lp_load: refreshing parameters Initialising global parameters params.c:OpenConfFile() - Unable to open configuration file "/home/yogesh/.smb/smb.conf": No such file or directory pm_process() returned No lp_servicenumber: couldn't find homes set_server_role: role = ROLE_STANDALONE Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE map_file: Failed to load /usr/local/samba/lib/valid.dat - No such file or directory creating default valid table Could not load config file: /home/yogesh/.smb/smb.conf lp_load: refreshing parameters params.c:OpenConfFile() - Unable to open configuration file "/usr/local/samba/lib/smb.conf": No such file or directory pm_process() returned No lp_servicenumber: couldn't find homes set_server_role: role = ROLE_STANDALONE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Could not load config file: /usr/local/samba/lib/smb.conf added interface ip=172.17.8.208 bcast=172.17.8.255 nmask=255.255.255.0 Using netbios name YOGESH. Using workgroup WORKGROUP. smbc_stat(smb://172.17.8.186/demo/code/array.c) smbc_server: server_n=[172.17.8.186] server=[172.17.8.186] -> server_n=[172.17.8.186] server=[172.17.8.186] Opening cache file at /usr/local/samba/var/locks/gencache.tdb tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba/var/locks/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. Connecting to 172.17.8.186 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 session request ok write_socket(3,194) write_socket(3,194) wrote 194 got smb length of 85 size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]= 2563 (0xA03) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 483 (0x1E3) smb_vwv[11]=51840 (0xCA80) smb_vwv[12]=18672 (0x48F0) smb_vwv[13]=16963 (0x4243) smb_vwv[14]=51397 (0xC8C5) smb_vwv[15]=46593 (0xB601) smb_vwv[16]= 254 (0xFE) smb_bcc=16 [000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]= 2563 (0xA03) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 483 (0x1E3) smb_vwv[11]=51840 (0xCA80) smb_vwv[12]=18672 (0x48F0) smb_vwv[13]=16963 (0x4243) smb_vwv[14]=51397 (0xC8C5) smb_vwv[15]=46593 (0xB601) smb_vwv[16]= 254 (0xFE) smb_bcc=16 [000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot write_socket(3,166) write_socket(3,166) wrote 166 got smb length of 320 size=320 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 320 (0x140) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 185 (0xB9) smb_bcc=277 [000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 [030] 00 00 00 15 82 8A 62 4C 9F FA C4 E2 87 64 AF 00 ......bL .....d.. [040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... [050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E [060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N [070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C [080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e [090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r [0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... [0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d [0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [110] 00 32 00 00 00 .2... size=320 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 320 (0x140) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 185 (0xB9) smb_bcc=277 [000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 [030] 00 00 00 15 82 8A 62 4C 9F FA C4 E2 87 64 AF 00 ......bL .....d.. [040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... [050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E [060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N [070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C [080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e [090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r [0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... [0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d [0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [110] 00 32 00 00 00 .2... Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_CHAL_ACCEPT_RESPONSE NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [000] E1 F3 E4 E1 B5 4B 98 CD .....K.. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH write_socket(3,264) write_socket(3,264) wrote 264 got smb length of 144 size=144 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=101 [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [060] 00 32 00 00 00 .2... size=144 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=101 [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [060] 00 32 00 00 00 .2... session setup ok write_socket(3,94) write_socket(3,94) wrote 94 got smb length of 62 size=62 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 62 (0x3E) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 447 (0x1BF) smb_vwv[ 4]= 19 (0x13) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_bcc=13 [000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... tconx ok Server connect ok: //172.17.8.186/demo: 0x6ab900 smbc_getatr: sending qpathinfo size=102 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=5 smt_wct=15 smb_vwv[ 0]= 34 (0x22) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]= 4356 (0x1104) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 34 (0x22) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 102 (0x66) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=37 [000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d [010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. [020] 00 63 00 00 00 .c... write_socket(3,106) write_socket(3,106) wrote 106 got smb length of 168 size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . smbc_getxattr(smb://172.17.8.186/demo/code/array.c, system.nt_sec_desc.owner+) Connecting to host=172.17.8.186 Opening cache file at /usr/local/samba/var/locks/gencache.tdb tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba/var/locks/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. Connecting to 172.17.8.186 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 85 size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]= 2563 (0xA03) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 483 (0x1E3) smb_vwv[11]=32384 (0x7E80) smb_vwv[12]=19893 (0x4DB5) smb_vwv[13]=16963 (0x4243) smb_vwv[14]=51397 (0xC8C5) smb_vwv[15]=46593 (0xB601) smb_vwv[16]= 254 (0xFE) smb_bcc=16 [000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]= 2563 (0xA03) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 483 (0x1E3) smb_vwv[11]=32384 (0x7E80) smb_vwv[12]=19893 (0x4DB5) smb_vwv[13]=16963 (0x4243) smb_vwv[14]=51397 (0xC8C5) smb_vwv[15]=46593 (0xB601) smb_vwv[16]= 254 (0xFE) smb_bcc=16 [000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot write_socket(5,166) write_socket(5,166) wrote 166 got smb length of 320 size=320 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 320 (0x140) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 185 (0xB9) smb_bcc=277 [000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 [030] 00 00 00 15 82 8A 62 88 0B F3 10 22 FA 62 2E 00 ......b. ...".b.. [040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... [050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E [060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N [070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C [080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e [090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r [0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... [0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d [0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [110] 00 32 00 00 00 .2... size=320 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 320 (0x140) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 185 (0xB9) smb_bcc=277 [000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 [030] 00 00 00 15 82 8A 62 88 0B F3 10 22 FA 62 2E 00 ......b. ...".b.. [040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... [050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E [060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N [070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C [080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e [090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r [0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... [0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d [0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [110] 00 32 00 00 00 .2... Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_CHAL_ACCEPT_RESPONSE NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [000] 96 9A E9 ED 6C 37 08 09 ....l7.. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH write_socket(5,264) write_socket(5,264) wrote 264 got smb length of 144 size=144 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=101 [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [060] 00 32 00 00 00 .2... size=144 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11668 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=101 [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 [020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. [060] 00 32 00 00 00 .2... write_socket(5,94) write_socket(5,94) wrote 94 got smb length of 56 size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... cli_init_creds: user test domain Workgroup write_socket(5,104) write_socket(5,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 Bind RPC Pipe[4000]: \lsarpc auth_type 0, auth_level 0 Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ab 0030 version: 00000000 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... write_socket(5,158) write_socket(5,158) wrote 158 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 5A AF 0B 00 0C 00 5C 50 49 50 45 .....Z.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 5A AF 0B 00 0C 00 5C 50 49 50 45 .....Z.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 rpc_api_pipe: got PDU len of 68 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 68 bytes. rpc_pipe_bind: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 bind request returned ok. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 000baf5a 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine 172.17.8.186 and bound anonymously. init_lsa_sec_qos init_open_pol: attr:0 da:536870912 init_lsa_obj_attr 000000 lsa_io_q_open_pol 0000 ptr : 00000001 0004 system_name: 005c 000008 lsa_io_obj_attr 0008 len : 00000018 000c ptr_root_dir: 00000000 0010 ptr_obj_name: 00000000 0014 attributes : 00000000 0018 ptr_sec_desc: 00000000 001c ptr_sec_qos : 00000001 000020 lsa_io_obj_qos sec_qos 0020 len : 0000000c 0024 sec_imp_level : 0002 0026 sec_ctxt_mode : 01 0027 effective_only: 00 lsa_io_sec_qos: length c does not match size 8 0028 des_access: 20000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000002c 0014 context_id: 0000 0016 opnum : 0006 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=83 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 20 .. write_socket(5,154) write_socket(5,154) wrote 154 got smb length of 104 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 ED D5 ........ .....C.. [020] 64 8E 0B DC 41 A3 6D 88 F3 3D BC 73 A9 00 00 00 d...A.m. .=.s.... [030] 00 . size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 ED D5 ........ .....C.. [020] 64 8E 0B DC 41 A3 6D 88 F3 3D BC 73 A9 00 00 00 d...A.m. .=.s.... [030] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got PDU len of 48 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 48 bytes. 000000 lsa_io_r_open_pol 000000 smb_io_pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 0014 status: NT_STATUS_OK write_socket(3,116) write_socket(3,116) wrote 116 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=10752 (0x2A00) smb_vwv[ 6]=38908 (0x97FC) smb_vwv[ 7]=22383 (0x576F) smb_vwv[ 8]=51321 (0xC879) smb_vwv[ 9]=59905 (0xEA01) smb_vwv[10]= 9159 (0x23C7) smb_vwv[11]=18077 (0x469D) smb_vwv[12]=51394 (0xC8C2) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=22416 (0x5790) smb_vwv[15]=11576 (0x2D38) smb_vwv[16]=51299 (0xC863) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=58503 (0xE487) smb_vwv[19]=16915 (0x4213) smb_vwv[20]=51328 (0xC880) smb_vwv[21]= 8193 (0x2001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 288 (0x120) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 2560 (0xA00) smb_vwv[28]= 275 (0x113) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 0 (0x0) smb_bcc=0 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=7 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 256 (0x100) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [000] 00 00 00 00 40 00 00 07 00 00 00 ....@... ... write_socket(3,88) write_socket(3,88) wrote 88 got smb length of 284 size=284 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=7 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=53248 (0xD000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18432 (0x4800) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53248 (0xD000) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19456 (0x4C00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=213 [000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. [010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ [020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... [050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ [060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ [070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ [090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... [0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S [0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ [0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [0D0] 00 21 02 00 00 .!... size=284 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=7 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=53248 (0xD000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18432 (0x4800) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53248 (0xD000) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19456 (0x4C00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=213 [000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. [010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ [020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... [050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ [060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ [070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ [090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... [0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S [0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ [0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [0D0] 00 21 02 00 00 .!... 000000 sec_io_desc sd data 0000 revision : 0001 0002 type : 8404 0004 off_owner_sid: 00000014 0008 off_grp_sid : 00000030 000c off_sacl : 00000000 0010 off_dacl : 0000004c 000014 smb_io_dom_sid owner_sid 0014 sid_rev_num: 01 0015 num_auths : 05 0016 id_auth[0] : 00 0017 id_auth[1] : 00 0018 id_auth[2] : 00 0019 id_auth[3] : 00 001a id_auth[4] : 00 001b id_auth[5] : 05 001c sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000030 smb_io_dom_sid group_sid 0030 sid_rev_num: 01 0031 num_auths : 05 0032 id_auth[0] : 00 0033 id_auth[1] : 00 0034 id_auth[2] : 00 0035 id_auth[3] : 00 0036 id_auth[4] : 00 0037 id_auth[5] : 05 0038 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 00004c sec_io_acl dacl 004c revision: 0002 004e size : 0084 0050 num_aces : 00000005 000054 sec_io_ace ace_list[00]: 0054 type : 00 0055 flags: 10 0056 size : 0014 0058 access_mask: 001301bf 00005c smb_io_dom_sid trustee 005c sid_rev_num: 01 005d num_auths : 01 005e id_auth[0] : 00 005f id_auth[1] : 00 0060 id_auth[2] : 00 0061 id_auth[3] : 00 0062 id_auth[4] : 00 0063 id_auth[5] : 01 0064 sub_auths : 00000000 000068 sec_io_ace ace_list[01]: 0068 type : 00 0069 flags: 10 006a size : 0018 006c access_mask: 001f01ff 000070 smb_io_dom_sid trustee 0070 sid_rev_num: 01 0071 num_auths : 02 0072 id_auth[0] : 00 0073 id_auth[1] : 00 0074 id_auth[2] : 00 0075 id_auth[3] : 00 0076 id_auth[4] : 00 0077 id_auth[5] : 05 0078 sub_auths : 00000020 00000220 000080 sec_io_ace ace_list[02]: 0080 type : 00 0081 flags: 10 0082 size : 0014 0084 access_mask: 001f01ff 000088 smb_io_dom_sid trustee 0088 sid_rev_num: 01 0089 num_auths : 01 008a id_auth[0] : 00 008b id_auth[1] : 00 008c id_auth[2] : 00 008d id_auth[3] : 00 008e id_auth[4] : 00 008f id_auth[5] : 05 0090 sub_auths : 00000012 000094 sec_io_ace ace_list[03]: 0094 type : 00 0095 flags: 10 0096 size : 0024 0098 access_mask: 001f01ff 00009c smb_io_dom_sid trustee 009c sid_rev_num: 01 009d num_auths : 05 009e id_auth[0] : 00 009f id_auth[1] : 00 00a0 id_auth[2] : 00 00a1 id_auth[3] : 00 00a2 id_auth[4] : 00 00a3 id_auth[5] : 05 00a4 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 0000b8 sec_io_ace ace_list[04]: 00b8 type : 00 00b9 flags: 10 00ba size : 0018 00bc access_mask: 001200a9 0000c0 smb_io_dom_sid trustee 00c0 sid_rev_num: 01 00c1 num_auths : 02 00c2 id_auth[0] : 00 00c3 id_auth[1] : 00 00c4 id_auth[2] : 00 00c5 id_auth[3] : 00 00c6 id_auth[4] : 00 00c7 id_auth[5] : 05 00c8 sub_auths : 00000020 00000221 write_socket(3,45) write_socket(3,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=8 smt_wct=0 smb_bcc=0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 03 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. [030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 224 size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 03 00 00 ........ ........ [010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X [050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ [060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ [080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ [090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r [0A0] 00 01 00 00 00 00 00 00 00 ........ . size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 03 00 00 ........ ........ [010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X [050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ [060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ [080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ [090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r [0A0] 00 01 00 00 00 00 00 00 00 ........ . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a8 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000090 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 168, data_len 144, ss_len 0 rpc_api_pipe: got PDU len of 168 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 288 bytes. 000000 lsa_io_r_lookup_sids 0000 ptr_dom_ref: 00020000 000004 lsa_io_dom_r_ref dom_ref 0004 num_ref_doms_1: 00000001 0008 ptr_ref_dom : 00020004 000c max_entries : 00000020 0010 num_ref_doms_2: 00000001 000014 smb_io_unihdr dom_ref[0] 0014 uni_str_len: 000e 0016 uni_max_len: 0010 0018 buffer : 00020008 001c sid_ptr[0] : 0002000c 000020 smb_io_unistr2 dom_ref[0] 0020 uni_max_len: 00000008 0024 offset : 00000000 0028 uni_str_len: 00000007 002c buffer : R.E.C.N.E.X.6. 00003c smb_io_dom_sid2 sid_ptr[0] 003c num_auths: 00000004 000040 smb_io_dom_sid sid 0040 sid_rev_num: 01 0041 num_auths : 04 0042 id_auth[0] : 00 0043 id_auth[1] : 00 0044 id_auth[2] : 00 0045 id_auth[3] : 00 0046 id_auth[4] : 00 0047 id_auth[5] : 05 0048 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000058 lsa_io_trans_names names 0058 num_entries : 00000001 005c ptr_trans_names: 00020010 0060 num_entries2 : 00000001 000064 lsa_io_trans_name name[0] 0064 sid_name_use: 0001 000068 smb_io_unihdr hdr_name 0068 uni_str_len: 0008 006a uni_max_len: 0008 006c buffer : 00020014 0070 domain_idx : 00000000 000074 smb_io_unistr2 name[0] 0074 uni_max_len: 00000004 0078 offset : 00000000 007c uni_str_len: 00000004 0080 buffer : u.s.e.r. 0088 mapped_count: 00000001 008c status : NT_STATUS_OK init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 04 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. [030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C 01 02 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 224 size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 04 00 00 ........ ........ [010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X [050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ [060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 02 00 00 ........ ........ [080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ [090] 00 00 00 00 00 04 00 00 00 4E 00 6F 00 6E 00 65 ........ .N.o.n.e [0A0] 00 01 00 00 00 00 00 00 00 ........ . size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 04 00 00 ........ ........ [010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X [050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ [060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 02 00 00 ........ ........ [080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ [090] 00 00 00 00 00 04 00 00 00 4E 00 6F 00 6E 00 65 ........ .N.o.n.e [0A0] 00 01 00 00 00 00 00 00 00 ........ . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a8 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000090 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 168, data_len 144, ss_len 0 rpc_api_pipe: got PDU len of 168 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 288 bytes. 000000 lsa_io_r_lookup_sids 0000 ptr_dom_ref: 00020000 000004 lsa_io_dom_r_ref dom_ref 0004 num_ref_doms_1: 00000001 0008 ptr_ref_dom : 00020004 000c max_entries : 00000020 0010 num_ref_doms_2: 00000001 000014 smb_io_unihdr dom_ref[0] 0014 uni_str_len: 000e 0016 uni_max_len: 0010 0018 buffer : 00020008 001c sid_ptr[0] : 0002000c 000020 smb_io_unistr2 dom_ref[0] 0020 uni_max_len: 00000008 0024 offset : 00000000 0028 uni_str_len: 00000007 002c buffer : R.E.C.N.E.X.6. 00003c smb_io_dom_sid2 sid_ptr[0] 003c num_auths: 00000004 000040 smb_io_dom_sid sid 0040 sid_rev_num: 01 0041 num_auths : 04 0042 id_auth[0] : 00 0043 id_auth[1] : 00 0044 id_auth[2] : 00 0045 id_auth[3] : 00 0046 id_auth[4] : 00 0047 id_auth[5] : 05 0048 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000058 lsa_io_trans_names names 0058 num_entries : 00000001 005c ptr_trans_names: 00020010 0060 num_entries2 : 00000001 000064 lsa_io_trans_name name[0] 0064 sid_name_use: 0002 000068 smb_io_unihdr hdr_name 0068 uni_str_len: 0008 006a uni_max_len: 0008 006c buffer : 00020014 0070 domain_idx : 00000000 000074 smb_io_unistr2 name[0] 0074 uni_max_len: 00000004 0078 offset : 00000000 007c uni_str_len: 00000004 0080 buffer : N.o.n.e. 0088 mapped_count: 00000001 008c status : NT_STATUS_OK init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000001 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 01 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 01 0030 sub_auths : 00000000 000034 lsa_io_trans_names names 0034 num_entries : 00000000 0038 ptr_trans_names: 00000000 003c level: 0001 0040 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=107 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 05 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. [030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... [040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ [050] 01 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,178) write_socket(5,178) wrote 178 got smb length of 200 size=200 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 144 (0x90) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=145 [000] 00 05 00 02 03 10 00 00 00 90 00 00 00 05 00 00 ........ ........ [010] 00 78 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .x...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 00 00 02 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 01 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ [050] 01 01 00 00 00 10 00 02 00 01 00 00 00 05 00 00 ........ ........ [060] 00 10 00 12 00 14 00 02 00 00 00 00 00 09 00 00 ........ ........ [070] 00 00 00 00 00 08 00 00 00 45 00 76 00 65 00 72 ........ .E.v.e.r [080] 00 79 00 6F 00 6E 00 65 00 01 00 00 00 00 00 00 .y.o.n.e ........ [090] 00 . size=200 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 144 (0x90) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 144 (0x90) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=145 [000] 00 05 00 02 03 10 00 00 00 90 00 00 00 05 00 00 ........ ........ [010] 00 78 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .x...... ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 00 00 02 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 01 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ [050] 01 01 00 00 00 10 00 02 00 01 00 00 00 05 00 00 ........ ........ [060] 00 10 00 12 00 14 00 02 00 00 00 00 00 09 00 00 ........ ........ [070] 00 00 00 00 00 08 00 00 00 45 00 76 00 65 00 72 ........ .E.v.e.r [080] 00 79 00 6F 00 6E 00 65 00 01 00 00 00 00 00 00 .y.o.n.e ........ [090] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0090 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000078 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 144, data_len 120, ss_len 0 rpc_api_pipe: got PDU len of 144 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 240 bytes. 