA EB CD EE 57 6B ÿ|úëÍîWk [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 D1 .H...... .......Ñ [020] 6A 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 j....... ........ [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... [060] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 11 mid = 8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0060 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000003 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000048 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 96, data_len 72, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 96 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 144 bytes. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 dom_ptr: 00020000 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0004 info_class: 0005 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 uni_dom_max_len: 0006 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a uni_dom_str_len: 0008 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c buffer_dom_name: 00020004 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 buffer_dom_sid : 00020008 [2007/04/23 15:44:07, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 uni_max_len: 00000004 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 offset : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c uni_str_len: 00000003 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0020 buffer : D.2.D. [2007/04/23 15:44:07, 8] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_dom_sid2 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0028 num_auths: 00000004 [2007/04/23 15:44:07, 9] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid sid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002c sid_rev_num: 01 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002d num_auths : 04 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002e id_auth[0] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002f id_auth[1] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0030 id_auth[2] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0031 id_auth[3] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0032 id_auth[4] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0033 id_auth[5] : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32s(993) 0034 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0044 status: NT_STATUS_OK [2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(2126) init_lsa_q_close [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 6ad19271 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 54fb [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 43be [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 97 98 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 61 d6 08 2a e1 76 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 002c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000004 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000014 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0000 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49159 (0xC007) smb_bcc=59 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 71 92 D1 6A FB ........ ...q.Ñjû [030] 54 BE 43 97 98 61 D6 08 2A E1 76 T¾C..aÖ. *áv [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 12 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] B8 A8 3C 18 D8 A4 9E EB ¸¨<.??.ë [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 13 mid = 9 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,130) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,130) wrote 130 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 13 mid = 9 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 13 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 13: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 2A A9 FC 71 FE 4C 8D 5E *©üqþL.^ [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 13 mid = 9 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000004 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 48 bytes. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 00 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 00 00 00 00 00 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 14 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 13 D0 27 B2 F3 2B CF C2 .Ð'²ó+Ï [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 15 mid = 10 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,45) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,45) wrote 45 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=10 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 15 mid = 10 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 15 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 15: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 83 A1 6B 95 E8 46 43 0F .¡k.èFC. [2007/04/23 15:44:07, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) cli_rpc_pipe_close: closed pipe \lsarpc to machine D2DMAIL [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 16 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 75 FE 10 9B CA 4A 9E 2D uþ..ÊJ.- [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 17 mid = 11 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,100) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,100) wrote 100 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=11 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 17 mid = 11 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 17 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 17: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 99 80 84 3C D5 81 1D 74 ...<Õ..t [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[8000]: \samr auth_type 0, auth_level 0 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AC .4Wx.4«Í ï..#Eg.¬ [010] 00 00 00 01 .... [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0048 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000005 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001c context_id : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 data : 12345778 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 data : 1234 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 data : abcd [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0028 data : ef 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 002a data : 01 23 45 67 89 ac [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 version: 00000001 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 data : 8a885d04 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0038 data : 1ceb [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 003a data : 11c9 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003c data : 9f e8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003e data : 08 00 2b 10 48 60 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0044 version: 00000002 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=87 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.??ï ..#Eg.¬. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 18 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 47 54 A5 B1 36 C1 40 1D GT¥±6Á@. [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 19 mid = 12 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,158) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,158) wrote 158 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 C0 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.À.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 19 mid = 12 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 19 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 19: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] AC 5D 8C 92 48 C9 23 C9 ¬]..HÉ#É [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 C0 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.