[root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# [root@feroz123 bin]# ./net rpc join -U administrator -S nam6.jp -d 10 [2008/03/19 17:34:41, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2008/03/19 17:34:41, 3] param/loadparm.c:lp_load(5055) lp_load: refreshing parameters [2008/03/19 17:34:41, 3] param/loadparm.c:init_globals(1440) Initialising global parameters [2008/03/19 17:34:41, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/usr/local/samba/samba/samba-3.0.28a//lib/smb.conf" [2008/03/19 17:34:41, 3] param/loadparm.c:do_section(3794) Processing section "[global]" doing parameter private dir = /usr/local/samba/samba/samba-3.0.28a/tdbstore doing parameter security = DOMAIN doing parameter map to guest = Never doing parameter password server = 172.16.130.234 doing parameter auth methods = ntdomain doing parameter use spnego = Yes doing parameter client use spnego = No doing parameter realm = doing parameter dos charset = ISO8859-1 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2008/03/19 17:34:41, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE doing parameter unix charset = ISO8859-1 [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/03/19 17:34:41, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE doing parameter display charset = ISO8859-1 doing parameter debuglevel = 10 doing parameter netbios name = feroz123 [2008/03/19 17:34:42, 4] param/loadparm.c:handle_netbios_name(3144) handle_netbios_name: set global_myname to: FEROZ123 doing parameter workgroup = nam6 doing parameter client signing = auto doing parameter server signing = auto doing parameter server string = Linux doing parameter encrypt passwords = Yes doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter log file = /usr/local/samba/samba/samba-3.0.28a/log/common.log doing parameter local master = no doing parameter oplocks = no doing parameter kernel oplocks = no doing parameter level2 oplocks = no doing parameter default devmode = yes doing parameter print command = PrintJobSubmit %s doing parameter lppause command = PrintJobPause %j doing parameter lpresume command = PrintJobResume %j doing parameter lprm command = PrintJobDelete %j doing parameter lpq command = PrintQueueGet [2008/03/19 17:34:42, 4] param/loadparm.c:lp_load(5086) pm_process() returned Yes [2008/03/19 17:34:42, 7] param/loadparm.c:lp_servicenumber(5224) lp_servicenumber: couldn't find homes [2008/03/19 17:34:42, 10] param/loadparm.c:set_server_role(4330) set_server_role: role = ROLE_DOMAIN_MEMBER [2008/03/19 17:34:42, 5] lib/util.c:init_names(287) Netbios name list:- my_netbios_names[0]="FEROZ123" [2008/03/19 17:34:42, 2] lib/interface.c:add_interface(81) added interface ip=172.16.101.237 bcast=172.16.255.255 nmask=255.255.0.0 [2008/03/19 17:34:42, 2] lib/interface.c:add_interface(81) added interface ip=192.168.122.1 bcast=192.168.122.255 nmask=255.255.255.0 [2008/03/19 17:34:42, 5] lib/gencache.c:gencache_init(61) Opening cache file at /usr/local/samba/samba/samba-3.0.28a//var/locks/gencache.tdb [2008/03/19 17:34:42, 10] lib/gencache.c:gencache_get(212) Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found [2008/03/19 17:34:42, 5] libads/dns.c:sitename_fetch(674) sitename_fetch: No stored sitename for [2008/03/19 17:34:42, 10] libsmb/namequery.c:internal_resolve_name(1166) internal_resolve_name: looking up nam6.jp#20 (sitename (null)) [2008/03/19 17:34:42, 10] lib/gencache.c:gencache_get(226) Returning expired cache entry: key = NBT/NAM6.JP#20, value = 172.16.100.35:0, timeout = Wed Mar 19 17:34:37 2008 [2008/03/19 17:34:42, 5] libsmb/namecache.c:namecache_fetch(210) no entry for nam6.jp#20 found. [2008/03/19 17:34:42, 3] libsmb/namequery.c:resolve_lmhosts(966) resolve_lmhosts: Attempting lmhosts lookup for name nam6.jp<0x20> [2008/03/19 17:34:42, 4] libsmb/namequery.c:startlmhosts(659) startlmhosts: Can't open lmhosts file /usr/local/samba/samba/samba-3.0.28a//lib/lmhosts. Error was No such file or directory [2008/03/19 17:34:42, 3] libsmb/namequery.c:resolve_wins(863) resolve_wins: Attempting wins lookup for name nam6.jp<0x20> [2008/03/19 17:34:42, 3] libsmb/namequery.c:resolve_wins(866) resolve_wins: WINS server resolution selected and no WINS servers listed. [2008/03/19 17:34:42, 3] libsmb/namequery.c:resolve_hosts(1029) resolve_hosts: Attempting host lookup for name nam6.jp<0x20> [2008/03/19 17:34:42, 10] libsmb/namequery.c:remove_duplicate_addrs2(435) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/03/19 17:34:42, 5] libsmb/namecache.c:namecache_store(135) namecache_store: storing 1 address for nam6.jp#20: 172.16.130.234:0 [2008/03/19 17:34:42, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = NBT/NAM6.JP#20; value = 172.16.130.234:0 and timeout = Wed Mar 19 17:45:42 2008 (660 seconds ahead) [2008/03/19 17:34:42, 10] libsmb/namequery.c:internal_resolve_name(1293) internal_resolve_name: returning 1 addresses: 172.16.130.234:0 [2008/03/19 17:34:42, 3] libsmb/cliconnect.c:cli_start_connection(1556) Connecting to host=nam6.jp [2008/03/19 17:34:42, 3] lib/util_sock.c:open_socket_out(874) Connecting to 172.16.130.234 at port 445 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 16384 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/03/19 17:34:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,194) [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,194) wrote 194 [2008/03/19 17:34:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 111 [2008/03/19 17:34:42, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:42, 5] lib/util.c:show_msg(494) size=111 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=10069 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=35072 (0x8900) smb_vwv[12]=64929 (0xFDA1) smb_vwv[13]=39899 (0x9BDB) smb_vwv[14]=51337 (0xC889) smb_vwv[15]=58369 (0xE401) smb_vwv[16]= 2301 (0x8FD) smb_bcc=42 [2008/03/19 17:34:42, 10] lib/util.c:dump_data(2264) [000] D5 CB 5C 58 CD B6 44 7E 4E 00 41 00 4D 00 36 00 ..\X..D~ N.A.M.6. [010] 00 00 4C 00 4F 00 4E 00 47 00 48 00 4F 00 52 00 ..L.O.N. G.H.O.R. [020] 4E 00 2D 00 44 00 31 00 00 00 N.-.D.1. .. [2008/03/19 17:34:42, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:42, 5] lib/util.c:show_msg(494) size=111 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=10069 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=35072 (0x8900) smb_vwv[12]=64929 (0xFDA1) smb_vwv[13]=39899 (0x9BDB) smb_vwv[14]=51337 (0xC889) smb_vwv[15]=58369 (0xE401) smb_vwv[16]= 2301 (0x8FD) smb_bcc=42 [2008/03/19 17:34:42, 10] lib/util.c:dump_data(2264) [000] D5 CB 5C 58 CD B6 44 7E 4E 00 41 00 4D 00 36 00 ..\X..D~ N.A.M.6. [010] 00 00 4C 00 4F 00 4E 00 47 00 48 00 4F 00 52 00 ..L.O.N. G.H.O.R. [020] 4E 00 2D 00 44 00 31 00 00 00 N.-.D.1. .. [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,92) [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,92) wrote 92 [2008/03/19 17:34:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 253 [2008/03/19 17:34:42, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:42, 5] lib/util.c:show_msg(494) size=253 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=10069 smb_uid=16385 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 253 (0xFD) smb_vwv[ 2]= 0 (0x0) smb_bcc=212 [2008/03/19 17:34:42, 10] lib/util.c:dump_data(2264) [000] A2 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( [020] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. [030] 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 .E.n.t.e .r.p.r.i [040] 00 73 00 65 00 20 00 36 00 30 00 30 00 31 00 20 .s.e. .6 .0.0.1. [050] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. [060] 00 50 00 61 00 63 00 6B 00 20 00 31 00 2C 00 20 .P.a.c.k . .1.,. [070] 00 76 00 2E 00 36 00 36 00 37 00 00 00 57 00 69 .v...6.6 .7...W.i [080] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e [090] 00 72 00 76 00 65 00 72 00 20 00 28 00 52 00 29 .r.v.e.r . .(.R.) [0A0] 00 20 00 32 00 30 00 30 00 38 00 20 00 45 00 6E . .2.0.0 .8. .E.n [0B0] 00 74 00 65 00 72 00 70 00 72 00 69 00 73 00 65 .t.e.r.p .r.i.s.e [0C0] 00 20 00 36 00 2E 00 30 00 00 00 4E 00 41 00 4D . .6...0 ...N.A.M [0D0] 00 36 00 00 .6.. [2008/03/19 17:34:42, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:42, 5] lib/util.c:show_msg(494) size=253 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=10069 smb_uid=16385 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 253 (0xFD) smb_vwv[ 2]= 0 (0x0) smb_bcc=212 [2008/03/19 17:34:42, 10] lib/util.c:dump_data(2264) [000] A2 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( [020] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. [030] 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 .E.n.t.e .r.p.r.i [040] 00 73 00 65 00 20 00 36 00 30 00 30 00 31 00 20 .s.e. .6 .0.0.1. [050] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. [060] 00 50 00 61 00 63 00 6B 00 20 00 31 00 2C 00 20 .P.a.c.k . .1.,. [070] 00 76 00 2E 00 36 00 36 00 37 00 00 00 57 00 69 .v...6.6 .7...W.i [080] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e [090] 00 72 00 76 00 65 00 72 00 20 00 28 00 52 00 29 .r.v.e.r . .