000000 lsa_io_r_lookup_sids 0000 ptr_dom_ref: 00020000 000004 lsa_io_dom_r_ref dom_ref 0004 num_ref_doms_1: 00000001 0008 ptr_ref_dom : 00020004 000c max_entries : 00000020 0010 num_ref_doms_2: 00000001 000014 smb_io_unihdr dom_ref[0] 0014 uni_str_len: 0000 0016 uni_max_len: 0002 0018 buffer : 00020008 001c sid_ptr[0] : 0002000c 000020 smb_io_unistr2 dom_ref[0] 0020 uni_max_len: 00000001 0024 offset : 00000000 0028 uni_str_len: 00000000 00002c smb_io_dom_sid2 sid_ptr[0] 002c num_auths: 00000000 000030 smb_io_dom_sid sid 0030 sid_rev_num: 01 0031 num_auths : 00 0032 id_auth[0] : 00 0033 id_auth[1] : 00 0034 id_auth[2] : 00 0035 id_auth[3] : 00 0036 id_auth[4] : 00 0037 id_auth[5] : 01 0038 sub_auths : 000038 lsa_io_trans_names names 0038 num_entries : 00000001 003c ptr_trans_names: 00020010 0040 num_entries2 : 00000001 000044 lsa_io_trans_name name[0] 0044 sid_name_use: 0005 000048 smb_io_unihdr hdr_name 0048 uni_str_len: 0010 004a uni_max_len: 0012 004c buffer : 00020014 0050 domain_idx : 00000000 000054 smb_io_unistr2 name[0] 0054 uni_max_len: 00000009 0058 offset : 00000000 005c uni_str_len: 00000008 0060 buffer : E.v.e.r.y.o.n.e. 0070 mapped_count: 00000001 0074 status : NT_STATUS_OK init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000002 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 02 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000020 00000220 000038 lsa_io_trans_names names 0038 num_entries : 00000000 003c ptr_trans_names: 00000000 0040 level: 0001 0044 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=111 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 06 00 00 00 48 .......` .......H [020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. [030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... [040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ [050] 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 ....... ... .... [060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... write_socket(5,182) write_socket(5,182) wrote 182 got smb length of 232 size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [000] 00 05 00 02 03 10 00 00 00 B0 00 00 00 06 00 00 ........ ........ [010] 00 98 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I [050] 00 4E 00 00 00 01 00 00 00 01 01 00 00 00 00 00 .N...... ........ [060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ [070] 00 04 00 00 00 1C 00 1C 00 14 00 02 00 00 00 00 ........ ........ [080] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 41 00 64 ........ .....A.d [090] 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 .m.i.n.i .s.t.r.a [0A0] 00 74 00 6F 00 72 00 73 00 01 00 00 00 00 00 00 .t.o.r.s ........ [0B0] 00 . size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [000] 00 05 00 02 03 10 00 00 00 B0 00 00 00 06 00 00 ........ ........ [010] 00 98 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I [050] 00 4E 00 00 00 01 00 00 00 01 01 00 00 00 00 00 .N...... ........ [060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ [070] 00 04 00 00 00 1C 00 1C 00 14 00 02 00 00 00 00 ........ ........ [080] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 41 00 64 ........ .....A.d [090] 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 .m.i.n.i .s.t.r.a [0A0] 00 74 00 6F 00 72 00 73 00 01 00 00 00 00 00 00 .t.o.r.s ........ [0B0] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00b0 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000098 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 176, data_len 152, ss_len 0 rpc_api_pipe: got PDU len of 176 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 304 bytes. 000000 lsa_io_r_lookup_sids 0000 ptr_dom_ref: 00020000 000004 lsa_io_dom_r_ref dom_ref 0004 num_ref_doms_1: 00000001 0008 ptr_ref_dom : 00020004 000c max_entries : 00000020 0010 num_ref_doms_2: 00000001 000014 smb_io_unihdr dom_ref[0] 0014 uni_str_len: 000e 0016 uni_max_len: 0010 0018 buffer : 00020008 001c sid_ptr[0] : 0002000c 000020 smb_io_unistr2 dom_ref[0] 0020 uni_max_len: 00000008 0024 offset : 00000000 0028 uni_str_len: 00000007 002c buffer : B.U.I.L.T.I.N. 00003c smb_io_dom_sid2 sid_ptr[0] 003c num_auths: 00000001 000040 smb_io_dom_sid sid 0040 sid_rev_num: 01 0041 num_auths : 01 0042 id_auth[0] : 00 0043 id_auth[1] : 00 0044 id_auth[2] : 00 0045 id_auth[3] : 00 0046 id_auth[4] : 00 0047 id_auth[5] : 05 0048 sub_auths : 00000020 00004c lsa_io_trans_names names 004c num_entries : 00000001 0050 ptr_trans_names: 00020010 0054 num_entries2 : 00000001 000058 lsa_io_trans_name name[0] 0058 sid_name_use: 0004 00005c smb_io_unihdr hdr_name 005c uni_str_len: 001c 005e uni_max_len: 001c 0060 buffer : 00020014 0064 domain_idx : 00000000 000068 smb_io_unistr2 name[0] 0068 uni_max_len: 0000000e 006c offset : 00000000 0070 uni_str_len: 0000000e 0074 buffer : A.d.m.i.n.i.s.t.r.a.t.o.r.s. 0090 mapped_count: 00000001 0094 status : NT_STATUS_OK init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000001 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 01 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000012 000034 lsa_io_trans_names names 0034 num_entries : 00000000 0038 ptr_trans_names: 00000000 003c level: 0001 0040 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=107 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 07 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. [030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... [040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ [050] 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,178) write_socket(5,178) wrote 178 got smb length of 220 size=220 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 164 (0xA4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 164 (0xA4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=165 [000] 00 05 00 02 03 10 00 00 00 A4 00 00 00 07 00 00 ........ ........ [010] 00 8C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 18 00 1A ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 0D 00 00 00 00 00 00 ........ ........ [040] 00 0C 00 00 00 4E 00 54 00 20 00 41 00 55 00 54 .....N.T . .A.U.T [050] 00 48 00 4F 00 52 00 49 00 54 00 59 00 00 00 00 .H.O.R.I .T.Y.... [060] 00 01 00 00 00 00 00 00 05 01 00 00 00 10 00 02 ........ ........ [070] 00 01 00 00 00 05 00 00 00 0C 00 0E 00 14 00 02 ........ ........ [080] 00 00 00 00 00 07 00 00 00 00 00 00 00 06 00 00 ........ ........ [090] 00 53 00 59 00 53 00 54 00 45 00 4D 00 01 00 00 .S.Y.S.T .E.M.... [0A0] 00 00 00 00 00 ..... size=220 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 164 (0xA4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 164 (0xA4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=165 [000] 00 05 00 02 03 10 00 00 00 A4 00 00 00 07 00 00 ........ ........ [010] 00 8C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 18 00 1A ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 0D 00 00 00 00 00 00 ........ ........ [040] 00 0C 00 00 00 4E 00 54 00 20 00 41 00 55 00 54 .....N.T . .A.U.T [050] 00 48 00 4F 00 52 00 49 00 54 00 59 00 00 00 00 .H.O.R.I .T.Y.... [060] 00 01 00 00 00 00 00 00 05 01 00 00 00 10 00 02 ........ ........ [070] 00 01 00 00 00 05 00 00 00 0C 00 0E 00 14 00 02 ........ ........ [080] 00 00 00 00 00 07 00 00 00 00 00 00 00 06 00 00 ........ ........ [090] 00 53 00 59 00 53 00 54 00 45 00 4D 00 01 00 00 .S.Y.S.T .E.M.... [0A0] 00 00 00 00 00 ..... 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a4 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0000008c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 164, data_len 140, ss_len 0 rpc_api_pipe: got PDU len of 164 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 280 bytes. 