The Samba-Bugzilla – Attachment 3329 Details for
Bug 5475
SID to owner name mapping fails
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
The debug output.
debugop.txt (text/plain), 190.42 KB, created by
Veeral Shah
on 2008-06-03 02:16:31 UTC
(
hide
)
Description:
The debug output.
Filename:
MIME Type:
Creator:
Veeral Shah
Created:
2008-06-03 02:16:31 UTC
Size:
190.42 KB
patch
obsolete
>lp_load: refreshing parameters >Initialising global parameters >params.c:OpenConfFile() - Unable to open configuration file "/home/yogesh/.smb/smb.conf": > No such file or directory >pm_process() returned No >lp_servicenumber: couldn't find homes >set_server_role: role = ROLE_STANDALONE >Attempting to register new charset UCS-2LE >Registered charset UCS-2LE >Attempting to register new charset UTF-16LE >Registered charset UTF-16LE >Attempting to register new charset UCS-2BE >Registered charset UCS-2BE >Attempting to register new charset UTF-16BE >Registered charset UTF-16BE >Attempting to register new charset UTF8 >Registered charset UTF8 >Attempting to register new charset UTF-8 >Registered charset UTF-8 >Attempting to register new charset ASCII >Registered charset ASCII >Attempting to register new charset 646 >Registered charset 646 >Attempting to register new charset ISO-8859-1 >Registered charset ISO-8859-1 >Attempting to register new charset UCS2-HEX >Registered charset UCS2-HEX >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >map_file: Failed to load /usr/local/samba/lib/valid.dat - No such file or directory >creating default valid table >Could not load config file: /home/yogesh/.smb/smb.conf >lp_load: refreshing parameters >params.c:OpenConfFile() - Unable to open configuration file "/usr/local/samba/lib/smb.conf": > No such file or directory >pm_process() returned No >lp_servicenumber: couldn't find homes >set_server_role: role = ROLE_STANDALONE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Could not load config file: /usr/local/samba/lib/smb.conf >added interface ip=172.17.8.208 bcast=172.17.8.255 nmask=255.255.255.0 >Using netbios name YOGESH. >Using workgroup WORKGROUP. >smbc_stat(smb://172.17.8.186/demo/code/array.c) >smbc_server: server_n=[172.17.8.186] server=[172.17.8.186] > -> server_n=[172.17.8.186] server=[172.17.8.186] >Opening cache file at /usr/local/samba/var/locks/gencache.tdb >tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba/var/locks/gencache.tdb: No such file or directory >Attempt to open gencache.tdb has failed. >Connecting to 172.17.8.186 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option TCP_KEEPCNT = 9 >socket option TCP_KEEPIDLE = 7200 >socket option TCP_KEEPINTVL = 75 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 > session request ok >write_socket(3,194) >write_socket(3,194) wrote 194 >got smb length of 85 >size=85 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]= 2563 (0xA03) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 483 (0x1E3) >smb_vwv[11]=51840 (0xCA80) >smb_vwv[12]=18672 (0x48F0) >smb_vwv[13]=16963 (0x4243) >smb_vwv[14]=51397 (0xC8C5) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=16 >[000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. >size=85 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]= 2563 (0xA03) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 483 (0x1E3) >smb_vwv[11]=51840 (0xCA80) >smb_vwv[12]=18672 (0x48F0) >smb_vwv[13]=16963 (0x4243) >smb_vwv[14]=51397 (0xC8C5) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=16 >[000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. >Doing spnego session setup (blob length=16) >server didn't supply a full spnego negprot >write_socket(3,166) >write_socket(3,166) wrote 166 >got smb length of 320 >size=320 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 320 (0x140) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 185 (0xB9) >smb_bcc=277 >[000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ >[010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N >[020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 >[030] 00 00 00 15 82 8A 62 4C 9F FA C4 E2 87 64 AF 00 ......bL .....d.. >[040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... >[050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E >[060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N >[070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C >[080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e >[090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r >[0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... >[0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d >[0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[110] 00 32 00 00 00 .2... >size=320 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 320 (0x140) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 185 (0xB9) >smb_bcc=277 >[000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ >[010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N >[020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 >[030] 00 00 00 15 82 8A 62 4C 9F FA C4 E2 87 64 AF 00 ......bL .....d.. >[040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... >[050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E >[060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N >[070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C >[080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e >[090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r >[0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... >[0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d >[0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[110] 00 32 00 00 00 .2... >Got challenge flags: >Got NTLMSSP neg_flags=0x628a8215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_CHAL_ACCEPT_RESPONSE > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP challenge set by NTLM2 >challenge is: >[000] E1 F3 E4 E1 B5 4B 98 CD .....K.. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >write_socket(3,264) >write_socket(3,264) wrote 264 >got smb length of 144 >size=144 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=101 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[060] 00 32 00 00 00 .2... >size=144 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=101 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[060] 00 32 00 00 00 .2... > session setup ok >write_socket(3,94) >write_socket(3,94) wrote 94 >got smb length of 62 >size=62 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=4 >smt_wct=7 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 62 (0x3E) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 447 (0x1BF) >smb_vwv[ 4]= 19 (0x13) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_bcc=13 >[000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... > tconx ok >Server connect ok: //172.17.8.186/demo: 0x6ab900 >smbc_getatr: sending qpathinfo >size=102 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=5 >smt_wct=15 >smb_vwv[ 0]= 34 (0x22) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]= 4356 (0x1104) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 34 (0x22) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 102 (0x66) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=37 >[000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d >[010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. >[020] 00 63 00 00 00 .c... >write_socket(3,106) >write_socket(3,106) wrote 106 >got smb length of 168 >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >smbc_getxattr(smb://172.17.8.186/demo/code/array.c, system.nt_sec_desc.owner+) >Connecting to host=172.17.8.186 >Opening cache file at /usr/local/samba/var/locks/gencache.tdb >tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba/var/locks/gencache.tdb: No such file or directory >Attempt to open gencache.tdb has failed. >Connecting to 172.17.8.186 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option TCP_KEEPCNT = 9 >socket option TCP_KEEPIDLE = 7200 >socket option TCP_KEEPINTVL = 75 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 85 >size=85 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]= 2563 (0xA03) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 483 (0x1E3) >smb_vwv[11]=32384 (0x7E80) >smb_vwv[12]=19893 (0x4DB5) >smb_vwv[13]=16963 (0x4243) >smb_vwv[14]=51397 (0xC8C5) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=16 >[000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. >size=85 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]= 