(.R.) [0A0] 00 20 00 32 00 30 00 30 00 38 00 20 00 45 00 6E . .2.0.0 .8. .E.n [0B0] 00 74 00 65 00 72 00 70 00 72 00 69 00 73 00 65 .t.e.r.p .r.i.s.e [0C0] 00 20 00 36 00 2E 00 30 00 00 00 4E 00 41 00 4D . .6...0 ...N.A.M [0D0] 00 36 00 00 .6.. [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,82) [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,82) wrote 82 [2008/03/19 17:34:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 56 [2008/03/19 17:34:42, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:42, 5] lib/util.c:show_msg(494) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=40962 smb_pid=10069 smb_uid=16385 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]=65535 (0xFFFF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]= 31 (0x1F) smb_bcc=7 [2008/03/19 17:34:42, 10] lib/util.c:dump_data(2264) [000] 49 50 43 00 00 00 00 IPC.... [2008/03/19 17:34:42, 10] libsmb/clientgen.c:cli_init_creds(254) cli_init_creds: user domain [2008/03/19 17:34:42, 10] libsmb/namequery.c:saf_store(74) saf_store: domain = [NAM6], server = [nam6.jp], expire = [1205916582] [2008/03/19 17:34:42, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/NAM6; value = nam6.jp and timeout = Wed Mar 19 17:49:42 2008 (900 seconds ahead) [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,104) [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,104) wrote 104 [2008/03/19 17:34:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/03/19 17:34:42, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:42, 5] lib/util.c:show_msg(494) size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=49153 smb_tid=40962 smb_pid=10069 smb_uid=16385 smb_mid=4 smt_wct=0 smb_bcc=0 [2008/03/19 17:34:42, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223) cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine nam6.jp. Error was NT_STATUS_ACCESS_DENIED [2008/03/19 17:34:42, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/local/samba/samba/samba-3.0.28a//lib/en_US.UTF-8.msg: No such file or directory Could not initialise lsa pipe [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,39) [2008/03/19 17:34:42, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,39) wrote 39 [2008/03/19 17:34:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/03/19 17:34:42, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:42, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=40962 smb_pid=10069 smb_uid=16385 smb_mid=5 smt_wct=0 smb_bcc=0 [2008/03/19 17:34:42, 10] lib/gencache.c:gencache_get(212) Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found [2008/03/19 17:34:42, 5] libads/dns.c:sitename_fetch(674) sitename_fetch: No stored sitename for [2008/03/19 17:34:42, 10] libsmb/namequery.c:internal_resolve_name(1166) internal_resolve_name: looking up nam6.jp#20 (sitename (null)) [2008/03/19 17:34:42, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = NBT/NAM6.JP#20, value = 172.16.130.234:0, timeout = Wed Mar 19 17:45:42 2008 [2008/03/19 17:34:42, 5] libsmb/namecache.c:namecache_fetch(214) name nam6.jp#20 found. Password: [2008/03/19 17:34:45, 3] libsmb/cliconnect.c:cli_start_connection(1556) Connecting to host=nam6.jp [2008/03/19 17:34:45, 3] lib/util_sock.c:open_socket_out(874) Connecting to 172.16.130.234 at port 445 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 16384 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/03/19 17:34:45, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,194) [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,194) wrote 194 [2008/03/19 17:34:45, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 111 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=111 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=10069 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=24064 (0x5E00) smb_vwv[12]=17619 (0x44D3) smb_vwv[13]=39902 (0x9BDE) smb_vwv[14]=51337 (0xC889) smb_vwv[15]=58369 (0xE401) smb_vwv[16]= 2301 (0x8FD) smb_bcc=42 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] D0 71 87 27 8A DA C9 B5 4E 00 41 00 4D 00 36 00 .q.'.... N.A.M.6. [010] 00 00 4C 00 4F 00 4E 00 47 00 48 00 4F 00 52 00 ..L.O.N. G.H.O.R. [020] 4E 00 2D 00 44 00 31 00 00 00 N.-.D.1. .. [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=111 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=10069 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=24064 (0x5E00) smb_vwv[12]=17619 (0x44D3) smb_vwv[13]=39902 (0x9BDE) smb_vwv[14]=51337 (0xC889) smb_vwv[15]=58369 (0xE401) smb_vwv[16]= 2301 (0x8FD) smb_bcc=42 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] D0 71 87 27 8A DA C9 B5 4E 00 41 00 4D 00 36 00 .q.'.... N.A.M.6. [010] 00 00 4C 00 4F 00 4E 00 47 00 48 00 4F 00 52 00 ..L.O.N. G.H.O.R. [020] 4E 00 2D 00 44 00 31 00 00 00 N.-.D.1. .. [2008/03/19 17:34:45, 5] libsmb/smb_signing.c:set_smb_signing_real_common(126) Mandatory SMB signing enabled! [2008/03/19 17:34:45, 5] libsmb/smb_signing.c:set_smb_signing_real_common(130) SMB signing enabled! [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:cli_simple_set_signing(475) cli_simple_set_signing: user_session_key [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] BD E8 16 F2 29 52 0B 9E 45 A1 EC 86 0A CF C5 A4 ....)R.. E....... [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:cli_simple_set_signing(480) cli_simple_set_signing: response_data [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 58 B8 34 D3 74 BA 65 EF FC 85 D8 33 F5 5A AC E0 X.4.t.e. ...3.Z.. [010] 38 22 F4 78 96 B0 B3 4A 8".x...J [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 0 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] D8 ED E8 57 A0 EA E8 F3 ...W.... [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 1 mid = 2 [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,174) [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,174) wrote 174 [2008/03/19 17:34:45, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 253 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=253 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=0 smb_pid=10069 smb_uid=18435 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 253 (0xFD) smb_vwv[ 2]= 0 (0x0) smb_bcc=212 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 82 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( [020] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. [030] 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 .E.n.t.e .r.p.r.i [040] 00 73 00 65 00 20 00 36 00 30 00 30 00 31 00 20 .s.e. .6 .0.0.1. [050] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. [060] 00 50 00 61 00 63 00 6B 00 20 00 31 00 2C 00 20 .P.a.c.k . .1.,. [070] 00 76 00 2E 00 36 00 36 00 37 00 00 00 57 00 69 .v...6.6 .7...W.i [080] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e [090] 00 72 00 76 00 65 00 72 00 20 00 28 00 52 00 29 .r.v.e.r . .(.R.) [0A0] 00 20 00 32 00 30 00 30 00 38 00 20 00 45 00 6E . .2.0.0 .8. .E.n [0B0] 00 74 00 65 00 72 00 70 00 72 00 69 00 73 00 65 .t.e.r.p .r.i.s.e [0C0] 00 20 00 36 00 2E 00 30 00 00 00 4E 00 41 00 4D . .6...0 ...N.A.M [0D0] 00 36 00 00 .6.. [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 1 mid = 2 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 1 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 1: got good SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 02 CD 1F FC ED C0 F4 78 .......x [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 2 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 90 50 F3 82 7D 96 64 2D .P..}.d- [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 3 mid = 3 [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,82) [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,82) wrote 82 [2008/03/19 17:34:45, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 56 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]=65535 (0xFFFF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]= 31 (0x1F) smb_bcc=7 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 49 50 43 00 00 00 00 IPC.... [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 3 mid = 3 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 3 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 3: got good SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] C4 2F 8F 2B 3B F7 A3 E4 ./.