000000 lsa_io_r_lookup_sids 0000 ptr_dom_ref: 00020000 000004 lsa_io_dom_r_ref dom_ref 0004 num_ref_doms_1: 00000001 0008 ptr_ref_dom : 00020004 000c max_entries : 00000020 0010 num_ref_doms_2: 00000001 000014 smb_io_unihdr dom_ref[0] 0014 uni_str_len: 0018 0016 uni_max_len: 001a 0018 buffer : 00020008 001c sid_ptr[0] : 0002000c 000020 smb_io_unistr2 dom_ref[0] 0020 uni_max_len: 0000000d 0024 offset : 00000000 0028 uni_str_len: 0000000c 002c buffer : N.T. .A.U.T.H.O.R.I.T.Y. 000044 smb_io_dom_sid2 sid_ptr[0] 0044 num_auths: 00000000 000048 smb_io_dom_sid sid 0048 sid_rev_num: 01 0049 num_auths : 00 004a id_auth[0] : 00 004b id_auth[1] : 00 004c id_auth[2] : 00 004d id_auth[3] : 00 004e id_auth[4] : 00 004f id_auth[5] : 05 0050 sub_auths : 000050 lsa_io_trans_names names 0050 num_entries : 00000001 0054 ptr_trans_names: 00020010 0058 num_entries2 : 00000001 00005c lsa_io_trans_name name[0] 005c sid_name_use: 0005 000060 smb_io_unihdr hdr_name 0060 uni_str_len: 000c 0062 uni_max_len: 000e 0064 buffer : 00020014 0068 domain_idx : 00000000 00006c smb_io_unistr2 name[0] 006c uni_max_len: 00000007 0070 offset : 00000000 0074 uni_str_len: 00000006 0078 buffer : S.Y.S.T.E.M. 0084 mapped_count: 00000001 0088 status : NT_STATUS_OK init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000008 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 08 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. [030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 224 size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 08 00 00 ........ ........ [010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X [050] 00 36 00 4F 00 04 00 00 00 01 04 00 00 00 00 00 .6.O.... ........ [060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ [080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ [090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r [0A0] 00 01 00 00 00 00 00 00 00 ........ . size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 08 00 00 ........ ........ [010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X [050] 00 36 00 4F 00 04 00 00 00 01 04 00 00 00 00 00 .6.O.... ........ [060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ [080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ [090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r [0A0] 00 01 00 00 00 00 00 00 00 ........ . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a8 000a auth_len : 0000 000c call_id : 00000008 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000090 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 168, data_len 144, ss_len 0 rpc_api_pipe: got PDU len of 168 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 288 bytes. 000000 lsa_io_r_lookup_sids 0000 ptr_dom_ref: 00020000 000004 lsa_io_dom_r_ref dom_ref 0004 num_ref_doms_1: 00000001 0008 ptr_ref_dom : 00020004 000c max_entries : 00000020 0010 num_ref_doms_2: 00000001 000014 smb_io_unihdr dom_ref[0] 0014 uni_str_len: 000e 0016 uni_max_len: 0010 0018 buffer : 00020008 001c sid_ptr[0] : 0002000c 000020 smb_io_unistr2 dom_ref[0] 0020 uni_max_len: 00000008 0024 offset : 00000000 0028 uni_str_len: 00000007 002c buffer : R.E.C.N.E.X.6. 00003c smb_io_dom_sid2 sid_ptr[0] 003c num_auths: 00000004 000040 smb_io_dom_sid sid 0040 sid_rev_num: 01 0041 num_auths : 04 0042 id_auth[0] : 00 0043 id_auth[1] : 00 0044 id_auth[2] : 00 0045 id_auth[3] : 00 0046 id_auth[4] : 00 0047 id_auth[5] : 05 0048 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000058 lsa_io_trans_names names 0058 num_entries : 00000001 005c ptr_trans_names: 00020010 0060 num_entries2 : 00000001 000064 lsa_io_trans_name name[0] 0064 sid_name_use: 0001 000068 smb_io_unihdr hdr_name 0068 uni_str_len: 0008 006a uni_max_len: 0008 006c buffer : 00020014 0070 domain_idx : 00000000 000074 smb_io_unistr2 name[0] 0074 uni_max_len: 00000004 0078 offset : 00000000 007c uni_str_len: 00000004 0080 buffer : u.s.e.r. 0088 mapped_count: 00000001 008c status : NT_STATUS_OK init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 00000000 000004 smb_io_uuid uuid 0004 data : 64d5ed43 0008 data : 0b8e 000a data : 41dc 000c data : a3 6d 000e data : 88 f3 3d bc 73 a9 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000002 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 02 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000020 00000221 000038 lsa_io_trans_names names 0038 num_entries : 00000000 003c ptr_trans_names: 00000000 0040 level: 0001 0044 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000009 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=111 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 09 00 00 00 48 .......` .......H [020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. [030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... [040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ [050] 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 ....... ...!.... [060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... write_socket(5,182) write_socket(5,182) wrote 182 got smb length of 216 size=216 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 160 (0xA0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=161 [000] 00 05 00 02 03 10 00 00 00 A0 00 00 00 09 00 00 ........ ........ [010] 00 88 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I [050] 00 4E 00 4F 00 01 00 00 00 01 01 00 00 00 00 00 .N.O.... ........ [060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ [070] 00 04 00 00 00 0A 00 0A 00 14 00 02 00 00 00 00 ........ ........ [080] 00 05 00 00 00 00 00 00 00 05 00 00 00 55 00 73 ........ .....U.s [090] 00 65 00 72 00 73 00 00 00 01 00 00 00 00 00 00 .e.r.s.. ........ [0A0] 00 . size=216 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 160 (0xA0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=161 [000] 00 05 00 02 03 10 00 00 00 A0 00 00 00 09 00 00 ........ ........ [010] 00 88 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ [030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ [040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I [050] 00 4E 00 4F 00 01 00 00 00 01 01 00 00 00 00 00 .N.O.... ........ [060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ [070] 00 04 00 00 00 0A 00 0A 00 14 00 02 00 00 00 00 ........ ........ [080] 00 05 00 00 00 00 00 00 00 05 00 00 00 55 00 73 ........ .....U.s [090] 00 65 00 72 00 73 00 00 00 01 00 00 00 00 00 00 .e.r.s.. ........ [0A0] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000009 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000088 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 cli_pipe_validate_current_pdu: got pdu len 160, data_len 136, ss_len 0 rpc_api_pipe: got PDU len of 160 at offset 0 rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 272 bytes. 000000 lsa_io_r_lookup_sids 0000 ptr_dom_ref: 00020000 000004 lsa_io_dom_r_ref dom_ref 0004 num_ref_doms_1: 00000001 0008 ptr_ref_dom : 00020004 000c max_entries : 00000020 0010 num_ref_doms_2: 00000001 000014 smb_io_unihdr dom_ref[0] 0014 uni_str_len: 000e 0016 uni_max_len: 0010 0018 buffer : 00020008 001c sid_ptr[0] : 0002000c 000020 smb_io_unistr2 dom_ref[0] 0020 uni_max_len: 00000008 0024 offset : 00000000 0028 uni_str_len: 00000007 002c buffer : B.U.I.L.T.I.N. 00003c smb_io_dom_sid2 sid_ptr[0] 003c num_auths: 00000001 000040 smb_io_dom_sid sid 0040 sid_rev_num: 01 0041 num_auths : 01 0042 id_auth[0] : 00 0043 id_auth[1] : 00 0044 id_auth[2] : 00 0045 id_auth[3] : 00 0046 id_auth[4] : 00 0047 id_auth[5] : 05 0048 sub_auths : 00000020 00004c lsa_io_trans_names names 004c num_entries : 00000001 0050 ptr_trans_names: 00020010 0054 num_entries2 : 00000001 000058 lsa_io_trans_name name[0] 0058 sid_name_use: 0004 00005c smb_io_unihdr hdr_name 005c uni_str_len: 000a 005e uni_max_len: 000a 0060 buffer : 00020014 0064 domain_idx : 00000000 000068 smb_io_unistr2 name[0] 0068 uni_max_len: 00000005 006c offset : 00000000 0070 uni_str_len: 00000005 0074 buffer : U.s.e.r.s. 0080 mapped_count: 00000001 0084 status : NT_STATUS_OK smbc_stat(smb://172.17.8.186/demo/code/array.c) smbc_getatr: sending qpathinfo size=102 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=9 smt_wct=15 smb_vwv[ 0]= 34 (0x22) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]= 4356 (0x1104) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 34 (0x22) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 102 (0x66) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=37 [000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d [010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. [020] 00 63 00 00 00 .c... write_socket(3,106) write_socket(3,106) wrote 106 got smb length of 168 size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . smbc_getxattr(smb://172.17.8.186/demo/code/array.c, system.nt_sec_desc.owner+) write_socket(3,116) write_socket(3,116) wrote 116 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=10752 (0x2A00) smb_vwv[ 6]=38908 (0x97FC) smb_vwv[ 7]=22383 (0x576F) smb_vwv[ 8]=51321 (0xC879) smb_vwv[ 9]=59905 (0xEA01) smb_vwv[10]= 9159 (0x23C7) smb_vwv[11]=18077 (0x469D) smb_vwv[12]=51394 (0xC8C2) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=22416 (0x5790) smb_vwv[15]=11576 (0x2D38) smb_vwv[16]=51299 (0xC863) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=58503 (0xE487) smb_vwv[19]=16915 (0x4213) smb_vwv[20]=51328 (0xC880) smb_vwv[21]= 8193 (0x2001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 288 (0x120) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 2560 (0xA00) smb_vwv[28]= 275 (0x113) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 0 (0x0) smb_bcc=0 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=11 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 256 (0x100) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [000] 00 00 00 01 40 00 00 07 00 00 00 ....