2563 (0xA03) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 483 (0x1E3) >smb_vwv[11]=32384 (0x7E80) >smb_vwv[12]=19893 (0x4DB5) >smb_vwv[13]=16963 (0x4243) >smb_vwv[14]=51397 (0xC8C5) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=16 >[000] 3F BB 84 D5 02 65 65 40 8F FE 61 5D B7 50 EC C6 ?....ee@ ..a].P.. >Doing spnego session setup (blob length=16) >server didn't supply a full spnego negprot >write_socket(5,166) >write_socket(5,166) wrote 166 >got smb length of 320 >size=320 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 320 (0x140) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 185 (0xB9) >smb_bcc=277 >[000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ >[010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N >[020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 >[030] 00 00 00 15 82 8A 62 88 0B F3 10 22 FA 62 2E 00 ......b. ...".b.. >[040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... >[050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E >[060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N >[070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C >[080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e >[090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r >[0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... >[0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d >[0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[110] 00 32 00 00 00 .2... >size=320 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 320 (0x140) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 185 (0xB9) >smb_bcc=277 >[000] A1 81 B6 30 81 B3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ >[010] 06 01 04 01 82 37 02 02 0A A2 81 9D 04 81 9A 4E .....7.. .......N >[020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 38 TLMSSP.. .......8 >[030] 00 00 00 15 82 8A 62 88 0B F3 10 22 FA 62 2E 00 ......b. ...".b.. >[040] 00 00 00 00 00 00 00 54 00 54 00 46 00 00 00 05 .......T .T.F.... >[050] 02 CE 0E 00 00 00 0F 52 00 45 00 43 00 4E 00 45 .......R .E.C.N.E >[060] 00 58 00 36 00 02 00 0E 00 52 00 45 00 43 00 4E .X.6.... .R.E.C.N >[070] 00 45 00 58 00 36 00 01 00 0E 00 52 00 45 00 43 .E.X.6.. ...R.E.C >[080] 00 4E 00 45 00 58 00 36 00 04 00 0E 00 72 00 65 .N.E.X.6 .....r.e >[090] 00 63 00 6E 00 65 00 78 00 36 00 03 00 0E 00 72 .c.n.e.x .6.....r >[0A0] 00 65 00 63 00 6E 00 65 00 78 00 36 00 06 00 04 .e.c.n.e .x.6.... >[0B0] 00 01 00 00 00 00 00 00 00 57 00 69 00 6E 00 64 ........ .W.i.n.d >[0C0] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[0D0] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[0E0] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[0F0] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[100] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[110] 00 32 00 00 00 .2... >Got challenge flags: >Got NTLMSSP neg_flags=0x628a8215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_CHAL_ACCEPT_RESPONSE > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP challenge set by NTLM2 >challenge is: >[000] 96 9A E9 ED 6C 37 08 09 ....l7.. >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >write_socket(5,264) >write_socket(5,264) wrote 264 >got smb length of 144 >size=144 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=101 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[060] 00 32 00 00 00 .2... >size=144 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=11668 >smb_uid=2048 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=101 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 33 .o.w.s. .X.P. .3 >[020] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v >[030] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[040] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o >[050] 00 77 00 73 00 20 00 58 00 50 00 20 00 35 00 2E .w.s. .X .P. .5.. >[060] 00 32 00 00 00 .2... >write_socket(5,94) >write_socket(5,94) wrote 94 >got smb length of 56 >size=56 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=4 >smt_wct=7 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 56 (0x38) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 511 (0x1FF) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 511 (0x1FF) >smb_vwv[ 6]= 0 (0x0) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >cli_init_creds: user test domain Workgroup >write_socket(5,104) >write_socket(5,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=5 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >Bind RPC Pipe[4000]: \lsarpc auth_type 0, auth_level 0 >Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >write_socket(5,158) >write_socket(5,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 5A AF 0B 00 0C 00 5C 50 49 50 45 .....Z.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 5A AF 0B 00 0C 00 5C 50 49 50 45 .....Z.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 68 bytes. >rpc_pipe_bind: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 000baf5a > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine 172.17.8.186 and bound anonymously. >init_lsa_sec_qos >init_open_pol: attr:0 da:536870912 >init_lsa_obj_attr >000000 lsa_io_q_open_pol > 0000 ptr : 00000001 > 0004 system_name: 005c > 000008 lsa_io_obj_attr > 0008 len : 00000018 > 000c ptr_root_dir: 00000000 > 0010 ptr_obj_name: 00000000 > 0014 attributes : 00000000 > 0018 ptr_sec_desc: 00000000 > 001c ptr_sec_qos : 00000001 > 000020 lsa_io_obj_qos sec_qos > 0020 len : 0000000c > 0024 sec_imp_level : 0002 > 0026 sec_ctxt_mode : 01 > 0027 effective_only: 00 >lsa_io_sec_qos: length c does not match size 8 > 0028 des_access: 20000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000002c > 0014 context_id: 0000 > 0016 opnum : 0006 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=150 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=7 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 68 (0x44) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=83 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., >[020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... >[030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ >[050] 00 00 20 .. >write_socket(5,154) >write_socket(5,154) wrote 154 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 ED D5 ........ .....C.. >[020] 64 8E 0B DC 41 A3 6D 88 F3 3D BC 73 A9 00 00 00 d...A.m. .=.s.... >[030] 00 . >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 ED D5 ........ .....C.. >[020] 64 8E 0B DC 41 A3 6D 88 F3 3D BC 73 A9 00 00 00 d...A.m. .=.s.... >[030] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got PDU len of 48 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 48 bytes. >000000 lsa_io_r_open_pol > 000000 smb_io_pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 0014 status: NT_STATUS_OK >write_socket(3,116) >write_socket(3,116) wrote 116 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=6 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=10752 (0x2A00) >smb_vwv[ 6]=38908 (0x97FC) >smb_vwv[ 7]=22383 (0x576F) >smb_vwv[ 8]=51321 (0xC879) >smb_vwv[ 9]=59905 (0xEA01) >smb_vwv[10]= 9159 (0x23C7) >smb_vwv[11]=18077 (0x469D) >smb_vwv[12]=51394 (0xC8C2) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=22416 (0x5790) >smb_vwv[15]=11576 (0x2D38) >smb_vwv[16]=51299 (0xC863) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=58503 (0xE487) >smb_vwv[19]=16915 (0x4213) >smb_vwv[20]=51328 (0xC880) >smb_vwv[21]= 8193 (0x2001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 288 (0x120) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 2560 (0xA00) >smb_vwv[28]= 275 (0x113) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 0 (0x0) >smb_bcc=0 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=7 >smt_wct=19 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 2048 (0x800) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 256 (0x100) >smb_vwv[ 9]= 2048 (0x800) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=19456 (0x4C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]=21504 (0x5400) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 6 (0x6) >smb_bcc=11 >[000] 00 00 00 00 40 00 00 07 00 00 00 ....