À.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 19 mid = 12 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000005 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 68 bytes.[2007/04/23 15:44:07, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine D2DMAIL pipe \samr fnum 0x8000 bind request returned ok. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000005 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 000182c0 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0018 len: 000c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 001a str: \PIPE\lsass. [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002c result : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002e reason : 0000 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 data : 8a885d04 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0034 data : 1ceb [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0036 data : 11c9 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0038 data : 9f e8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003a data : 08 00 2b 10 48 60 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0040 version: 00000002 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277) cli_rpc_pipe_open_noauth: opened pipe \samr to machine D2DMAIL and bound anonymously. [2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_connect(36) cli_samr_connect to D2DMAIL [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_connect(6977) init_samr_q_connect [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_connect [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 ptr_srv_name: 00000001 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 uni_max_len: 00000008 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 offset : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c uni_str_len: 00000008 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0010 buffer : D.2.D.M.A.I.L... [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 access_mask: 02000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 003c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000006 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000024 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0039 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=75 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 24 .......< .......$ [020] 00 00 00 00 00 39 00 01 00 00 00 08 00 00 00 00 .....9.. ........ [030] 00 00 00 08 00 00 00 44 00 32 00 44 00 4D 00 41 .......D .2.D.M.A [040] 00 49 00 4C 00 00 00 00 00 00 02 .I.L.... ... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 20 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 60 5E 48 3A F5 B0 71 D2 `^H:õ°qÒ [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 21 mid = 13 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,146) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,146) wrote 146 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 61 B5 3C ........ .....aµ< [020] 9D 34 2A A3 4A 86 F8 50 62 D5 A3 E6 96 00 00 00 .4*£J.øP b??æ.... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 21 mid = 13 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 21 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 21: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 24 46 23 49 C7 E6 3D FE $F#IÇæ=þ [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 61 B5 3C ........ .....aµ< [020] 9D 34 2A A3 4A 86 F8 50 62 D5 A3 E6 96 00 00 00 .4*£J.øP b??æ.... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 21 mid = 13 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000006 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_connect [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd connect_pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 9d3cb561 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 2a34 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4aa3 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 86 f8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 50 62 d5 a3 e6 96 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_open_domain(149) cli_samr_open_domain with sid S-1-5-21-1027589457-4058082779-2152882814 [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_open_domain(248) samr_init_samr_q_open_domain [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_domain [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 9d3cb561 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 2a34 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4aa3 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 86 f8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 50 62 d5 a3 e6 96 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 flags: 02000000 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_dom_sid2 sid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 num_auths: 00000004 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_dom_sid sid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001c sid_rev_num: 01 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001d num_auths : 04 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e id_auth[0] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001f id_auth[1] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0020 id_auth[2] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0021 id_auth[3] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0022 id_auth[4] : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0023 id_auth[5] : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32s(993) 0024 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 004c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000007 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000034 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0007 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=91 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 [020] 00 00 00 00 00 07 00 00 00 00 00 61 B5 3C 9D 34 ........ ...aµ<.4 [030] 2A A3 4A 86 F8 50 62 D5 A3 E6 96 00 00 00 02 04 *£J.øPbÕ £æ...... [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 51 ........ .......Q [050] C5 3F 3D DB 6D E1 F1 7E 62 52 80 Å?=Ûmáñ~ bR. [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 22 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] DE 75 EA CE 8E AB 4D 11 ÞuêÎ.«M. [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 23 mid = 14 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,162) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,162) wrote 162 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BA F0 3A ........ .....ºð: [020] 5B 03 D5 85 44 BF 89 34 E0 37 1A 28 8D 00 00 00 [.Õ.D¿.4 à7.(.... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 23 mid = 14 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 23 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 23: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 59 E3 F0 FB 62 0B 7E BA Yãðûb.~º [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BA F0 3A ........ .....ºð: [020] 5B 03 D5 85 44 BF 89 34 E0 37 1A 28 8D 00 00 00 [.Õ.D¿.4 à7.(.... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 23 mid = 14 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000007 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_domain [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 5b3af0ba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : d503 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4485 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : bf 89 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 34 e0 37 1a 28 8d [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_create_dom_user(1650) cli_samr_create_dom_user geneva$ [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_create_user(5159) samr_init_samr_q_create_user [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_create_user [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 5b3af0ba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : d503 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4485 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : bf 89 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 34 e0 37 1a 28 8d [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr hdr_name [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 uni_str_len: 000e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 uni_max_len: 000e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 buffer : 00000001 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 uni_name [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c uni_max_len: 00000007 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 offset : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0024 uni_str_len: 00000007 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0028 buffer : g.e.n.e.v.a.$. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0038 acb_info : 00000080 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 003c access_mask: e005000b [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0058 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000008 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000040 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0032 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=103 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 00 00 08 00 00 00 40 .......X .......@ [020] 00 00 00 00 00 32 00 00 00 00 00 BA F0 3A 5B 03 .....2.. ...ºð:[. [030] D5 85 44 BF 89 34 E0 37 1A 28 8D 0E 00 0E 00 01 Õ.D¿.4à7 .(...... [040] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g [050] 00 65 00 6E 00 65 00 76 00 61 00 24 00 00 00 80 .e.n.e.v .a.$.... [060] 00 00 00 0B 00 05 E0 ......à [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 24 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 9C 32 CF 2D B1 81 EE 6E .2Ï-±.în [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 25 mid = 15 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,174) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,174) wrote 174 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 112 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 63 00 00 C0 .....c.. À [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 25 mid = 15 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 25 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 25: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] A8 69 03 FC F8 DC 89 D2 ¨i.üøÜ.Ò [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 63 00 00 C0 .....c.. À [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 25 mid = 15 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0038 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000008 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000020 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 56 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 64 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_create_user [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 00 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 00 00 00 00 00 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 access_granted: 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 user_rid : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 001c status: NT_STATUS_USER_EXISTS [2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_lookup_names(1590) cli_samr_lookup_names [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_lookup_names(4808) init_samr_q_lookup_names [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_lookup_names [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 5b3af0ba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : d503 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4485 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : bf 89 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 34 e0 37 1a 28 8d [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 num_names1: 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 flags : 000003e8 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c ptr : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 num_names2: 00000001 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unihdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 uni_str_len: 000e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 uni_max_len: 000e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0028 buffer : 00000001 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 002c uni_max_len: 00000007 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 offset : 00000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 uni_str_len: 00000007 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0038 buffer : g.e.n.e.v.a.$. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 005e [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000009 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000046 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0011 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=109 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5E 00 00 00 09 00 00 00 46 .......^ .......F [020] 00 00 00 00 00 11 00 00 00 00 00 BA F0 3A 5B 03 ........ ...ºð:[. [030] D5 85 44 BF 89 34 E0 37 1A 28 8D 01 00 00 00 E8 Õ.D¿.4à7 .(.....è [040] 03 00 00 00 00 00 00 01 00 00 00 0E 00 0E 00 01 ........ ........ [050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g [060] 00 65 00 6E 00 65 00 76 00 61 00 24 00 .e.n.e.v .a.$. [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 26 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] DF EB 4E 75 36 87 73 9A ßëNu6.s. [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 27 mid = 16 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,180) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,180) wrote 180 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [020] 00 01 00 00 00 28 0C 00 00 01 00 00 00 04 00 02 .....(.. ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 27 mid = 16 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 27 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 27: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 46 37 4F 57 A9 BC 1A EF F7OW©¼.ï [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [020] 00 01 00 00 00 28 0C 00 00 01 00 00 00 04 00 02 .....(.. ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 27 mid = 16 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 003c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000009 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000024 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 60 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 72 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_lookup_names [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 num_rids1: 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 ptr_rids : 00020000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 num_rids2: 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c rid[00] : 00000c28 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 num_types1: 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 ptr_types : 00020004 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 num_types2: 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 001c type[00] : 00000001 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0020 status: NT_STATUS_OK [2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_open_user(187) cli_samr_open_user with rid 0xc28 [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_open_user(5090) samr_init_samr_q_open_user [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_user [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 5b3af0ba [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : d503 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4485 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : bf 89 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 34 e0 37 1a 28 8d [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 access_mask: 02000000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 user_rid : 00000c28 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0034 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000a [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 0000001c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0022 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=67 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 0A 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 22 00 00 00 00 00 BA F0 3A 5B 03 .....".. ...