@... ... write_socket(3,88) write_socket(3,88) wrote 88 got smb length of 284 size=284 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=11 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=53248 (0xD000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18432 (0x4800) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53248 (0xD000) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19456 (0x4C00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=213 [000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. [010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ [020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... [050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ [060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ [070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ [090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... [0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S [0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ [0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [0D0] 00 21 02 00 00 .!... size=284 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=11 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=53248 (0xD000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18432 (0x4800) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53248 (0xD000) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19456 (0x4C00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=213 [000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. [010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ [020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... [050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ [060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ [070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ [090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... [0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S [0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ [0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [0D0] 00 21 02 00 00 .!... 000000 sec_io_desc sd data 0000 revision : 0001 0002 type : 8404 0004 off_owner_sid: 00000014 0008 off_grp_sid : 00000030 000c off_sacl : 00000000 0010 off_dacl : 0000004c 000014 smb_io_dom_sid owner_sid 0014 sid_rev_num: 01 0015 num_auths : 05 0016 id_auth[0] : 00 0017 id_auth[1] : 00 0018 id_auth[2] : 00 0019 id_auth[3] : 00 001a id_auth[4] : 00 001b id_auth[5] : 05 001c sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000030 smb_io_dom_sid group_sid 0030 sid_rev_num: 01 0031 num_auths : 05 0032 id_auth[0] : 00 0033 id_auth[1] : 00 0034 id_auth[2] : 00 0035 id_auth[3] : 00 0036 id_auth[4] : 00 0037 id_auth[5] : 05 0038 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 00004c sec_io_acl dacl 004c revision: 0002 004e size : 0084 0050 num_aces : 00000005 000054 sec_io_ace ace_list[00]: 0054 type : 00 0055 flags: 10 0056 size : 0014 0058 access_mask: 001301bf 00005c smb_io_dom_sid trustee 005c sid_rev_num: 01 005d num_auths : 01 005e id_auth[0] : 00 005f id_auth[1] : 00 0060 id_auth[2] : 00 0061 id_auth[3] : 00 0062 id_auth[4] : 00 0063 id_auth[5] : 01 0064 sub_auths : 00000000 000068 sec_io_ace ace_list[01]: 0068 type : 00 0069 flags: 10 006a size : 0018 006c access_mask: 001f01ff 000070 smb_io_dom_sid trustee 0070 sid_rev_num: 01 0071 num_auths : 02 0072 id_auth[0] : 00 0073 id_auth[1] : 00 0074 id_auth[2] : 00 0075 id_auth[3] : 00 0076 id_auth[4] : 00 0077 id_auth[5] : 05 0078 sub_auths : 00000020 00000220 000080 sec_io_ace ace_list[02]: 0080 type : 00 0081 flags: 10 0082 size : 0014 0084 access_mask: 001f01ff 000088 smb_io_dom_sid trustee 0088 sid_rev_num: 01 0089 num_auths : 01 008a id_auth[0] : 00 008b id_auth[1] : 00 008c id_auth[2] : 00 008d id_auth[3] : 00 008e id_auth[4] : 00 008f id_auth[5] : 05 0090 sub_auths : 00000012 000094 sec_io_ace ace_list[03]: 0094 type : 00 0095 flags: 10 0096 size : 0024 0098 access_mask: 001f01ff 00009c smb_io_dom_sid trustee 009c sid_rev_num: 01 009d num_auths : 05 009e id_auth[0] : 00 009f id_auth[1] : 00 00a0 id_auth[2] : 00 00a1 id_auth[3] : 00 00a2 id_auth[4] : 00 00a3 id_auth[5] : 05 00a4 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 0000b8 sec_io_ace ace_list[04]: 00b8 type : 00 00b9 flags: 10 00ba size : 0018 00bc access_mask: 001200a9 0000c0 smb_io_dom_sid trustee 00c0 sid_rev_num: 01 00c1 num_auths : 02 00c2 id_auth[0] : 00 00c3 id_auth[1] : 00 00c4 id_auth[2] : 00 00c5 id_auth[3] : 00 00c6 id_auth[4] : 00 00c7 id_auth[5] : 05 00c8 sub_auths : 00000020 00000221 write_socket(3,45) write_socket(3,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=12 smt_wct=0 smb_bcc=0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 0000000a 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 0A 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0A 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0A 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 0000000a 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 0000000b 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 0B 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C 01 02 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0B 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0B 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 0000000b 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000001 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 01 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 01 0030 sub_auths : 00000000 000034 lsa_io_trans_names names 0034 num_entries : 00000000 0038 ptr_trans_names: 00000000 003c level: 0001 0040 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 0000000c 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=107 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 0C 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ [050] 01 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,178) write_socket(5,178) wrote 178 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0C 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0C 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 0000000c 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000002 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 02 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000020 00000220 000038 lsa_io_trans_names names 0038 num_entries : 00000000 003c ptr_trans_names: 00000000 0040 level: 0001 0044 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 0000000d 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=111 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 0D 00 00 00 48 .......