@... ... >write_socket(3,88) >write_socket(3,88) wrote 88 >got smb length of 284 >size=284 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=7 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]=53248 (0xD000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18432 (0x4800) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=53248 (0xD000) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=19456 (0x4C00) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=213 >[000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. >[010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ >[020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... >[050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ >[060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ >[070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ >[090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... >[0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S >[0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ >[0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[0D0] 00 21 02 00 00 .!... >size=284 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=7 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]=53248 (0xD000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18432 (0x4800) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=53248 (0xD000) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=19456 (0x4C00) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=213 >[000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. >[010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ >[020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... >[050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ >[060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ >[070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ >[090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... >[0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S >[0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ >[0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[0D0] 00 21 02 00 00 .!... > 000000 sec_io_desc sd data > 0000 revision : 0001 > 0002 type : 8404 > 0004 off_owner_sid: 00000014 > 0008 off_grp_sid : 00000030 > 000c off_sacl : 00000000 > 0010 off_dacl : 0000004c > 000014 smb_io_dom_sid owner_sid > 0014 sid_rev_num: 01 > 0015 num_auths : 05 > 0016 id_auth[0] : 00 > 0017 id_auth[1] : 00 > 0018 id_auth[2] : 00 > 0019 id_auth[3] : 00 > 001a id_auth[4] : 00 > 001b id_auth[5] : 05 > 001c sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000030 smb_io_dom_sid group_sid > 0030 sid_rev_num: 01 > 0031 num_auths : 05 > 0032 id_auth[0] : 00 > 0033 id_auth[1] : 00 > 0034 id_auth[2] : 00 > 0035 id_auth[3] : 00 > 0036 id_auth[4] : 00 > 0037 id_auth[5] : 05 > 0038 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 > 00004c sec_io_acl dacl > 004c revision: 0002 > 004e size : 0084 > 0050 num_aces : 00000005 > 000054 sec_io_ace ace_list[00]: > 0054 type : 00 > 0055 flags: 10 > 0056 size : 0014 > 0058 access_mask: 001301bf > 00005c smb_io_dom_sid trustee > 005c sid_rev_num: 01 > 005d num_auths : 01 > 005e id_auth[0] : 00 > 005f id_auth[1] : 00 > 0060 id_auth[2] : 00 > 0061 id_auth[3] : 00 > 0062 id_auth[4] : 00 > 0063 id_auth[5] : 01 > 0064 sub_auths : 00000000 > 000068 sec_io_ace ace_list[01]: > 0068 type : 00 > 0069 flags: 10 > 006a size : 0018 > 006c access_mask: 001f01ff > 000070 smb_io_dom_sid trustee > 0070 sid_rev_num: 01 > 0071 num_auths : 02 > 0072 id_auth[0] : 00 > 0073 id_auth[1] : 00 > 0074 id_auth[2] : 00 > 0075 id_auth[3] : 00 > 0076 id_auth[4] : 00 > 0077 id_auth[5] : 05 > 0078 sub_auths : 00000020 00000220 > 000080 sec_io_ace ace_list[02]: > 0080 type : 00 > 0081 flags: 10 > 0082 size : 0014 > 0084 access_mask: 001f01ff > 000088 smb_io_dom_sid trustee > 0088 sid_rev_num: 01 > 0089 num_auths : 01 > 008a id_auth[0] : 00 > 008b id_auth[1] : 00 > 008c id_auth[2] : 00 > 008d id_auth[3] : 00 > 008e id_auth[4] : 00 > 008f id_auth[5] : 05 > 0090 sub_auths : 00000012 > 000094 sec_io_ace ace_list[03]: > 0094 type : 00 > 0095 flags: 10 > 0096 size : 0024 > 0098 access_mask: 001f01ff > 00009c smb_io_dom_sid trustee > 009c sid_rev_num: 01 > 009d num_auths : 05 > 009e id_auth[0] : 00 > 009f id_auth[1] : 00 > 00a0 id_auth[2] : 00 > 00a1 id_auth[3] : 00 > 00a2 id_auth[4] : 00 > 00a3 id_auth[5] : 05 > 00a4 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 0000b8 sec_io_ace ace_list[04]: > 00b8 type : 00 > 00b9 flags: 10 > 00ba size : 0018 > 00bc access_mask: 001200a9 > 0000c0 smb_io_dom_sid trustee > 00c0 sid_rev_num: 01 > 00c1 num_auths : 02 > 00c2 id_auth[0] : 00 > 00c3 id_auth[1] : 00 > 00c4 id_auth[2] : 00 > 00c5 id_auth[3] : 00 > 00c6 id_auth[4] : 00 > 00c7 id_auth[5] : 05 > 00c8 sub_auths : 00000020 00000221 >write_socket(3,45) >write_socket(3,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=8 >smt_wct=0 >smb_bcc=0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=8 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 03 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. >[030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 224 >size=224 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=8 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 168 (0xA8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 168 (0xA8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=169 >[000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 03 00 00 ........ ........ >[010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X >[050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ >[060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ >[080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ >[090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r >[0A0] 00 01 00 00 00 00 00 00 00 ........ . >size=224 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=8 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 168 (0xA8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 168 (0xA8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=169 >[000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 03 00 00 ........ ........ >[010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X >[050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ >[060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ >[080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ >[090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r >[0A0] 00 01 00 00 00 00 00 00 00 ........ . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a8 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000090 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 168, data_len 144, ss_len 0 >rpc_api_pipe: got PDU len of 168 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 288 bytes. >000000 lsa_io_r_lookup_sids > 0000 ptr_dom_ref: 00020000 > 000004 lsa_io_dom_r_ref dom_ref > 0004 num_ref_doms_1: 00000001 > 0008 ptr_ref_dom : 00020004 > 000c max_entries : 00000020 > 0010 num_ref_doms_2: 00000001 > 000014 smb_io_unihdr dom_ref[0] > 0014 uni_str_len: 000e > 0016 uni_max_len: 0010 > 0018 buffer : 00020008 > 001c sid_ptr[0] : 0002000c > 000020 smb_io_unistr2 dom_ref[0] > 0020 uni_max_len: 00000008 > 0024 offset : 00000000 > 0028 uni_str_len: 00000007 > 002c buffer : R.E.C.N.E.X.6. > 00003c smb_io_dom_sid2 sid_ptr[0] > 003c num_auths: 00000004 > 000040 smb_io_dom_sid sid > 0040 sid_rev_num: 01 > 0041 num_auths : 04 > 0042 id_auth[0] : 00 > 0043 id_auth[1] : 00 > 0044 id_auth[2] : 00 > 0045 id_auth[3] : 00 > 0046 id_auth[4] : 00 > 0047 id_auth[5] : 05 > 0048 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e > 000058 lsa_io_trans_names names > 0058 num_entries : 00000001 > 005c ptr_trans_names: 00020010 > 0060 num_entries2 : 00000001 > 000064 lsa_io_trans_name name[0] > 0064 sid_name_use: 0001 > 000068 smb_io_unihdr hdr_name > 0068 uni_str_len: 0008 > 006a uni_max_len: 0008 > 006c buffer : 00020014 > 0070 domain_idx : 00000000 > 000074 smb_io_unistr2 name[0] > 0074 uni_max_len: 00000004 > 0078 offset : 00000000 > 007c uni_str_len: 00000004 > 0080 buffer : u.s.e.r. > 0088 mapped_count: 00000001 > 008c status : NT_STATUS_OK >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 04 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. >[030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C 01 02 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 224 >size=224 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 168 (0xA8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 168 (0xA8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=169 >[000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 04 00 00 ........ ........ >[010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X >[050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ >[060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 02 00 00 ........ ........ >[080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ >[090] 00 00 00 00 00 04 00 00 00 4E 00 6F 00 6E 00 65 ........ .N.o.n.e >[0A0] 00 01 00 00 00 00 00 00 00 ........ . >size=224 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 168 (0xA8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 168 (0xA8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=169 >[000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 04 00 00 ........ ........ >[010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X >[050] 00 36 00 02 00 04 00 00 00 01 04 00 00 00 00 00 .6...... ........ >[060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 02 00 00 ........ ........ >[080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ >[090] 00 00 00 00 00 04 00 00 00 4E 00 6F 00 6E 00 65 ........ .N.o.n.e >[0A0] 00 01 00 00 00 00 00 00 00 ........ . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a8 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000090 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 168, data_len 144, ss_len 0 >rpc_api_pipe: got PDU len of 168 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 288 bytes. >000000 lsa_io_r_lookup_sids > 0000 ptr_dom_ref: 00020000 > 000004 lsa_io_dom_r_ref dom_ref > 0004 num_ref_doms_1: 00000001 > 0008 ptr_ref_dom : 00020004 > 000c max_entries : 00000020 > 0010 num_ref_doms_2: 00000001 > 000014 smb_io_unihdr dom_ref[0] > 0014 uni_str_len: 000e > 0016 uni_max_len: 0010 > 0018 buffer : 00020008 > 001c sid_ptr[0] : 0002000c > 000020 smb_io_unistr2 dom_ref[0] > 0020 uni_max_len: 00000008 > 0024 offset : 00000000 > 0028 uni_str_len: 00000007 > 002c buffer : R.E.C.N.E.X.6. > 00003c smb_io_dom_sid2 sid_ptr[0] > 003c num_auths: 00000004 > 000040 smb_io_dom_sid sid > 0040 sid_rev_num: 01 > 0041 num_auths : 04 > 0042 id_auth[0] : 00 > 0043 id_auth[1] : 00 > 0044 id_auth[2] : 00 > 0045 id_auth[3] : 00 > 0046 id_auth[4] : 00 > 0047 id_auth[5] : 05 > 0048 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e > 000058 lsa_io_trans_names names > 0058 num_entries : 00000001 > 005c ptr_trans_names: 00020010 > 0060 num_entries2 : 00000001 > 000064 lsa_io_trans_name name[0] > 0064 sid_name_use: 0002 > 000068 smb_io_unihdr hdr_name > 0068 uni_str_len: 0008 > 006a uni_max_len: 0008 > 006c buffer : 00020014 > 0070 domain_idx : 00000000 > 000074 smb_io_unistr2 name[0] > 0074 uni_max_len: 00000004 > 0078 offset : 00000000 > 007c uni_str_len: 00000004 > 0080 buffer : N.o.n.e. > 0088 mapped_count: 00000001 > 008c status : NT_STATUS_OK >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000001 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 01 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 01 > 0030 sub_auths : 00000000 > 000034 lsa_io_trans_names names > 0034 num_entries : 00000000 > 0038 ptr_trans_names: 00000000 > 003c level: 0001 > 0040 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=174 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 92 (0x5C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=107 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 5C 00 00 00 05 00 00 00 44 .......\ .......D >[020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. >[030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... >[040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ >[050] 01 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,178) >write_socket(5,178) wrote 178 >got smb length of 200 >size=200 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 144 (0x90) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=145 >[000] 00 05 00 02 03 10 00 00 00 90 00 00 00 05 00 00 ........ ........ >[010] 00 78 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .x...... ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 00 00 02 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 01 00 00 00 00 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ >[050] 01 01 00 00 00 10 00 02 00 01 00 00 00 05 00 00 ........ ........ >[060] 00 10 00 12 00 14 00 02 00 00 00 00 00 09 00 00 ........ ........ >[070] 00 00 00 00 00 08 00 00 00 45 00 76 00 65 00 72 ........ .E.v.e.r >[080] 00 79 00 6F 00 6E 00 65 00 01 00 00 00 00 00 00 .y.o.n.e ........ >[090] 00 . >size=200 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 144 (0x90) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=145 >[000] 00 05 00 02 03 10 00 00 00 90 00 00 00 05 00 00 ........ ........ >[010] 00 78 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .x...... ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 00 00 02 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 01 00 00 00 00 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ........ ........ >[050] 01 01 00 00 00 10 00 02 00 01 00 00 00 05 00 00 ........ ........ >[060] 00 10 00 12 00 14 00 02 00 00 00 00 00 09 00 00 ........ ........ >[070] 00 00 00 00 00 08 00 00 00 45 00 76 00 65 00 72 ........ .E.v.e.r >[080] 00 79 00 6F 00 6E 00 65 00 01 00 00 00 00 00 00 .y.o.n.e ........ >[090] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0090 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000078 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 144, data_len 120, ss_len 0 >rpc_api_pipe: got PDU len of 144 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 240 bytes. >000000 lsa_io_r_lookup_sids > 0000 ptr_dom_ref: 00020000 > 000004 lsa_io_dom_r_ref dom_ref > 0004 num_ref_doms_1: 00000001 > 0008 ptr_ref_dom : 00020004 > 000c max_entries : 00000020 > 0010 num_ref_doms_2: 00000001 > 000014 smb_io_unihdr dom_ref[0] > 0014 uni_str_len: 0000 > 0016 uni_max_len: 0002 > 0018 buffer : 00020008 > 001c sid_ptr[0] : 0002000c > 000020 smb_io_unistr2 dom_ref[0] > 0020 uni_max_len: 00000001 > 0024 offset : 00000000 > 0028 uni_str_len: 00000000 > 00002c smb_io_dom_sid2 sid_ptr[0] > 002c num_auths: 00000000 > 000030 smb_io_dom_sid sid > 0030 sid_rev_num: 01 > 0031 num_auths : 00 > 0032 id_auth[0] : 00 > 0033 id_auth[1] : 00 > 0034 id_auth[2] : 00 > 0035 id_auth[3] : 00 > 0036 id_auth[4] : 00 > 0037 id_auth[5] : 01 > 0038 sub_auths : > 000038 lsa_io_trans_names names > 0038 num_entries : 00000001 > 003c ptr_trans_names: 00020010 > 0040 num_entries2 : 00000001 > 000044 lsa_io_trans_name name[0] > 0044 sid_name_use: 0005 > 000048 smb_io_unihdr hdr_name > 0048 uni_str_len: 0010 > 004a uni_max_len: 0012 > 004c buffer : 00020014 > 0050 domain_idx : 00000000 > 000054 smb_io_unistr2 name[0] > 0054 uni_max_len: 00000009 > 0058 offset : 00000000 > 005c uni_str_len: 00000008 > 0060 buffer : E.v.e.r.y.o.n.e. > 0070 mapped_count: 00000001 > 0074 status : NT_STATUS_OK >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000002 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 02 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000020 00000220 > 000038 lsa_io_trans_names names > 0038 num_entries : 00000000 > 003c ptr_trans_names: 00000000 > 0040 level: 0001 > 0044 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000048 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=178 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=111 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 60 00 00 00 06 00 00 00 48 .......` .......H >[020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. >[030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... >[040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ >[050] 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 ....... ... .... >[060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... >write_socket(5,182) >write_socket(5,182) wrote 182 >got smb length of 232 >size=232 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 176 (0xB0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 176 (0xB0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=177 >[000] 00 05 00 02 03 10 00 00 00 B0 00 00 00 06 00 00 ........ ........ >[010] 00 98 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I >[050] 00 4E 00 00 00 01 00 00 00 01 01 00 00 00 00 00 .N...... ........ >[060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ >[070] 00 04 00 00 00 1C 00 1C 00 14 00 02 00 00 00 00 ........ ........ >[080] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 41 00 64 ........ .....A.d >[090] 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 .m.i.n.i .s.t.r.a >[0A0] 00 74 00 6F 00 72 00 73 00 01 00 00 00 00 00 00 .t.o.r.s ........ >[0B0] 00 . >size=232 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 176 (0xB0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 176 (0xB0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=177 >[000] 00 05 00 02 03 10 00 00 00 B0 00 00 00 06 00 00 ........ ........ >[010] 00 98 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I >[050] 00 4E 00 00 00 01 00 00 00 01 01 00 00 00 00 00 .N...... ........ >[060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ >[070] 00 04 00 00 00 1C 00 1C 00 14 00 02 00 00 00 00 ........ ........ >[080] 00 0E 00 00 00 00 00 00 00 0E 00 00 00 41 00 64 ........ .....A.d >[090] 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 .m.i.n.i .s.t.r.a >[0A0] 00 74 00 6F 00 72 00 73 00 01 00 00 00 00 00 00 .t.o.r.s ........ >[0B0] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00b0 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000098 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 176, data_len 152, ss_len 0 >rpc_api_pipe: got PDU len of 176 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 304 bytes. >000000 lsa_io_r_lookup_sids > 0000 ptr_dom_ref: 00020000 > 000004 lsa_io_dom_r_ref dom_ref > 0004 num_ref_doms_1: 00000001 > 0008 ptr_ref_dom : 00020004 > 000c max_entries : 00000020 > 0010 num_ref_doms_2: 00000001 > 000014 smb_io_unihdr dom_ref[0] > 0014 uni_str_len: 000e > 0016 uni_max_len: 0010 > 0018 buffer : 00020008 > 001c sid_ptr[0] : 0002000c > 000020 smb_io_unistr2 dom_ref[0] > 0020 uni_max_len: 00000008 > 0024 offset : 00000000 > 0028 uni_str_len: 00000007 > 002c buffer : B.U.I.L.T.I.N. > 00003c smb_io_dom_sid2 sid_ptr[0] > 003c num_auths: 00000001 > 000040 smb_io_dom_sid sid > 0040 sid_rev_num: 01 > 0041 num_auths : 01 > 0042 id_auth[0] : 00 > 0043 id_auth[1] : 00 > 0044 id_auth[2] : 00 > 0045 id_auth[3] : 00 > 0046 id_auth[4] : 00 > 0047 id_auth[5] : 05 > 0048 sub_auths : 00000020 > 00004c lsa_io_trans_names names > 004c num_entries : 00000001 > 0050 ptr_trans_names: 00020010 > 0054 num_entries2 : 00000001 > 000058 lsa_io_trans_name name[0] > 0058 sid_name_use: 0004 > 00005c smb_io_unihdr hdr_name > 005c uni_str_len: 001c > 005e uni_max_len: 001c > 0060 buffer : 00020014 > 0064 domain_idx : 00000000 > 000068 smb_io_unistr2 name[0] > 0068 uni_max_len: 0000000e > 006c offset : 00000000 > 0070 uni_str_len: 0000000e > 0074 buffer : A.d.m.i.n.i.s.t.r.a.t.o.r.s. > 0090 mapped_count: 00000001 > 0094 status : NT_STATUS_OK >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000001 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 01 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000012 > 000034 lsa_io_trans_names names > 0034 num_entries : 00000000 > 0038 ptr_trans_names: 00000000 > 003c level: 0001 > 0040 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=174 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=12 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 92 (0x5C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=107 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 5C 00 00 00 07 00 00 00 44 .......\ .......D >[020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. >[030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... >[040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ >[050] 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,178) >write_socket(5,178) wrote 178 >got smb length of 220 >size=220 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=12 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 164 (0xA4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 164 (0xA4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=165 >[000] 00 05 00 02 03 10 00 00 00 A4 00 00 00 07 00 00 ........ ........ >[010] 00 8C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 18 00 1A ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 0D 00 00 00 00 00 00 ........ ........ >[040] 00 0C 00 00 00 4E 00 54 00 20 00 41 00 55 00 54 .....N.T . .A.U.T >[050] 00 48 00 4F 00 52 00 49 00 54 00 59 00 00 00 00 .H.O.R.I .T.Y.... >[060] 00 01 00 00 00 00 00 00 05 01 00 00 00 10 00 02 ........ ........ >[070] 00 01 00 00 00 05 00 00 00 0C 00 0E 00 14 00 02 ........ ........ >[080] 00 00 00 00 00 07 00 00 00 00 00 00 00 06 00 00 ........ ........ >[090] 00 53 00 59 00 53 00 54 00 45 00 4D 00 01 00 00 .S.Y.S.T .E.M.... >[0A0] 00 00 00 00 00 ..... >size=220 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=12 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 164 (0xA4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 164 (0xA4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=165 >[000] 00 05 00 02 03 10 00 00 00 A4 00 00 00 07 00 00 ........ ........ >[010] 00 8C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 18 00 1A ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 0D 00 00 00 00 00 00 ........ ........ >[040] 00 0C 00 00 00 4E 00 54 00 20 00 41 00 55 00 54 .....N.T . .A.U.T >[050] 00 48 00 4F 00 52 00 49 00 54 00 59 00 00 00 00 .H.O.R.I .T.Y.... >[060] 00 01 00 00 00 00 00 00 05 01 00 00 00 10 00 02 ........ ........ >[070] 00 01 00 00 00 05 00 00 00 0C 00 0E 00 14 00 02 ........ ........ >[080] 00 00 00 00 00 07 00 00 00 00 00 00 00 06 00 00 ........ ........ >[090] 00 53 00 59 00 53 00 54 00 45 00 4D 00 01 00 00 .S.Y.S.T .E.M.... >[0A0] 00 00 00 00 00 ..... >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a4 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000008c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 164, data_len 140, ss_len 0 >rpc_api_pipe: got PDU len of 164 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 280 bytes. >000000 lsa_io_r_lookup_sids > 0000 ptr_dom_ref: 00020000 > 000004 lsa_io_dom_r_ref dom_ref > 0004 num_ref_doms_1: 00000001 > 0008 ptr_ref_dom : 00020004 > 000c max_entries : 00000020 > 0010 num_ref_doms_2: 00000001 > 000014 smb_io_unihdr dom_ref[0] > 0014 uni_str_len: 0018 > 0016 uni_max_len: 001a > 0018 buffer : 00020008 > 001c sid_ptr[0] : 0002000c > 000020 smb_io_unistr2 dom_ref[0] > 0020 uni_max_len: 0000000d > 0024 offset : 00000000 > 0028 uni_str_len: 0000000c > 002c buffer : N.T. .A.U.T.H.O.R.I.T.Y. > 000044 smb_io_dom_sid2 sid_ptr[0] > 0044 num_auths: 00000000 > 000048 smb_io_dom_sid sid > 0048 sid_rev_num: 01 > 0049 num_auths : 00 > 004a id_auth[0] : 00 > 004b id_auth[1] : 00 > 004c id_auth[2] : 00 > 004d id_auth[3] : 00 > 004e id_auth[4] : 00 > 004f id_auth[5] : 05 > 0050 sub_auths : > 000050 lsa_io_trans_names names > 0050 num_entries : 00000001 > 0054 ptr_trans_names: 00020010 > 0058 num_entries2 : 00000001 > 00005c lsa_io_trans_name name[0] > 005c sid_name_use: 0005 > 000060 smb_io_unihdr hdr_name > 0060 uni_str_len: 000c > 0062 uni_max_len: 000e > 0064 buffer : 00020014 > 0068 domain_idx : 00000000 > 00006c smb_io_unistr2 name[0] > 006c uni_max_len: 00000007 > 0070 offset : 00000000 > 0074 uni_str_len: 00000006 > 0078 buffer : S.Y.S.T.E.M. > 0084 mapped_count: 00000001 > 0088 status : NT_STATUS_OK >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=13 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 08 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. >[030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 224 >size=224 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=13 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 168 (0xA8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 168 (0xA8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=169 >[000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 08 00 00 ........ ........ >[010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X >[050] 00 36 00 4F 00 04 00 00 00 01 04 00 00 00 00 00 .6.O.... ........ >[060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ >[080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ >[090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r >[0A0] 00 01 00 00 00 00 00 00 00 ........ . >size=224 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=13 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 168 (0xA8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 168 (0xA8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=169 >[000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 08 00 00 ........ ........ >[010] 00 90 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 52 00 45 00 43 00 4E 00 45 00 58 .....R.E .C.N.E.X >[050] 00 36 00 4F 00 04 00 00 00 01 04 00 00 00 00 00 .6.O.... ........ >[060] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[070] 9C 01 00 00 00 10 00 02 00 01 00 00 00 01 00 00 ........ ........ >[080] 00 08 00 08 00 14 00 02 00 00 00 00 00 04 00 00 ........ ........ >[090] 00 00 00 00 00 04 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r >[0A0] 00 01 00 00 00 00 00 00 00 ........ . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a8 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000090 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 168, data_len 144, ss_len 0 >rpc_api_pipe: got PDU len of 168 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 288 bytes. >000000 lsa_io_r_lookup_sids > 0000 ptr_dom_ref: 00020000 > 000004 lsa_io_dom_r_ref dom_ref > 0004 num_ref_doms_1: 00000001 > 0008 ptr_ref_dom : 00020004 > 000c max_entries : 00000020 > 0010 num_ref_doms_2: 00000001 > 000014 smb_io_unihdr dom_ref[0] > 0014 uni_str_len: 000e > 0016 uni_max_len: 0010 > 0018 buffer : 00020008 > 001c sid_ptr[0] : 0002000c > 000020 smb_io_unistr2 dom_ref[0] > 0020 uni_max_len: 00000008 > 0024 offset : 00000000 > 0028 uni_str_len: 00000007 > 002c buffer : R.E.C.N.E.X.6. > 00003c smb_io_dom_sid2 sid_ptr[0] > 003c num_auths: 00000004 > 000040 smb_io_dom_sid sid > 0040 sid_rev_num: 01 > 0041 num_auths : 04 > 0042 id_auth[0] : 00 > 0043 id_auth[1] : 00 > 0044 id_auth[2] : 00 > 0045 id_auth[3] : 00 > 0046 id_auth[4] : 00 > 0047 id_auth[5] : 05 > 0048 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e > 000058 lsa_io_trans_names names > 0058 num_entries : 00000001 > 005c ptr_trans_names: 00020010 > 0060 num_entries2 : 00000001 > 000064 lsa_io_trans_name name[0] > 0064 sid_name_use: 0001 > 000068 smb_io_unihdr hdr_name > 0068 uni_str_len: 0008 > 006a uni_max_len: 0008 > 006c buffer : 00020014 > 0070 domain_idx : 00000000 > 000074 smb_io_unistr2 name[0] > 0074 uni_max_len: 00000004 > 0078 offset : 00000000 > 007c uni_str_len: 00000004 > 0080 buffer : u.s.e.r. > 0088 mapped_count: 00000001 > 008c status : NT_STATUS_OK >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 00000000 > 000004 smb_io_uuid uuid > 0004 data : 64d5ed43 > 0008 data : 0b8e > 000a data : 41dc > 000c data : a3 6d > 000e data : 88 f3 3d bc 73 a9 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000002 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 02 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000020 00000221 > 000038 lsa_io_trans_names names > 0038 num_entries : 00000000 > 003c ptr_trans_names: 00000000 > 0040 level: 0001 > 0044 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000048 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=178 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=14 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=111 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 60 00 00 00 09 00 00 00 48 .......` .......H >[020] 00 00 00 00 00 0F 00 00 00 00 00 43 ED D5 64 8E ........ ...C..d. >[030] 0B DC 41 A3 6D 88 F3 3D BC 73 A9 01 00 00 00 01 ..A.m..= .s...... >[040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ >[050] 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 ....... ...!.... >[060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... >write_socket(5,182) >write_socket(5,182) wrote 182 >got smb length of 216 >size=216 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 160 (0xA0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 160 (0xA0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=161 >[000] 00 05 00 02 03 10 00 00 00 A0 00 00 00 09 00 00 ........ ........ >[010] 00 88 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I >[050] 00 4E 00 4F 00 01 00 00 00 01 01 00 00 00 00 00 .N.O.... ........ >[060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ >[070] 00 04 00 00 00 0A 00 0A 00 14 00 02 00 00 00 00 ........ ........ >[080] 00 05 00 00 00 00 00 00 00 05 00 00 00 55 00 73 ........ .....U.s >[090] 00 65 00 72 00 73 00 00 00 01 00 00 00 00 00 00 .e.r.s.. ........ >[0A0] 00 . >size=216 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 160 (0xA0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 160 (0xA0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=161 >[000] 00 05 00 02 03 10 00 00 00 A0 00 00 00 09 00 00 ........ ........ >[010] 00 88 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 0E 00 10 ..... .. ........ >[030] 00 08 00 02 00 0C 00 02 00 08 00 00 00 00 00 00 ........ ........ >[040] 00 07 00 00 00 42 00 55 00 49 00 4C 00 54 00 49 .....B.U .I.L.T.I >[050] 00 4E 00 4F 00 01 00 00 00 01 01 00 00 00 00 00 .N.O.... ........ >[060] 05 20 00 00 00 01 00 00 00 10 00 02 00 01 00 00 . ...... ........ >[070] 00 04 00 00 00 0A 00 0A 00 14 00 02 00 00 00 00 ........ ........ >[080] 00 05 00 00 00 00 00 00 00 05 00 00 00 55 00 73 ........ .....U.s >[090] 00 65 00 72 00 73 00 00 00 01 00 00 00 00 00 00 .e.r.s.. ........ >[0A0] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000088 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 160, data_len 136, ss_len 0 >rpc_api_pipe: got PDU len of 160 at offset 0 >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 returned 272 bytes. >000000 lsa_io_r_lookup_sids > 0000 ptr_dom_ref: 00020000 > 000004 lsa_io_dom_r_ref dom_ref > 0004 num_ref_doms_1: 00000001 > 0008 ptr_ref_dom : 00020004 > 000c max_entries : 00000020 > 0010 num_ref_doms_2: 00000001 > 000014 smb_io_unihdr dom_ref[0] > 0014 uni_str_len: 000e > 0016 uni_max_len: 0010 > 0018 buffer : 00020008 > 001c sid_ptr[0] : 0002000c > 000020 smb_io_unistr2 dom_ref[0] > 0020 uni_max_len: 00000008 > 0024 offset : 00000000 > 0028 uni_str_len: 00000007 > 002c buffer : B.U.I.L.T.I.N. > 00003c smb_io_dom_sid2 sid_ptr[0] > 003c num_auths: 00000001 > 000040 smb_io_dom_sid sid > 0040 sid_rev_num: 01 > 0041 num_auths : 01 > 0042 id_auth[0] : 00 > 0043 id_auth[1] : 00 > 0044 id_auth[2] : 00 > 0045 id_auth[3] : 00 > 0046 id_auth[4] : 00 > 0047 id_auth[5] : 05 > 0048 sub_auths : 00000020 > 00004c lsa_io_trans_names names > 004c num_entries : 00000001 > 0050 ptr_trans_names: 00020010 > 0054 num_entries2 : 00000001 > 000058 lsa_io_trans_name name[0] > 0058 sid_name_use: 0004 > 00005c smb_io_unihdr hdr_name > 005c uni_str_len: 000a > 005e uni_max_len: 000a > 0060 buffer : 00020014 > 0064 domain_idx : 00000000 > 000068 smb_io_unistr2 name[0] > 0068 uni_max_len: 00000005 > 006c offset : 00000000 > 0070 uni_str_len: 00000005 > 0074 buffer : U.s.e.r.s. > 0080 mapped_count: 00000001 > 0084 status : NT_STATUS_OK >smbc_stat(smb://172.17.8.186/demo/code/array.c) >smbc_getatr: sending qpathinfo >size=102 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=9 >smt_wct=15 >smb_vwv[ 0]= 34 (0x22) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]= 4356 (0x1104) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 34 (0x22) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 102 (0x66) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=37 >[000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d >[010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. >[020] 00 63 00 00 00 .c... >write_socket(3,106) >write_socket(3,106) wrote 106 >got smb length of 168 >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >smbc_getxattr(smb://172.17.8.186/demo/code/array.c, system.nt_sec_desc.owner+) >write_socket(3,116) >write_socket(3,116) wrote 116 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=10 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=10752 (0x2A00) >smb_vwv[ 6]=38908 (0x97FC) >smb_vwv[ 7]=22383 (0x576F) >smb_vwv[ 8]=51321 (0xC879) >smb_vwv[ 9]=59905 (0xEA01) >smb_vwv[10]= 9159 (0x23C7) >smb_vwv[11]=18077 (0x469D) >smb_vwv[12]=51394 (0xC8C2) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=22416 (0x5790) >smb_vwv[15]=11576 (0x2D38) >smb_vwv[16]=51299 (0xC863) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=58503 (0xE487) >smb_vwv[19]=16915 (0x4213) >smb_vwv[20]=51328 (0xC880) >smb_vwv[21]= 8193 (0x2001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 288 (0x120) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 2560 (0xA00) >smb_vwv[28]= 275 (0x113) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 0 (0x0) >smb_bcc=0 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=11 >smt_wct=19 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 2048 (0x800) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 256 (0x100) >smb_vwv[ 9]= 2048 (0x800) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=19456 (0x4C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]=21504 (0x5400) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 6 (0x6) >smb_bcc=11 >[000] 00 00 00 01 40 00 00 07 00 00 00 ....