+;... [2008/03/19 17:34:45, 10] libsmb/clientgen.c:cli_init_creds(254) cli_init_creds: user administrator domain NAM6 [2008/03/19 17:34:45, 10] libsmb/namequery.c:saf_store(74) saf_store: domain = [NAM6], server = [nam6.jp], expire = [1205916585] [2008/03/19 17:34:45, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/NAM6; value = nam6.jp and timeout = Wed Mar 19 17:49:45 2008 (900 seconds ahead) [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 4 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 68 D9 A8 90 94 CE A2 2E h....... [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 5 mid = 4 [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,104) [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,104) wrote 104 [2008/03/19 17:34:45, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 5 mid = 4 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 5 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 5: got good SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 4D 54 D8 8D 70 28 2B ED MT..p(+. [2008/03/19 17:34:45, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[4003]: \lsarpc auth_type 0, auth_level 0 [2008/03/19 17:34:45, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... [2008/03/19 17:34:45, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2008/03/19 17:34:45, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345778 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 89 ab [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000000 [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2008/03/19 17:34:45, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/03/19 17:34:45, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=87 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 6 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] A9 D1 A8 52 F1 C0 09 7B ...R...{ [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 7 mid = 5 [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,158) [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,158) wrote 158 [2008/03/19 17:34:45, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 D9 62 00 00 0C 00 5C 70 69 70 65 ......b. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 7 mid = 5 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 7 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 7: got good SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] EA 8D 22 92 B6 A6 21 E0 .."...!. [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 D9 62 00 00 0C 00 5C 70 69 70 65 ......b. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/03/19 17:34:45, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/03/19 17:34:45, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 returned 68 bytes. [2008/03/19 17:34:45, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 bind request returned ok. [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 000062d9 [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \pipe\lsass. [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2008/03/19 17:34:45, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/03/19 17:34:45, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/03/19 17:34:45, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine nam6.jp and bound anonymously. [2008/03/19 17:34:45, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) init_lsa_sec_qos [2008/03/19 17:34:45, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) init_open_pol: attr:0 da:33554432 [2008/03/19 17:34:45, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 system_name: 005c [2008/03/19 17:34:45, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 len : 00000018 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c ptr_root_dir: 00000000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 ptr_obj_name: 00000000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 attributes : 00000000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 ptr_sec_desc: 00000000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c ptr_sec_qos : 00000001 [2008/03/19 17:34:45, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_qos sec_qos [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 len : 0000000c [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 sec_imp_level : 0002 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0026 sec_ctxt_mode : 01 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0027 effective_only: 00 [2008/03/19 17:34:45, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 des_access: 02000000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000002c [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:45, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0006 [2008/03/19 17:34:45, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=83 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 8 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] D9 D3 0D C8 23 3E EC 76 ....#>.v [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 9 mid = 6 [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,154) [2008/03/19 17:34:45, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,154) wrote 154 [2008/03/19 17:34:45, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 7B 6D 09 ........ .....{m. [020] 62 D1 C2 A0 42 9F 40 7B 17 A6 95 65 07 00 00 00 b...B.@{ ...e.... [030] 00 . [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 9 mid = 6 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 9 [2008/03/19 17:34:45, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 9: got good SMB signature of [2008/03/19 17:34:45, 10] lib/util.c:dump_data(2264) [000] 80 0A 1F 9D BF 9C 4A A0 ......J. [2008/03/19 17:34:45, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:45, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 7B 6D 09 ........ .....{m. [020] 62 D1 C2 A0 42 9F 40 7B 17 A6 95 65 07 00 00 00 b...B.@{ ...e.... [030] 00 . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 returned 48 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 62096d7b [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : c2d1 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 42a0 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 9f 40 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 7b 17 a6 95 65 07 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/19 17:34:46, 5] rpc_parse/parse_lsa.c:init_q_query(488) init_q_query [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 62096d7b [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : c2d1 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 42a0 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 9f 40 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 7b 17 a6 95 65 07 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 info_class: 0005 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000016 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0007 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=61 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 7B 6D 09 62 D1 ........ ...{m.b. [030] C2 A0 42 9F 40 7B 17 A6 95 65 07 05 00 ..B.@{.. .e... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 10 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 2A 55 34 C2 20 D0 C8 74 *U4. ..t [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 11 mid = 7 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,132) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,132) wrote 132 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 152 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .H...... ........ [020] 00 08 00 0A 00 04 00 02 00 08 00 02 00 05 00 00 ........ ........ [030] 00 00 00 00 00 04 00 00 00 4E 00 41 00 4D 00 36 ........ .N.A.M.6 [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 28 74 A6 31 A6 96 C4 FC 93 1C 84 F8 00 00 00 .(t.1... ........ [060] 00 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 11 mid = 7 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 11 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 11: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] A2 E9 D7 5B A5 CD DC CC ...[.... [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .H...... ........ [020] 00 08 00 0A 00 04 00 02 00 08 00 02 00 05 00 00 ........ ........ [030] 00 00 00 00 00 04 00 00 00 4E 00 41 00 4D 00 36 ........ .N.A.M.6 [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 28 74 A6 31 A6 96 C4 FC 93 1C 84 F8 00 00 00 .