` .......H [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ [050] 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 ....... ... .... [060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... write_socket(5,182) write_socket(5,182) wrote 182 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0D 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0D 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 0000000d 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000001 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 01 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000012 000034 lsa_io_trans_names names 0034 num_entries : 00000000 0038 ptr_trans_names: 00000000 003c level: 0001 0040 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 0000000e 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=107 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 0E 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ [050] 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,178) write_socket(5,178) wrote 178 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0E 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0E 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 0000000e 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 0000000f 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 0F 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0F 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0F 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 0000000f 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000002 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 02 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000020 00000221 000038 lsa_io_trans_names names 0038 num_entries : 00000000 003c ptr_trans_names: 00000000 0040 level: 0001 0044 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000010 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=21 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=111 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 10 00 00 00 48 .......` .......H [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ [050] 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 ....... ...!.... [060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... write_socket(5,182) write_socket(5,182) wrote 182 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 10 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 10 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000010 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 smbc_stat(smb://172.17.8.186/demo/code/array.c) smbc_getatr: sending qpathinfo size=102 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=13 smt_wct=15 smb_vwv[ 0]= 34 (0x22) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]= 4356 (0x1104) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 34 (0x22) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 102 (0x66) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=37 [000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d [010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. [020] 00 63 00 00 00 .c... write_socket(3,106) write_socket(3,106) wrote 106 got smb length of 168 size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . smbc_stat(smb://172.17.8.186/demo/code/array.c) smbc_getatr: sending qpathinfo size=102 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=14 smt_wct=15 smb_vwv[ 0]= 34 (0x22) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]= 4356 (0x1104) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 34 (0x22) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 102 (0x66) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=37 [000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d [010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. [020] 00 63 00 00 00 .c... write_socket(3,106) write_socket(3,106) wrote 106 got smb length of 168 size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . smbc_stat(smb://172.17.8.186/demo/code/array.c) smbc_getatr: sending qpathinfo size=102 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=15 smt_wct=15 smb_vwv[ 0]= 34 (0x22) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]= 4356 (0x1104) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 34 (0x22) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 102 (0x66) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=37 [000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d [010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. [020] 00 63 00 00 00 .c... write_socket(3,106) write_socket(3,106) wrote 106 got smb length of 168 size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . size=168 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# [010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... [020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . [030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d [050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e [060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c [070] 00 . smbc_getxattr(smb://172.17.8.186/demo/code/array.c, system.nt_sec_desc.owner+) write_socket(3,116) write_socket(3,116) wrote 116 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=16 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=10752 (0x2A00) smb_vwv[ 6]=38908 (0x97FC) smb_vwv[ 7]=22383 (0x576F) smb_vwv[ 8]=51321 (0xC879) smb_vwv[ 9]=59905 (0xEA01) smb_vwv[10]= 9159 (0x23C7) smb_vwv[11]=18077 (0x469D) smb_vwv[12]=51394 (0xC8C2) smb_vwv[13]=32769 (0x8001) smb_vwv[14]=22416 (0x5790) smb_vwv[15]=11576 (0x2D38) smb_vwv[16]=51299 (0xC863) smb_vwv[17]=32769 (0x8001) smb_vwv[18]=58503 (0xE487) smb_vwv[19]=16915 (0x4213) smb_vwv[20]=51328 (0xC880) smb_vwv[21]= 8193 (0x2001) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 288 (0x120) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 2560 (0xA00) smb_vwv[28]= 275 (0x113) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 0 (0x0) smb_vwv[32]= 0 (0x0) smb_vwv[33]= 0 (0x0) smb_bcc=0 size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=17 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 256 (0x100) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]=21504 (0x5400) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [000] 00 00 00 02 40 00 00 07 00 00 00 ....@... ... write_socket(3,88) write_socket(3,88) wrote 88 got smb length of 284 size=284 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=17 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=53248 (0xD000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18432 (0x4800) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53248 (0xD000) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19456 (0x4C00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=213 [000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. [010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ [020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... [050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ [060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ [070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ [090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... [0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S [0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ [0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [0D0] 00 21 02 00 00 .!... size=284 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=17 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=53248 (0xD000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18432 (0x4800) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53248 (0xD000) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19456 (0x4C00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=213 [000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. [010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ [020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. [030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... [050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ [060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ [070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ [090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... [0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S [0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ [0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. [0D0] 00 21 02 00 00 .!... 