@... ... >write_socket(3,88) >write_socket(3,88) wrote 88 >got smb length of 284 >size=284 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=11 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]=53248 (0xD000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18432 (0x4800) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=53248 (0xD000) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=19456 (0x4C00) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=213 >[000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. >[010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ >[020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... >[050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ >[060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ >[070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ >[090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... >[0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S >[0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ >[0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[0D0] 00 21 02 00 00 .!... >size=284 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=11 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]=53248 (0xD000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18432 (0x4800) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=53248 (0xD000) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=19456 (0x4C00) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=213 >[000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. >[010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ >[020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... >[050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ >[060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ >[070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ >[090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... >[0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S >[0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ >[0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[0D0] 00 21 02 00 00 .!... > 000000 sec_io_desc sd data > 0000 revision : 0001 > 0002 type : 8404 > 0004 off_owner_sid: 00000014 > 0008 off_grp_sid : 00000030 > 000c off_sacl : 00000000 > 0010 off_dacl : 0000004c > 000014 smb_io_dom_sid owner_sid > 0014 sid_rev_num: 01 > 0015 num_auths : 05 > 0016 id_auth[0] : 00 > 0017 id_auth[1] : 00 > 0018 id_auth[2] : 00 > 0019 id_auth[3] : 00 > 001a id_auth[4] : 00 > 001b id_auth[5] : 05 > 001c sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000030 smb_io_dom_sid group_sid > 0030 sid_rev_num: 01 > 0031 num_auths : 05 > 0032 id_auth[0] : 00 > 0033 id_auth[1] : 00 > 0034 id_auth[2] : 00 > 0035 id_auth[3] : 00 > 0036 id_auth[4] : 00 > 0037 id_auth[5] : 05 > 0038 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 > 00004c sec_io_acl dacl > 004c revision: 0002 > 004e size : 0084 > 0050 num_aces : 00000005 > 000054 sec_io_ace ace_list[00]: > 0054 type : 00 > 0055 flags: 10 > 0056 size : 0014 > 0058 access_mask: 001301bf > 00005c smb_io_dom_sid trustee > 005c sid_rev_num: 01 > 005d num_auths : 01 > 005e id_auth[0] : 00 > 005f id_auth[1] : 00 > 0060 id_auth[2] : 00 > 0061 id_auth[3] : 00 > 0062 id_auth[4] : 00 > 0063 id_auth[5] : 01 > 0064 sub_auths : 00000000 > 000068 sec_io_ace ace_list[01]: > 0068 type : 00 > 0069 flags: 10 > 006a size : 0018 > 006c access_mask: 001f01ff > 000070 smb_io_dom_sid trustee > 0070 sid_rev_num: 01 > 0071 num_auths : 02 > 0072 id_auth[0] : 00 > 0073 id_auth[1] : 00 > 0074 id_auth[2] : 00 > 0075 id_auth[3] : 00 > 0076 id_auth[4] : 00 > 0077 id_auth[5] : 05 > 0078 sub_auths : 00000020 00000220 > 000080 sec_io_ace ace_list[02]: > 0080 type : 00 > 0081 flags: 10 > 0082 size : 0014 > 0084 access_mask: 001f01ff > 000088 smb_io_dom_sid trustee > 0088 sid_rev_num: 01 > 0089 num_auths : 01 > 008a id_auth[0] : 00 > 008b id_auth[1] : 00 > 008c id_auth[2] : 00 > 008d id_auth[3] : 00 > 008e id_auth[4] : 00 > 008f id_auth[5] : 05 > 0090 sub_auths : 00000012 > 000094 sec_io_ace ace_list[03]: > 0094 type : 00 > 0095 flags: 10 > 0096 size : 0024 > 0098 access_mask: 001f01ff > 00009c smb_io_dom_sid trustee > 009c sid_rev_num: 01 > 009d num_auths : 05 > 009e id_auth[0] : 00 > 009f id_auth[1] : 00 > 00a0 id_auth[2] : 00 > 00a1 id_auth[3] : 00 > 00a2 id_auth[4] : 00 > 00a3 id_auth[5] : 05 > 00a4 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 0000b8 sec_io_ace ace_list[04]: > 00b8 type : 00 > 00b9 flags: 10 > 00ba size : 0018 > 00bc access_mask: 001200a9 > 0000c0 smb_io_dom_sid trustee > 00c0 sid_rev_num: 01 > 00c1 num_auths : 02 > 00c2 id_auth[0] : 00 > 00c3 id_auth[1] : 00 > 00c4 id_auth[2] : 00 > 00c5 id_auth[3] : 00 > 00c6 id_auth[4] : 00 > 00c7 id_auth[5] : 05 > 00c8 sub_auths : 00000020 00000221 >write_socket(3,45) >write_socket(3,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=15 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 0A 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0A 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0A 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=16 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 0B 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C 01 02 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0B 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0B 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000001 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 01 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 01 > 0030 sub_auths : 00000000 > 000034 lsa_io_trans_names names > 0034 num_entries : 00000000 > 0038 ptr_trans_names: 00000000 > 003c level: 0001 > 0040 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=174 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=17 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 92 (0x5C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=107 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 5C 00 00 00 0C 00 00 00 44 .......\ .......D >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ >[050] 01 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,178) >write_socket(5,178) wrote 178 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=17 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0C 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=17 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0C 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000002 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 02 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000020 00000220 > 000038 lsa_io_trans_names names > 0038 num_entries : 00000000 > 003c ptr_trans_names: 00000000 > 0040 level: 0001 > 0044 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000048 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=178 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=18 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=111 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 60 00 00 00 0D 00 00 00 48 .......` .......H >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ >[050] 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 ....... ... .... >[060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... >write_socket(5,182) >write_socket(5,182) wrote 182 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0D 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0D 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000001 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 01 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000012 > 000034 lsa_io_trans_names names > 0034 num_entries : 00000000 > 0038 ptr_trans_names: 00000000 > 003c level: 0001 > 0040 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 0000000e >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=174 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=19 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 92 (0x5C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=107 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 5C 00 00 00 0E 00 00 00 44 .......