ºð:[. [030] D5 85 44 BF 89 34 E0 37 1A 28 8D 00 00 00 02 28 Õ.D¿.4à7 .(.....( [040] 0C 00 00 ... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 28 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] B1 65 AE 18 33 88 01 13 ±e®.3... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 29 mid = 17 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,138) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,138) wrote 138 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 C3 58 ........ ..... ÃX [020] A8 FC 3A 96 49 93 82 2A 32 D0 62 BA 53 00 00 00 ¨ü:.I..* 2ÐbºS... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 29 mid = 17 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 29 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 29: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] EC F9 DF 9C 48 D4 EB 04 ìùß.HÔë. [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 C3 58 ........ ..... ÃX [020] A8 FC 3A 96 49 93 82 2A 32 D0 62 BA 53 00 00 00 ¨ü:.I..* 2ÐbºS... [030] 00 . [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 29 mid = 17 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000a [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_user [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : a858c320 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 3afc [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4996 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 93 82 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 2a 32 d0 62 ba 53 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/23 15:44:07, 10] rpc_parse/parse_samr.c:init_sam_user_info24(5584) init_sam_user_info24: [2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo(1694) cli_samr_set_userinfo [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo(6817) init_samr_q_set_userinfo [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_userinfo_ctr(6586) init_samr_userinfo_ctr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_set_userinfo [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : a858c320 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 3afc [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4996 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 93 82 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 2a 32 d0 62 ba 53 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 switch_value: 0018 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 samr_io_userinfo_ctr ctr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 switch_value: 0018 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 sam_io_user_info24 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0018 password: 25 2d 3c 2f 13 dc 83 09 52 2b d2 57 6a c4 7c bc 08 a9 98 32 32 07 0e e1 a4 2b 4b 6f 11 1b 2f 3c 12 a1 c9 10 3e 91 14 c0 d7 8f d0 3e bb e1 83 88 8b e4 23 06 51 c0 49 67 8f c6 f5 92 cd d6 63 95 38 8e 32 b4 e3 12 5b 19 d9 93 b4 27 2a 14 f2 b5 ad de dd 4c 64 b5 71 33 6c 24 eb df 4d 5e 09 e1 0b f1 95 2c cf 55 13 a1 66 24 b1 b3 bf 6e ef 5d c6 94 26 38 bc 41 52 54 93 0d c6 2b b9 9e aa 71 ca e9 58 e6 59 2a 38 da a8 43 8f 6c 65 21 42 63 79 1c 7c 67 6a 65 35 45 2e 67 ad c3 99 3a dd 4d d6 da 8b eb 4b a8 aa ae cc 77 f7 26 db 2c 1d 65 74 da a3 6f 14 7c 30 3c 74 b7 ab 37 b4 4c 31 20 c1 1f 26 1b 64 92 45 d3 c9 91 a6 f0 7e 58 cb 86 b0 2e aa b8 fe 00 81 92 78 ab b4 09 39 98 1a 85 45 e7 18 d3 14 43 f9 a4 b4 b0 aa 7b 57 e9 4b e7 74 49 3d 77 e4 39 70 25 f0 2e 39 58 e1 f8 2e 87 93 d2 ae 1f b3 f4 d6 db ca 27 a2 be f6 9d 3f da 85 14 f5 63 ab e5 d1 ec 88 08 6a e5 b1 bb 8f 2d 72 e4 24 f3 ce cf 24 90 80 70 1c ba ea a8 f8 32 d6 31 bd 36 e1 72 4b b6 ec 17 c1 1a 8a 7c 35 e5 96 5c 6e 92 1e a3 cd f4 29 41 f7 1 +> 5 34 1f 8e 65 dd 65 b3 d5 a3 07 bc 07 e6 68 1d 3d c2 89 42 d9 ae 70 55 4d 62 69 d8 52 d1 12 36 3f 98 ee 05 05 1e cd b0 63 a5 e4 f5 e4 a3 2f 82 34 61 9d f9 85 17 f8 61 e8 44 1d ed 19 97 ab b3 b0 b3 88 a9 8f ab 3e a8 30 36 ac 5a ee ec 81 5c ba aa 1a 1c 4d 72 bf 46 24 8c 55 db e7 7d a5 37 3b 24 25 12 e9 06 17 da b8 b8 f1 1b 8c 6c 8e be 73 06 2b 3d de 96 3e 8e 0d d4 5e 59 c4 81 6b 77 6b e3 31 e4 1a d9 7c 9b 02 d8 21 20 5c ce 02 6e a3 38 a2 c7 26 7b 02 d7 1d 3a 13 0d 1b 8f a8 44 9a 8f 3c 00 3e d6 ab 2f 3f b4 70 b1 8c 5d f6 ca 99 ea 64 ef 2a 4a a9 e0 fa [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 021c pw_len: 18 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0235 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000b [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 0000021d [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 003a [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=647 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 565 (0x235) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 565 (0x235) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=580 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 35 02 00 00 0B 00 00 00 1D .......5 ........ [020] 02 00 00 00 00 3A 00 00 00 00 00 20 C3 58 A8 FC .....:.. ... ÃX¨ü [030] 3A 96 49 93 82 2A 32 D0 62 BA 53 18 00 18 00 25 :.I..*2Ð bºS....% [040] 2D 3C 2F 13 DC 83 09 52 2B D2 57 6A C4 7C BC 08 -..À× .Ð>»á... [070] E4 23 06 51 C0 49 67 8F C6 F5 92 CD D6 63 95 38 ä#.QÀIg. Æõ.ÍÖc.8 [080] 8E 32 B4 E3 12 5B 19 D9 93 B4 27 2A 14 F2 B5 AD .2´ã.[.Ù .´'*.?? [090] DE DD 4C 64 B5 71 33 6C 24 EB DF 4D 5E 09 E1 0B ÞÝLdµq3l $ëßM^.á. [0A0] F1 95 2C CF 55 13 A1 66 24 B1 B3 BF 6E EF 5D C6 ñ.,ÏU.¡f $±³¿nï]Æ [0B0] 94 26 38 BC 41 52 54 93 0D C6 2B B9 9E AA 71 CA .&8¼ART. .Æ+¹.ªqÊ [0C0] E9 58 E6 59 2A 38 DA A8 43 8F 6C 65 21 42 63 79 éXæY*8?? C.le!Bcy [0D0] 1C 7C 67 6A 65 35 45 2E 67 AD C3 99 3A DD 4D D6 .|gje5E. g­Ã.:ÝMÖ [0E0] DA 8B EB 4B A8 AA AE CC 77 F7 26 DB 2C 1D 65 74 Ú.ëK¨ª®Ì w÷&Û,.et [0F0] DA A3 6F 14 7C 30 3C 74 B7 AB 37 B4 4C 31 20 C1 ??o.|0¨06¬Zîì .\ºª..Mr [1E0] BF 46 24 8C 55 DB E7 7D A5 37 3B 24 25 12 E9 06 ¿F$.UÛç} ¥7;$%.é. [1F0] 17 DA B8 B8 F1 1B 8C 6C 8E BE 73 06 2B 3D DE 96 .??¸ñ..l .¾s.+=Þ. [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 30 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] AA 13 57 04 AE E2 1F 63 ª.W.