(t.1... ........ [060] 00 . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0060 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000048 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 96, data_len 72, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 96 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 returned 144 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 dom_ptr: 00020000 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 info_class: 0005 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 uni_dom_max_len: 0008 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a uni_dom_str_len: 000a [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c buffer_dom_name: 00020004 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 buffer_dom_sid : 00020008 [2008/03/19 17:34:46, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 uni_max_len: 00000005 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 offset : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c uni_str_len: 00000004 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0020 buffer : N.A.M.6. [2008/03/19 17:34:46, 8] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_dom_sid2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 num_auths: 00000004 [2008/03/19 17:34:46, 9] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid sid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002c sid_rev_num: 01 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002d num_auths : 04 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002e id_auth[0] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 002f id_auth[1] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0030 id_auth[2] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0031 id_auth[3] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0032 id_auth[4] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0033 id_auth[5] : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32s(997) 0034 sub_auths : 00000015 31a67428 fcc496a6 f8841c93 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0044 status: NT_STATUS_OK [2008/03/19 17:34:46, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(2148) init_lsa_q_close [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 62096d7b [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : c2d1 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 42a0 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 9f 40 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 7b 17 a6 95 65 07 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000014 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0000 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=59 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 7B 6D 09 62 D1 ........ ...{m.b. [030] C2 A0 42 9F 40 7B 17 A6 95 65 07 ..B.@{.. .e. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 12 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] A5 4E F3 AF 89 84 B3 0A .N...... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 13 mid = 8 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,130) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,130) wrote 130 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 13 mid = 8 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 13 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 13: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] C5 1E 61 BB 70 3D A1 FC ..a.p=.. [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \lsarpc fnum 0x4003 returned 48 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 00 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 00 00 00 00 00 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 14 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 98 5B 81 99 AC 8D 2B BB .[....+. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 15 mid = 9 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,45) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,45) wrote 45 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=9 smt_wct=0 smb_bcc=0 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 15 mid = 9 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 15 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 15: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 70 14 3C C3 C7 3B BE 01 p.<..;.. [2008/03/19 17:34:46, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) cli_rpc_pipe_close: closed pipe \lsarpc to machine nam6.jp [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 16 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 2F 7E D8 8C 59 47 BD 89 /~..YG.. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 17 mid = 10 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,100) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,100) wrote 100 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 17 mid = 10 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 17 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 17: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 48 08 E4 91 B4 9F 4C 40 H.....L@ [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[4004]: \samr auth_type 0, auth_level 0 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4... ...#Eg.. [010] 01 00 00 00 .... [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345778 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 89 ac [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000001 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=87 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 18 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 68 2E D9 D1 1C AE 43 EF h.....C. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 19 mid = 11 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,158) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,158) wrote 158 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 DA 62 00 00 0C 00 5C 70 69 70 65 ......b. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 19 mid = 11 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 19 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 19: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 46 40 2E 46 B2 8B 2D 62 F@.F..-b [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 DA 62 00 00 0C 00 5C 70 69 70 65 ......b. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 68 bytes. [2008/03/19 17:34:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine nam6.jp pipe \samr fnum 0x4004 bind request returned ok. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 000062da [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \pipe\lsass. [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) cli_rpc_pipe_open_noauth: opened pipe \samr to machine nam6.jp and bound anonymously. [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_connect(36) cli_samr_connect to nam6.jp [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_connect(7039) init_samr_q_connect [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_connect [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr_srv_name: 00000001 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 00000008 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 00000008 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : n.a.m.6...j.p... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 access_mask: 02000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 003c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000024 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0039 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=75 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 24 .......< .......$ [020] 00 00 00 00 00 39 00 01 00 00 00 08 00 00 00 00 .....9.. ........ [030] 00 00 00 08 00 00 00 6E 00 61 00 6D 00 36 00 2E .......n .a.m.6.. [040] 00 6A 00 70 00 00 00 00 00 00 02 .j.p.... ... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 20 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 9D 0C B7 BA 13 C5 F8 A5 ........ [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 21 mid = 12 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,146) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,146) wrote 146 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 12 E0 6F ........ .......o [020] 13 DC D2 EB 44 A8 BB 0E 33 45 5D 8B A1 00 00 00 ....D... 3E]..... [030] 00 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 21 mid = 12 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 21 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 21: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 9A 10 7A 14 A5 E8 81 22 ..z...." [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 12 E0 6F ........ .......o [020] 13 DC D2 EB 44 A8 BB 0E 33 45 5D 8B A1 00 00 00 ....D... 3E]..... [030] 00 . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 48 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_connect [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd connect_pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 136fe012 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : d2dc [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 44eb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : a8 bb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 0e 33 45 5d 8b a1 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_open_domain(149) cli_samr_open_domain with sid S-1-5-21-832992296-4240742054-4169407635 [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_open_domain(248) samr_init_samr_q_open_domain [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_domain [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 136fe012 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : d2dc [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 44eb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : a8 bb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 0e 33 45 5d 8b a1 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 flags: 02000000 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_dom_sid2 sid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 num_auths: 00000004 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_dom_sid sid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001c sid_rev_num: 01 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001d num_auths : 04 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e id_auth[0] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001f id_auth[1] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0020 id_auth[2] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0021 id_auth[3] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0022 id_auth[4] : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0023 id_auth[5] : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32s(997) 0024 sub_auths : 00000015 31a67428 fcc496a6 f8841c93 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 004c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000034 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0007 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=91 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 [020] 00 00 00 00 00 07 00 00 00 00 00 12 E0 6F 13 DC ........ .....o.. [030] D2 EB 44 A8 BB 0E 33 45 5D 8B A1 00 00 00 02 04 ..D...3E ]....... [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 28 ........ .......( [050] 74 A6 31 A6 96 C4 FC 93 1C 84 F8 t.1..... ... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 22 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] E4 3C 0D 3C 4B 42 25 7B .<.F.%. ........ [030] 00 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 23 mid = 13 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 23 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 23: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 70 30 3A C5 78 8A A9 0D p0:.x... [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 26 04 BC ........ .....&.. [020] 5A 93 50 3E 46 81 25 9A 18 EB D3 1E D8 00 00 00 Z.P>F.%. ........ [030] 00 . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 48 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_domain [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 5abc0426 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 5093 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 463e [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 81 25 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 9a 18 eb d3 1e d8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/19 17:34:46, 10] utils/net_rpc_join.c:net_rpc_join_newstyle(237) Creating account with flags: -536543056 [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_create_dom_user(1654) cli_samr_create_dom_user feroz123$ [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_create_user(5187) samr_init_samr_q_create_user [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_create_user [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 5abc0426 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 5093 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 463e [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 81 25 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 9a 18 eb d3 1e d8 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr hdr_name [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 uni_str_len: 0012 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 uni_max_len: 0012 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 buffer : 00000001 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 uni_name [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c uni_max_len: 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 offset : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 uni_str_len: 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0028 buffer : f.e.r.o.z.1.2.3.$. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 003c acb_info : 00000080 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 acct_flags: e00500b0 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 005c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000008 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000044 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0032 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=107 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 08 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 32 00 00 00 00 00 26 04 BC 5A 93 .....2.. ...&..Z. [030] 50 3E 46 81 25 9A 18 EB D3 1E D8 12 00 12 00 01 P>F.%... ........ [040] 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 66 ........ .......f [050] 00 65 00 72 00 6F 00 7A 00 31 00 32 00 33 00 24 .e.r.o.z .1.2.3.$ [060] 00 00 00 80 00 00 00 B0 00 05 E0 ........ ... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 24 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 70 CA F3 FC 09 BB 9F 6B p......k [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 25 mid = 14 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,178) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,178) wrote 178 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 112 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 63 00 00 C0 .....c.. . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 25 mid = 14 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 25 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 25: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 56 F5 D0 05 AE 00 E5 B3 V....... [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 63 00 00 C0 .....c.. . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0038 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000008 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000020 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 56 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 64 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_create_user [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 00 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 00 00 00 00 00 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 access_granted: 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 user_rid : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 001c status: NT_STATUS_USER_EXISTS [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_lookup_names(1594) cli_samr_lookup_names [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_lookup_names(4824) init_samr_q_lookup_names [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_lookup_names [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 5abc0426 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 5093 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 463e [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 81 25 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 9a 18 eb d3 1e d8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 num_names1: 00000001 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 flags : 000003e8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c ptr : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 num_names2: 00000001 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unihdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 uni_str_len: 0012 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 uni_max_len: 0012 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 buffer : 00000001 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c uni_max_len: 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 offset : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 uni_str_len: 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0038 buffer : f.e.r.o.z.1.2.3.$. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0062 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000004a [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0011 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=113 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 09 00 00 00 4A .......b .......J [020] 00 00 00 00 00 11 00 00 00 00 00 26 04 BC 5A 93 ........ ...&..Z. [030] 50 3E 46 81 25 9A 18 EB D3 1E D8 01 00 00 00 E8 P>F.%... ........ [040] 03 00 00 00 00 00 00 01 00 00 00 12 00 12 00 01 ........ ........ [050] 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 66 ........ .......f [060] 00 65 00 72 00 6F 00 7A 00 31 00 32 00 33 00 24 .e.r.o.z .1.2.3.$ [070] 00 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 26 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 6F 47 C5 2E FD DB 42 47 oG....BG [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 27 mid = 15 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,184) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,184) wrote 184 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [020] 00 01 00 00 00 09 10 00 00 01 00 00 00 04 00 02 ........ ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 27 mid = 15 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 27 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 27: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] DF 04 82 C5 39 28 37 9A ....9(7. [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [020] 00 01 00 00 00 09 10 00 00 01 00 00 00 04 00 02 ........ ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 003c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000024 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 60 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 72 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_lookup_names [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 num_rids1: 00000001 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 ptr_rids : 00020000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 num_rids2: 00000001 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c rid[00] : 00001009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 num_types1: 00000001 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 ptr_types : 00020004 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 num_types2: 00000001 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c type[00] : 00000001 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0020 status: NT_STATUS_OK [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_open_user(187) cli_samr_open_user with rid 0x1009 [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_open_user(5118) samr_init_samr_q_open_user [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_user [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 5abc0426 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 5093 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 463e [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 81 25 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 9a 18 eb d3 1e d8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 access_mask: 02000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 user_rid : 00001009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0034 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000a [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000001c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0022 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=67 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 0A 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 22 00 00 00 00 00 26 04 BC 5A 93 .....".. ...&..Z. [030] 50 3E 46 81 25 9A 18 EB D3 1E D8 00 00 00 02 09 P>F.%... ........ [040] 10 00 00 ... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 28 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 10 AF 89 6D DE 61 3E 09 ...m.a>. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 29 mid = 16 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,138) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,138) wrote 138 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 44 B8 EF ........ .....D.. [020] 73 9D 06 C4 46 A1 92 3B A9 63 C5 2B 48 00 00 00 s...F..; .c.+H... [030] 00 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 29 mid = 16 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 29 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 29: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] AF CF 51 F1 C7 84 1B C0 ..Q..... [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 44 B8 EF ........ .....D.. [020] 73 9D 06 C4 46 A1 92 3B A9 63 C5 2B 48 00 00 00 s...F..; .c.+H... [030] 00 . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000a [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 48 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_user [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 73efb844 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 069d [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 46c4 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : a1 92 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 3b a9 63 c5 2b 48 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/19 17:34:46, 10] rpc_parse/parse_samr.c:init_sam_user_info24(5612) init_sam_user_info24: [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo(1698) cli_samr_set_userinfo [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo(6879) init_samr_q_set_userinfo [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_userinfo_ctr(6648) init_samr_userinfo_ctr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_set_userinfo [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 73efb844 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 069d [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 46c4 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : a1 92 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 3b a9 63 c5 2b 48 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 switch_value: 0018 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 samr_io_userinfo_ctr ctr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 switch_value: 0018 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 sam_io_user_info24 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0018 password: 04 cd e5 4e 67 a2 3e e9 11 08 80 5c 5e 0b b6 c2 b5 71 59 ec d2 2e a7 01 39 e3 9f 12 44 4a 7e cf fc 56 d8 2b b3 d1 88 1c 9e fc 62 47 2b 6f da 85 ae 46 38 79 5a 96 18 12 24 df 47 f2 35 62 e7 3d 38 22 70 54 e4 c7 53 48 82 95 0c 80 db cb ca 13 0e d3 8e 2e 78 0e 00 98 f2 ae 1c c9 da 95 4f 1c 59 98 f5 ad 92 37 f0 eb 0d e8 1b 4e e8 4c 51 40 27 d1 4b dc 03 2c 8d 26 50 69 dd 28 26 7a 44 ef 9f e2 88 e5 52 3f 8e 87 b2 df 67 2d 58 62 78 c4 ad 1b 48 a7 ed 0e ea 11 a8 cc 8f f7 8b 54 53 79 48 ea 51 94 2e 11 da fa 6b 1a 1b af d5 b1 6a c1 16 89 51 3f 6e a0 73 dc 8a 30 be 8c ec 3a 28 42 6f 89 64 da 37 18 10 3c 36 2b 17 93 0c 75 9b 5e 1a 9c 42 47 23 d2 76 94 20 4b e2 c3 d9 d3 50 b9 d3 03 96 e7 9d be a4 2a 49 e7 00 4d d2 23 d4 31 3f 99 eb 3b f7 a9 ae 28 bf 07 b7 82 c3 81 88 b0 58 00 f2 e5 e4 71 72 1f 08 4e a3 cc 24 89 6a 50 13 fd 7e cf 36 09 b2 73 64 db 31 03 8e 39 b5 e3 7b dd c7 87 85 01 87 aa 2c 50 e4 9a 5e 4f 16 25 98 e9 cc 58 7f e8 3d 32 ee d8 4b 4c 07 ec 47 bf da 86 49 e8 e8 20 1e 0e de fd a4 c +> 6 c7 88 04 94 00 08 7e e4 2a 40 0c 9b be 5b ca 69 29 7e a1 02 c0 f2 18 ca 08 48 d2 0c 7c 6f 19 fa 55 20 c4 c2 3c 55 58 16 e7 68 04 c1 73 8b c7 80 f6 7a d1 9b b2 b3 c6 fe 87 01 12 8a dc cf 5a b2 32 1d 79 cb d5 71 58 2f 12 5a c6 52 d9 a0 a6 32 0e ec 80 d7 cd e9 78 dd 75 02 6f b6 a9 52 e4 f6 5c 46 5a 5e 19 31 5b 35 cc 63 ea 62 bc b3 3d 9b 23 e7 97 dd c7 64 5f d3 b3 c9 85 42 ce 26 dc 02 fd 4c 53 9d d8 03 3f 7d f9 ae 05 8a 3e 51 11 a1 ed 69 03 bc 17 27 0c 8b cc eb 79 1d df b4 9f b8 d2 b8 b2 25 2c 1d a8 5d 6b bb 8a 6e 8b 7a be 90 82 9d 8f 1d 00 cf d6 83 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 021c pw_len: 18 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0235 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000b [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000021d [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 003a [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=647 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 565 (0x235) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 565 (0x235) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=580 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 35 02 00 00 0B 00 00 00 1D .......5 ........ [020] 02 00 00 00 00 3A 00 00 00 00 00 44 B8 EF 73 9D .....:.. ...D..s. [030] 06 C4 46 A1 92 3B A9 63 C5 2B 48 18 00 18 00 04 ..F..;.c .+H..... [040] CD E5 4E 67 A2 3E E9 11 08 80 5C 5E 0B B6 C2 B5 ..Ng.>.. ..\^.... [050] 71 59 EC D2 2E A7 01 39 E3 9F 12 44 4A 7E CF FC qY.....9 ...DJ~.. [060] 56 D8 2B B3 D1 88 1C 9E FC 62 47 2B 6F DA 85 AE V.+..... .bG+o... [070] 46 38 79 5A 96 18 12 24 DF 47 F2 35 62 E7 3D 38 F8yZ...$ .G.5b.=8 [080] 22 70 54 E4 C7 53 48 82 95 0C 80 DB CB CA 13 0E "pT..SH. ........ [090] D3 8E 2E 78 0E 00 98 F2 AE 1C C9 DA 95 4F 1C 59 ...x.... .....O.Y [0A0] 98 F5 AD 92 37 F0 EB 0D E8 1B 4E E8 4C 51 40 27 ....7... ..N.LQ@' [0B0] D1 4B DC 03 2C 8D 26 50 69 DD 28 26 7A 44 EF 9F .K..,.&P i.(&zD.. [0C0] E2 88 E5 52 3F 8E 87 B2 DF 67 2D 58 62 78 C4 AD ...R?... .g-Xbx.. [0D0] 1B 48 A7 ED 0E EA 11 A8 CC 8F F7 8B 54 53 79 48 .H...... ....TSyH [0E0] EA 51 94 2E 11 DA FA 6B 1A 1B AF D5 B1 6A C1 16 .Q.....k .....j.. [0F0] 89 51 3F 6E A0 73 DC 8A 30 BE 8C EC 3A 28 42 6F .Q?n.s.. 0...:(Bo [100] 89 64 DA 37 18 10 3C 36 2B 17 93 0C 75 9B 5E 1A .d.7..<6 +...u.^. [110] 9C 42 47 23 D2 76 94 20 4B E2 C3 D9 D3 50 B9 D3 .BG#.v. K....P.. [120] 03 96 E7 9D BE A4 2A 49 E7 00 4D D2 23 D4 31 3F ......*I ..M.#.1? [130] 99 EB 3B F7 A9 AE 28 BF 07 B7 82 C3 81 88 B0 58 ..;...(. .......X [140] 00 F2 E5 E4 71 72 1F 08 4E A3 CC 24 89 6A 50 13 ....qr.. N..$.jP. [150] FD 7E CF 36 09 B2 73 64 DB 31 03 8E 39 B5 E3 7B .~.6..sd .1..9..{ [160] DD C7 87 85 01 87 AA 2C 50 E4 9A 5E 4F 16 25 98 ......., P..^O.%. [170] E9 CC 58 7F E8 3D 32 EE D8 4B 4C 07 EC 47 BF DA ..X..=2. .KL..G.. [180] 86 49 E8 E8 20 1E 0E DE FD A4 C6 C7 88 04 94 00 .I.. ... ........ [190] 08 7E E4 2A 40 0C 9B BE 5B CA 69 29 7E A1 02 C0 .~.*@... [.i)~... [1A0] F2 18 CA 08 48 D2 0C 7C 6F 19 FA 55 20 C4 C2 3C ....H..| o..U ..< [1B0] 55 58 16 E7 68 04 C1 73 8B C7 80 F6 7A D1 9B B2 UX..h..s ....z... [1C0] B3 C6 FE 87 01 12 8A DC CF 5A B2 32 1D 79 CB D5 ........ .Z.2.y.. [1D0] 71 58 2F 12 5A C6 52 D9 A0 A6 32 0E EC 80 D7 CD qX/.Z.R. ..2..... [1E0] E9 78 DD 75 02 6F B6 A9 52 E4 F6 5C 46 5A 5E 19 .x.u.o.. R..\FZ^. [1F0] 31 5B 35 CC 63 EA 62 BC B3 3D 9B 23 E7 97 DD C7 1[5.c.b. .=.#.... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 30 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] D8 88 D4 D9 B7 AA F0 0C ........ [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 31 mid = 17 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,651) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,651) wrote 651 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 31 mid = 17 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 31 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 31: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 57 BD EA 77 4B ED 40 E7 W..wK.@. [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 001c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000b [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000004 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 28 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 8 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0000 status: NT_STATUS_OK [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_sam_user_info16(5456) init_sam_user_info16 [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo2(1749) cli_samr_set_userinfo2 [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo2(6953) init_samr_q_set_userinfo2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_set_userinfo2 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 73efb844 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 069d [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 46c4 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : a1 92 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 3b a9 63 c5 2b 48 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 switch_value: 0010 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 samr_io_userinfo_ctr ctr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 switch_value: 0010 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 samr_io_r_user_info16 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 acb_info: 00000080 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0034 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000001c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0025 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=67 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 0C 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 25 00 00 00 00 00 44 B8 EF 73 9D .....%.. ...D..s. [030] 06 C4 46 A1 92 3B A9 63 C5 2B 48 10 00 10 00 80 ..F..;.c .+H..... [040] 00 00 00 ... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 32 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 04 B5 56 74 E6 FD 00 68 ..Vt...h [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 33 mid = 18 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,138) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,138) wrote 138 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 84 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 33 mid = 18 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 33 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 33: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 7B 16 0C 81 0D 96 1C D2 {....... [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 001c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000004 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 28 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 8 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0000 status: NT_STATUS_OK [2008/03/19 17:34:46, 10] rpc_client/cli_samr.c:rpccli_samr_close(109) cli_samr_close [2008/03/19 17:34:46, 5] rpc_parse/parse_samr.c:init_samr_q_close_hnd(38) init_samr_q_close_hnd [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_close_hnd [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 73efb844 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 069d [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 46c4 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : a1 92 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 3b a9 63 c5 2b 48 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000d [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000014 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0001 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16388 (0x4004) smb_bcc=59 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 00 14 ......., ........ [020] 00 00 00 00 00 01 00 00 00 00 00 44 B8 EF 73 9D ........ ...D..s. [030] 06 C4 46 A1 92 3B A9 63 C5 2B 48 ..F..;.c .+H [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 34 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] A4 63 1D A9 3D 81 8D 00 .c..=... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 35 mid = 19 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,130) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,130) wrote 130 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 35 mid = 19 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 35 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 35: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] CE 0B C1 E4 17 24 F6 DF .....$.. [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000d [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \samr fnum 0x4004 returned 48 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_close_hnd [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 00 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 00 00 00 00 00 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 36 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 17 AD DA A8 5E CA 7A CF ....^.z. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 37 mid = 20 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,45) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,45) wrote 45 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=20 smt_wct=0 smb_bcc=0 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 37 mid = 20 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 37 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 37: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 47 29 53 65 00 A0 7D 9F G)Se..}. [2008/03/19 17:34:46, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) cli_rpc_pipe_close: closed pipe \samr to machine nam6.jp [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 38 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 14 18 C5 01 8B F8 43 1D ......C. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 39 mid = 21 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,108) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,108) wrote 108 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=21 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1280 (0x500) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 39 mid = 21 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 39 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 39: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] A8 5A 76 F9 28 91 19 F1 .Zv.(... [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[4005]: \NETLOGON auth_type 0, auth_level 0 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000e [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345678 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 cf fb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000001 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \NETLOGON fnum 0x4005 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16389 (0x4005) smb_bcc=87 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0E 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 40 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] E0 51 F2 6F 42 8D FB 8F .Q.oB... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 41 mid = 22 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,158) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,158) wrote 158 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... [010] 00 B8 10 B8 10 DB 62 00 00 0C 00 5C 70 69 70 65 ......b. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 41 mid = 22 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 41 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 41: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 18 AB 55 87 04 93 8E 95 ..U..... [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... [010] 00 B8 10 B8 10 DB 62 00 00 0C 00 5C 70 69 70 65 ......b. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000e [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \NETLOGON fnum 0x4005 returned 68 bytes. [2008/03/19 17:34:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine nam6.jp pipe \NETLOGON fnum 0x4005 bind request returned ok. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000e [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 000062db [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \pipe\lsass. [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2008/03/19 17:34:46, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine nam6.jp and bound anonymously. [2008/03/19 17:34:46, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) cli_net_req_chal: LSA Request Challenge from FEROZ123 to \\nam6.jp [2008/03/19 17:34:46, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2008/03/19 17:34:46, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 undoc_buffer: 00000001 [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.n.a.m.6...j.p... [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 uni_max_len: 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 offset : 00000000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c uni_str_len: 00000009 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0030 buffer : F.E.R.O.Z.1.2.3... [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_chal [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0042 data: 43 11 8e 13 dc 1d c7 d7 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0062 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000f [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000004a [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0004 [2008/03/19 17:34:46, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine nam6.jp pipe \NETLOGON fnum 0x4005 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=49153 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16389 (0x4005) smb_bcc=113 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 0F 00 00 00 4A .......b .......J [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 6E 00 61 00 6D .......\ .\.n.a.m [040] 00 36 00 2E 00 6A 00 70 00 00 00 09 00 00 00 00 .6...j.p ........ [050] 00 00 00 09 00 00 00 46 00 45 00 52 00 4F 00 5A .......F .E.R.O.Z [060] 00 31 00 32 00 33 00 00 00 43 11 8E 13 DC 1D C7 .1.2.3.. .C...... [070] D7 . [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 42 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] A4 D0 FC 45 F4 F5 A6 E5 ...E.... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 43 mid = 23 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,184) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,184) wrote 184 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 22 01 00 C0 ."... [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 43 mid = 23 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 43 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 43: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 40 7A 9F 93 43 7E 5F 1C @z..C~_. [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 22 01 00 C0 ."... [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0024 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000f [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000000c [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 36 at offset 0 [2008/03/19 17:34:46, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine nam6.jp pipe \NETLOGON fnum 0x4005 returned 24 bytes. [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2008/03/19 17:34:46, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0000 data: 00 00 00 00 00 00 00 00 [2008/03/19 17:34:46, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0008 status: NT_STATUS_INVALID_COMPUTER_NAME [2008/03/19 17:34:46, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(356) Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain NAM6. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 44 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 74 68 D2 4F A0 C1 C8 56 th.O...V [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 45 mid = 24 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,45) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,45) wrote 45 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=24 smt_wct=0 smb_bcc=0 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 45 mid = 24 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 45 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 45: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 90 48 68 BF 8E 4E 98 5E .Hh..N.^ [2008/03/19 17:34:46, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) cli_rpc_pipe_close: closed pipe \NETLOGON to machine nam6.jp [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 46 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_sign_outgoing_message(334) client_sign_outgoing_message: sent SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] 81 29 3F BB AB 35 47 D8 .)?..5G. [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 47 mid = 25 [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(153) write_socket(4,39) [2008/03/19 17:34:46, 6] libsmb/clientgen.c:write_socket(156) write_socket(4,39) wrote 39 [2008/03/19 17:34:46, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/03/19 17:34:46, 5] lib/util.c:show_msg(484) [2008/03/19 17:34:46, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49157 smb_tid=40966 smb_pid=10069 smb_uid=18435 smb_mid=25 smt_wct=0 smb_bcc=0 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 47 mid = 25 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:simple_packet_signature(268) simple_packet_signature: sequence number 47 [2008/03/19 17:34:46, 10] libsmb/smb_signing.c:client_check_incoming_message(415) client_check_incoming_message: seq 47: got good SMB signature of [2008/03/19 17:34:46, 10] lib/util.c:dump_data(2264) [000] A8 8D 8A 87 36 30 E0 EC ....60.. [2008/03/19 17:34:46, 2] utils/net.c:main(1046) return code = 1 [root@feroz123 bin]#