000000 sec_io_desc sd data 0000 revision : 0001 0002 type : 8404 0004 off_owner_sid: 00000014 0008 off_grp_sid : 00000030 000c off_sacl : 00000000 0010 off_dacl : 0000004c 000014 smb_io_dom_sid owner_sid 0014 sid_rev_num: 01 0015 num_auths : 05 0016 id_auth[0] : 00 0017 id_auth[1] : 00 0018 id_auth[2] : 00 0019 id_auth[3] : 00 001a id_auth[4] : 00 001b id_auth[5] : 05 001c sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000030 smb_io_dom_sid group_sid 0030 sid_rev_num: 01 0031 num_auths : 05 0032 id_auth[0] : 00 0033 id_auth[1] : 00 0034 id_auth[2] : 00 0035 id_auth[3] : 00 0036 id_auth[4] : 00 0037 id_auth[5] : 05 0038 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 00004c sec_io_acl dacl 004c revision: 0002 004e size : 0084 0050 num_aces : 00000005 000054 sec_io_ace ace_list[00]: 0054 type : 00 0055 flags: 10 0056 size : 0014 0058 access_mask: 001301bf 00005c smb_io_dom_sid trustee 005c sid_rev_num: 01 005d num_auths : 01 005e id_auth[0] : 00 005f id_auth[1] : 00 0060 id_auth[2] : 00 0061 id_auth[3] : 00 0062 id_auth[4] : 00 0063 id_auth[5] : 01 0064 sub_auths : 00000000 000068 sec_io_ace ace_list[01]: 0068 type : 00 0069 flags: 10 006a size : 0018 006c access_mask: 001f01ff 000070 smb_io_dom_sid trustee 0070 sid_rev_num: 01 0071 num_auths : 02 0072 id_auth[0] : 00 0073 id_auth[1] : 00 0074 id_auth[2] : 00 0075 id_auth[3] : 00 0076 id_auth[4] : 00 0077 id_auth[5] : 05 0078 sub_auths : 00000020 00000220 000080 sec_io_ace ace_list[02]: 0080 type : 00 0081 flags: 10 0082 size : 0014 0084 access_mask: 001f01ff 000088 smb_io_dom_sid trustee 0088 sid_rev_num: 01 0089 num_auths : 01 008a id_auth[0] : 00 008b id_auth[1] : 00 008c id_auth[2] : 00 008d id_auth[3] : 00 008e id_auth[4] : 00 008f id_auth[5] : 05 0090 sub_auths : 00000012 000094 sec_io_ace ace_list[03]: 0094 type : 00 0095 flags: 10 0096 size : 0024 0098 access_mask: 001f01ff 00009c smb_io_dom_sid trustee 009c sid_rev_num: 01 009d num_auths : 05 009e id_auth[0] : 00 009f id_auth[1] : 00 00a0 id_auth[2] : 00 00a1 id_auth[3] : 00 00a2 id_auth[4] : 00 00a3 id_auth[5] : 05 00a4 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 0000b8 sec_io_ace ace_list[04]: 00b8 type : 00 00b9 flags: 10 00ba size : 0018 00bc access_mask: 001200a9 0000c0 smb_io_dom_sid trustee 00c0 sid_rev_num: 01 00c1 num_auths : 02 00c2 id_auth[0] : 00 00c3 id_auth[1] : 00 00c4 id_auth[2] : 00 00c5 id_auth[3] : 00 00c6 id_auth[4] : 00 00c7 id_auth[5] : 05 00c8 sub_auths : 00000020 00000221 write_socket(3,45) write_socket(3,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=18 smt_wct=0 smb_bcc=0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000011 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 11 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 11 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 11 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000011 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000012 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 12 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C 01 02 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 12 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 12 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000012 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000001 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 01 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 01 0030 sub_auths : 00000000 000034 lsa_io_trans_names names 0034 num_entries : 00000000 0038 ptr_trans_names: 00000000 003c level: 0001 0040 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000013 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=107 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 13 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ [050] 01 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,178) write_socket(5,178) wrote 178 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 13 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 13 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000013 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000002 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 02 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000020 00000220 000038 lsa_io_trans_names names 0038 num_entries : 00000000 003c ptr_trans_names: 00000000 0040 level: 0001 0044 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000014 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=25 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=111 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 14 00 00 00 48 .......` .......H [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ [050] 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 ....... ... .... [060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... write_socket(5,182) write_socket(5,182) wrote 182 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 14 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 14 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000014 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000001 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 01 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000012 000034 lsa_io_trans_names names 0034 num_entries : 00000000 0038 ptr_trans_names: 00000000 003c level: 0001 0040 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000015 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=26 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=107 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 15 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ [050] 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,178) write_socket(5,178) wrote 178 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=26 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 15 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=26 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 15 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000015 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000005 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 05 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb 000044 lsa_io_trans_names names 0044 num_entries : 00000000 0048 ptr_trans_names: 00000000 004c level: 0001 0050 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000016 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=27 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=123 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 16 00 00 00 54 .......l .......T [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ [050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 [060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ [070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... write_socket(5,194) write_socket(5,194) wrote 194 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 16 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 16 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000016 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 init_q_lookup_sids init_lsa_sid_enum 000000 lsa_io_q_lookup_sids 000000 smb_io_pol_hnd pol_hnd 0000 handle_type: 0001130a 000004 smb_io_uuid uuid 0004 data : 00000000 0008 data : 0000 000a data : 0000 000c data : 00 00 000e data : 00 00 ab 1f d1 47 000014 lsa_io_sid_enum sids 0014 num_entries : 00000001 0018 ptr_sid_enum: 00000001 001c num_entries2: 00000001 0020 ptr_sid[0]: 00000001 000024 smb_io_dom_sid2 sid[0] 0024 num_auths: 00000002 000028 smb_io_dom_sid sid 0028 sid_rev_num: 01 0029 num_auths : 02 002a id_auth[0] : 00 002b id_auth[1] : 00 002c id_auth[2] : 00 002d id_auth[3] : 00 002e id_auth[4] : 00 002f id_auth[5] : 05 0030 sub_auths : 00000020 00000221 000038 lsa_io_trans_names names 0038 num_entries : 00000000 003c ptr_trans_names: 00000000 0040 level: 0001 0044 mapped_count: 00000000 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000017 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=28 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=111 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 17 00 00 00 48 .......` .......H [020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... [040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ [050] 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 ....... ...!.... [060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... write_socket(5,182) write_socket(5,182) wrote 182 got smb length of 88 size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=28 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 17 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=11668 smb_uid=2048 smb_mid=28 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [000] 00 05 00 03 03 10 00 00 00 20 00 00 00 17 00 00 ........ . ...... [010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ [020] 00 . 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000017 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH 001c reserved: 00000000 cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! rpc_api_pipe: got PDU len of 32 at offset 0 OWNER NAME: RECNEX6\user OWNER NAME: S-1-5-21-492036708-225502263-2630866030-1003 OWNER NAME: S-1-5-21-492036708-225502263-2630866030-1003