®â.c [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 31 mid = 18 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,651) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,651) wrote 651 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 31 mid = 18 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 31 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 31: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] D7 51 60 FE B9 B1 1E 96 ×Q`??.. [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 31 mid = 18 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 001c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000b [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000004 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 28 at offset 0 [2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 8 bytes. [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0000 status: NT_STATUS_OK [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_sam_user_info16(5428) init_sam_user_info16 [2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo2(1745) cli_samr_set_userinfo2 [2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo2(6891) init_samr_q_set_userinfo2 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_set_userinfo2 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : a858c320 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 3afc [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4996 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 93 82 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 2a 32 d0 62 ba 53 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 switch_value: 0010 [2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 samr_io_userinfo_ctr ctr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 switch_value: 0010 [2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 samr_io_r_user_info16 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0018 acb_info: 00000080 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0034 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 0000001c [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0025 [2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=67 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 0C 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 25 00 00 00 00 00 20 C3 58 A8 FC .....%.. ... ÃX¨ü [030] 3A 96 49 93 82 2A 32 D0 62 BA 53 10 00 10 00 80 :.I..*2Ð bºS..... [040] 00 00 00 ... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 32 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] C4 05 C4 3F 3B 82 90 D7 Ä.Ä?;..× [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 33 mid = 19 [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,138) [2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,138) wrote 138 [2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 33 mid = 19 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 33 [2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 33: got good SMB signature of [2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) [000] 7F C2 67 C4 65 E5 E2 94 .ÂgÄeåâ. [2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 33 mid = 19 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 001c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000004 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 28 at offset 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 8 bytes. [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo2 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0000 status: NT_STATUS_OK [2007/04/23 15:44:08, 10] rpc_client/cli_samr.c:rpccli_samr_close(109) cli_samr_close [2007/04/23 15:44:08, 5] rpc_parse/parse_samr.c:init_samr_q_close_hnd(38) init_samr_q_close_hnd [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_close_hnd [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : a858c320 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 3afc [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 4996 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 93 82 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 2a 32 d0 62 ba 53 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 002c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000d [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000014 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0001 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32768 (0x8000) smb_bcc=59 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 00 14 ......., ........ [020] 00 00 00 00 00 01 00 00 00 00 00 20 C3 58 A8 FC ........ ... ÃX¨ü [030] 3A 96 49 93 82 2A 32 D0 62 BA 53 :.I..*2Ð bºS [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 34 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 7D 73 85 22 77 30 02 B5 }s."w0.µ [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 35 mid = 20 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,130) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,130) wrote 130 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 35 mid = 20 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 35 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 35: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 41 FD AF 1E D3 06 78 3D Aý¯.Ó.x= [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 35 mid = 20 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0030 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000d [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000018 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_close_hnd [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 handle_type: 00000000 [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 data : 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 data : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a data : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000c data : 00 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 000e data : 00 00 00 00 00 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0014 status: NT_STATUS_OK [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 36 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 92 26 27 F7 52 04 2E 17 .&'÷R... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 37 mid = 21 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,45) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,45) wrote 45 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=21 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 37 mid = 21 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 37 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 37: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 82 CB C0 F7 F3 DD 4B 6A .ËÀ÷óÝKj [2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) cli_rpc_pipe_close: closed pipe \samr to machine D2DMAIL [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 38 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] E2 A2 4D 04 6D C5 E9 C1 â¢M.mÅéÁ [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 39 mid = 22 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,108) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,108) wrote 108 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=22 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 39 mid = 22 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 39 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 39: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 2C 9D B3 AF AF DA F9 DF ,.³¯¯Úùß [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[400a]: \NETLOGON auth_type 0, auth_level 0 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4«Í ï..#EgÏû [010] 00 00 00 01 .... [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0048 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000e [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001c context_id : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 data : 12345678 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 data : 1234 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 data : abcd [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0028 data : ef 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 002a data : 01 23 45 67 cf fb [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 version: 00000001 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 data : 8a885d04 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0038 data : 1ceb [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 003a data : 11c9 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003c data : 9f e8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003e data : 08 00 2b 10 48 60 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0044 version: 00000002 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16394 (0x400A) smb_bcc=87 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0E 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.??ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 40 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 9B 2F 85 3D 52 45 C2 79 ./.=REÂy [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 41 mid = 23 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,158) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,158) wrote 158 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... [010] 00 B8 10 B8 10 C3 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ã.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 41 mid = 23 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 41 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 41: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] FB 49 A0 7A 42 D3 92 20 ûI zBÓ. [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... [010] 00 B8 10 B8 10 C3 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ã.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 41 mid = 23 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000e [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a returned 68 bytes. [2007/04/23 15:44:08, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a bind request returned ok. [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0044 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000e [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 000182c3 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0018 len: 000c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 001a str: \PIPE\lsass. [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002c result : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002e reason : 0000 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 data : 8a885d04 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0034 data : 1ceb [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0036 data : 11c9 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0038 data : 9f e8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003a data : 08 00 2b 10 48 60 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0040 version: 00000002 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine D2DMAIL and bound anonymously. [2007/04/23 15:44:08, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) cli_net_req_chal: LSA Request Challenge from GENEVA to \\D2DMAIL [2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 undoc_buffer: 00000001 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 uni_max_len: 0000000a [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 offset : 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c uni_str_len: 0000000a [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0010 buffer : \.\.D.2.D.M.A.I.L... [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0024 uni_max_len: 00000007 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0028 offset : 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 002c uni_str_len: 00000007 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0030 buffer : G.E.N.E.V.A... [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 00003e smb_io_chal [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003e data: 26 78 86 92 d9 0f ac 43 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 005e [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000f [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000046 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 0004 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16394 (0x400A) smb_bcc=109 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5E 00 00 00 0F 00 00 00 46 .......^ .......F [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D [040] 00 4D 00 41 00 49 00 4C 00 00 00 07 00 00 00 00 .M.A.I.L ........ [050] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V [060] 00 41 00 00 00 26 78 86 92 D9 0F AC 43 .A...&x. .Ù.¬C [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 42 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] BE 5A 47 77 16 E0 C0 8D ¾ZGw.àÀ. [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 43 mid = 24 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,180) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,180) wrote 180 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 8D 60 7B 0D 20 2C EB ........ ..`{. ,ë [020] 5E 00 00 00 00 ^.... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 43 mid = 24 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 43 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 43: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 8D BC 84 D6 FB 6F 7C 65 .¼.Öûo|e [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 8D 60 7B 0D 20 2C EB ........ ..`{. ,ë [020] 5E 00 00 00 00 ^.... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 43 mid = 24 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0024 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 0000000f [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 0000000c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 36 at offset 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a returned 24 bytes. [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0000 data: 8d 60 7b 0d 20 2c eb 5e [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 0008 status: NT_STATUS_OK [2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: neg_flags : 400701ff [2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(289) creds_client_init: client chal : 26788692D90FAC43 [2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(290) creds_client_init: server chal : 8D607B0D202CEB5E [2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(119) creds_init_64 [2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(120) clnt_chal_in: 26788692D90FAC43 [2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(121) srv_chal_in : 8D607B0D202CEB5E [2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(122) clnt+srv : B3D801A0F93B97A2 [2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(123) sess_key_out : EB6CA2A7BFE474A2 [2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: clnt : BD35FE4C52C2B69E [2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(309) creds_client_init: server : 2B48462A610F6C8B [2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(310) creds_client_init: seed : BD35FE4C52C2B69E [2007/04/23 15:44:08, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) cli_net_auth2: srv:\\D2DMAIL acct:GENEVA$ sc:2 mc: GENEVA neg: 400701ff [2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2007/04/23 15:44:08, 5] rpc_parse/parse_misc.c:init_log_info(1421) make_log_info 1421 [2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 undoc_buffer: 00000001 [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 uni_max_len: 0000000a [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 offset : 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c uni_str_len: 0000000a [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0010 buffer : \.\.D.2.D.M.A.I.L... [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 unistr2 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0024 uni_max_len: 00000008 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0028 offset : 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 002c uni_str_len: 00000008 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0030 buffer : G.E.N.E.V.A.$... [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0040 sec_chan: 0002 [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_unistr2 unistr2 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0044 uni_max_len: 00000007 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0048 offset : 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 004c uni_str_len: 00000007 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) 0050 buffer : G.E.N.E.V.A... [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 00005e smb_io_chal [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 005e data: bd 35 fe 4c 52 c2 b6 9e [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000066 net_io_neg_flags [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0068 neg_flags: 400701ff [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0084 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000010 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 0000006c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0016 opnum : 000f [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=214 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=25 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 132 (0x84) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16394 (0x400A) smb_bcc=147 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 84 00 00 00 10 00 00 00 6C ........ .......l [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D [040] 00 4D 00 41 00 49 00 4C 00 00 00 08 00 00 00 00 .M.A.I.L ........ [050] 00 00 00 08 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V [060] 00 41 00 24 00 00 00 02 00 00 00 07 00 00 00 00 .A.$.... ........ [070] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V [080] 00 41 00 00 00 BD 35 FE 4C 52 C2 B6 9E 00 00 FF .A...½5þ LR¶...ÿ [090] 01 07 40 ..@ [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 44 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 4F 06 2D F3 85 FA A1 A3 O.-ó.?? [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 45 mid = 25 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,218) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,218) wrote 218 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 2B 48 46 2A 61 0F 6C ........ .+HF*a.l [020] 8B FF 01 07 40 00 00 00 00 .ÿ..@... . [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 45 mid = 25 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 45 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 45: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 21 1C 18 DE FA BA 40 B0 !..Þúº@° [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 2B 48 46 2A 61 0F 6C ........ .+HF*a.l [020] 8B FF 01 07 40 00 00 00 00 .ÿ..@... . [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 45 mid = 25 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0028 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000010 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0010 alloc_hint: 00000010 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0014 context_id: 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 40 at offset 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a returned 32 bytes. [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0000 data: 2b 48 46 2a 61 0f 6c 8b [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0008 neg_flags: 400701ff [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) 000c status: NT_STATUS_OK [2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_check(327) creds_client_check: credentials check OK. [2007/04/23 15:44:08, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346) rpccli_netlogon_setup_creds: server D2DMAIL credential chain established. [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 46 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 42 0B 08 D3 8F 10 75 35 B..Ó..u5 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 47 mid = 26 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,108) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,108) wrote 108 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=26 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 47 mid = 26 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 47 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 47: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] CC D5 FF BF 7A 00 B9 DA ÌÕÿ¿z.¹Ú [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) Bind RPC Pipe[c00c]: \NETLOGON auth_type 2, auth_level 6 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4«Í ï..#EgÏû [010] 00 00 00 01 .... [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0000 type1: 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0004 type2: 00000003 [2007/04/23 15:44:08, 6] lib/util.c:dump_data(2249) [000] 44 32 44 D2D [2007/04/23 15:44:08, 6] lib/util.c:dump_data(2249) [000] 47 45 4E 45 56 41 GENEVA [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0063 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 0013 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000011 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 00000000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 001c context_id : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0020 data : 12345678 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0024 data : 1234 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0026 data : abcd [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0028 data : ef 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 002a data : 01 23 45 67 cf fb [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 version: 00000001 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0034 data : 8a885d04 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0038 data : 1ceb [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 003a data : 11c9 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003c data : 9f e8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003e data : 08 00 2b 10 48 60 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0044 version: 00000002 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0048 auth_type : 44 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0049 auth_level : 06 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004a auth_pad_len : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004b auth_reserved: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 004c auth_context_id: 00000001 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0xc00c [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=181 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=27 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 99 (0x63) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 99 (0x63) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49164 (0xC00C) smb_bcc=114 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 63 00 13 00 11 00 00 00 B8 .......c .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.??ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 44 32 44 00 47 45 4E 45 56 .......D 2D.GENEV [070] 41 00 A. [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 48 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 5A CE 2F 6D 5F 06 FC 6E ZÎ/m_.ün [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 49 mid = 27 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,185) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,185) wrote 185 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 11 00 00 ........ .X...... [010] 00 B8 10 B8 10 C4 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ä.. ...\PIPE [020] 5C 6C 73 61 73 73 00 19 04 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 49 mid = 27 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 49 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 49: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 70 07 87 B6 66 17 EA 5E p..¶f.ê^ [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 11 00 00 ........ .X...... [010] 00 B8 10 B8 10 C4 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ä.. ...\PIPE [020] 5C 6C 73 61 73 73 00 19 04 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 49 mid = 27 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0058 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 000c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000011 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 88 at offset 0 [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0xc00c returned 88 bytes. [2007/04/23 15:44:08, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine D2DMAIL pipe \NETLOGON fnum 0xc00c bind request returned ok. [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0008 frag_len : 0058 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 000a auth_len : 000c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 000c call_id : 00000011 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0010 max_tsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0012 max_rsize: 10b8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0014 assoc_gid: 000182c4 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0018 len: 000c [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 001a str: \PIPE\lsass. [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002c result : 0000 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 002e reason : 0000 [2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0030 data : 8a885d04 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0034 data : 1ceb [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) 0036 data : 11c9 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 0038 data : 9f e8 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) 003a data : 08 00 2b 10 48 60 [2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) 0040 version: 00000002 [2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2543) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine D2DMAIL for domain D2D and bound using schannel. [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 50 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 68 93 20 2E 7E D9 A7 CD h. .~??Í [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 51 mid = 28 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,45) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,45) wrote 45 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=28 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 51 mid = 28 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 51 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 51: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] A9 F2 99 B1 F7 E1 AF 23 ©ò.±÷á¯# [2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) cli_rpc_pipe_close: closed pipe \NETLOGON to machine D2DMAIL [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 52 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] ED 88 4E 6E B2 A6 62 83 í.Nn²¦b. [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 53 mid = 29 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,45) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,45) wrote 45 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=29 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 53 mid = 29 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 53 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 53: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] CE 29 0D AF 0C 23 2D D4 Î).¯.#-Ô [2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) cli_rpc_pipe_close: closed pipe \NETLOGON to machine D2DMAIL [2007/04/23 15:44:08, 3] libsmb/cliconnect.c:cli_start_connection(1503) Connecting to host=D2DMAIL [2007/04/23 15:44:08, 3] lib/util_sock.c:open_socket_out(874) Connecting to 192.168.30.206 at port 445 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 49152 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 49640 [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDLOWAT. [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVLOWAT. [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDTIMEO. [2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVTIMEO. [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(7,194) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(7,194) wrote 194 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 173 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=38016 (0x9480) smb_vwv[12]=21417 (0x53A9) smb_vwv[13]=57282 (0xDFC2) smb_vwv[14]=51077 (0xC785) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=38016 (0x9480) smb_vwv[12]=21417 (0x53A9) smb_vwv[13]=57282 (0xDFC2) smb_vwv[14]=51077 (0xC785) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=104 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ [060] 40 44 32 44 2E 43 4F 4D @D2D.COM [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(7,92) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(7,92) wrote 92 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 177 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=51200 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 24 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 $W.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=177 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2726 smb_uid=51200 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 177 (0xB1) smb_vwv[ 2]= 0 (0x0) smb_bcc=136 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 24 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 $W.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. [080] 00 44 00 32 00 44 00 00 .D.2.D.. [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(7,82) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(7,82) wrote 82 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 56 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=28672 smb_pid=2726 smb_uid=51200 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 49 50 43 00 00 00 00 IPC.... [2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_init_creds(254) cli_init_creds: user domain [2007/04/23 15:44:08, 10] libsmb/namequery.c:saf_store(74) saf_store: domain = [D2D], server = [D2DMAIL], expire = [1177358348] [2007/04/23 15:44:08, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Mon Apr 23 15:59:08 2007 (900 seconds ahead) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(7,108) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(7,108) wrote 108 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=28672 smb_pid=2726 smb_uid=51200 smb_mid=4 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:08, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED [2007/04/23 15:44:08, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) net_rpc_join_ok: failed to get schannel session key from server D2DMAIL for domain D2D. Error was NT_STATUS_ACCESS_DENIED [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(7,39) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(7,39) wrote 39 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=28672 smb_pid=2726 smb_uid=51200 smb_mid=5 smt_wct=0 smb_bcc=0 Unable to join domain D2D. [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 54 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 0A EF 61 20 96 9F 99 0A .ïa .... [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 55 mid = 30 [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,39) [2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,39) wrote 39 [2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) [2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=63488 smb_pid=2726 smb_uid=10240 smb_mid=30 smt_wct=0 smb_bcc=0 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 55 mid = 30 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 55 [2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) client_check_incoming_message: seq 55: got good SMB signature of [2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) [000] 78 19 21 6D 96 82 9B 43 x.!m...C [2007/04/23 15:44:08, 2] utils/net.c:main(1032) return code = -1 #