\ .......D >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ >[050] 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,178) >write_socket(5,178) wrote 178 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=19 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0E 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=19 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0E 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 0000000e >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 0000000f >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=20 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 0F 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0F 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 0F 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 0000000f >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000002 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 02 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000020 00000221 > 000038 lsa_io_trans_names names > 0038 num_entries : 00000000 > 003c ptr_trans_names: 00000000 > 0040 level: 0001 > 0044 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 00000010 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000048 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=178 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=21 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=111 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 60 00 00 00 10 00 00 00 48 .......` .......H >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ >[050] 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 ....... ...!.... >[060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... >write_socket(5,182) >write_socket(5,182) wrote 182 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 10 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 10 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000010 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >smbc_stat(smb://172.17.8.186/demo/code/array.c) >smbc_getatr: sending qpathinfo >size=102 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=13 >smt_wct=15 >smb_vwv[ 0]= 34 (0x22) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]= 4356 (0x1104) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 34 (0x22) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 102 (0x66) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=37 >[000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d >[010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. >[020] 00 63 00 00 00 .c... >write_socket(3,106) >write_socket(3,106) wrote 106 >got smb length of 168 >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=13 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=13 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >smbc_stat(smb://172.17.8.186/demo/code/array.c) >smbc_getatr: sending qpathinfo >size=102 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=14 >smt_wct=15 >smb_vwv[ 0]= 34 (0x22) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]= 4356 (0x1104) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 34 (0x22) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 102 (0x66) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=37 >[000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d >[010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. >[020] 00 63 00 00 00 .c... >write_socket(3,106) >write_socket(3,106) wrote 106 >got smb length of 168 >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >smbc_stat(smb://172.17.8.186/demo/code/array.c) >smbc_getatr: sending qpathinfo >size=102 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=15 >smt_wct=15 >smb_vwv[ 0]= 34 (0x22) >smb_vwv[ 1]= 0 (0x0) >smb_vwv[ 2]= 10 (0xA) >smb_vwv[ 3]= 4356 (0x1104) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 34 (0x22) >smb_vwv[10]= 68 (0x44) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 102 (0x66) >smb_vwv[13]= 1 (0x1) >smb_vwv[14]= 5 (0x5) >smb_bcc=37 >[000] 00 44 20 07 01 00 00 00 00 5C 00 63 00 6F 00 64 .D ..... .\.c.o.d >[010] 00 65 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E .e.\.a.r .r.a.y.. >[020] 00 63 00 00 00 .c... >write_socket(3,106) >write_socket(3,106) wrote 106 >got smb length of 168 >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >size=168 >smb_com=0x32 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 2 (0x2) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 2 (0x2) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 108 (0x6C) >smb_vwv[ 7]= 60 (0x3C) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 00 00 00 00 2A FC 97 6F 57 79 C8 01 EA C7 23 .....*.. oWy....# >[010] 9D 46 C2 C8 01 80 90 57 38 2D 63 C8 01 80 87 E4 .F.....W 8-c..... >[020] 13 42 80 C8 01 20 00 00 00 00 00 00 00 00 20 01 .B... .. ...... . >[030] 00 00 00 00 00 0A 13 01 00 00 00 00 00 01 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 24 00 00 00 5C 00 64 ........ .$...\.d >[050] 00 65 00 6D 00 6F 00 5C 00 63 00 6F 00 64 00 65 .e.m.o.\ .c.o.d.e >[060] 00 5C 00 61 00 72 00 72 00 61 00 79 00 2E 00 63 .\.a.r.r .a.y...c >[070] 00 . >smbc_getxattr(smb://172.17.8.186/demo/code/array.c, system.nt_sec_desc.owner+) >write_socket(3,116) >write_socket(3,116) wrote 116 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=16 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 512 (0x200) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]=10752 (0x2A00) >smb_vwv[ 6]=38908 (0x97FC) >smb_vwv[ 7]=22383 (0x576F) >smb_vwv[ 8]=51321 (0xC879) >smb_vwv[ 9]=59905 (0xEA01) >smb_vwv[10]= 9159 (0x23C7) >smb_vwv[11]=18077 (0x469D) >smb_vwv[12]=51394 (0xC8C2) >smb_vwv[13]=32769 (0x8001) >smb_vwv[14]=22416 (0x5790) >smb_vwv[15]=11576 (0x2D38) >smb_vwv[16]=51299 (0xC863) >smb_vwv[17]=32769 (0x8001) >smb_vwv[18]=58503 (0xE487) >smb_vwv[19]=16915 (0x4213) >smb_vwv[20]=51328 (0xC880) >smb_vwv[21]= 8193 (0x2001) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 288 (0x120) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 2560 (0xA00) >smb_vwv[28]= 275 (0x113) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 0 (0x0) >smb_vwv[32]= 0 (0x0) >smb_vwv[33]= 0 (0x0) >smb_bcc=0 >size=84 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=17 >smt_wct=19 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 2048 (0x800) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 256 (0x100) >smb_vwv[ 9]= 2048 (0x800) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=19456 (0x4C00) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]=21504 (0x5400) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 6 (0x6) >smb_bcc=11 >[000] 00 00 00 02 40 00 00 07 00 00 00 ....@... ... >write_socket(3,88) >write_socket(3,88) wrote 88 >got smb length of 284 >size=284 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=17 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]=53248 (0xD000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18432 (0x4800) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=53248 (0xD000) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=19456 (0x4C00) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=213 >[000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. >[010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ >[020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... >[050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ >[060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ >[070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ >[090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... >[0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S >[0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ >[0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[0D0] 00 21 02 00 00 .!... >size=284 >smb_com=0xa0 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=17 >smt_wct=18 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 1024 (0x400) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]=53248 (0xD000) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 1024 (0x400) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]=18432 (0x4800) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]=53248 (0xD000) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]=19456 (0x4C00) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_bcc=213 >[000] 00 D0 00 00 00 01 00 04 84 14 00 00 00 30 00 00 ........ .....0.. >[010] 00 00 00 00 00 4C 00 00 00 01 05 00 00 00 00 00 .....L.. ........ >[020] 05 15 00 00 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF .....d.S .7.p.n.. >[030] 9C EB 03 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ >[040] 00 64 E2 53 1D 37 E4 70 0D 6E D4 CF 9C 01 02 00 .d.S.7.p .n...... >[050] 00 02 00 84 00 05 00 00 00 00 10 14 00 BF 01 13 ........ ........ >[060] 00 01 01 00 00 00 00 00 01 00 00 00 00 00 10 18 ........ ........ >[070] 00 FF 01 1F 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[080] 00 20 02 00 00 00 10 14 00 FF 01 1F 00 01 01 00 . ...... ........ >[090] 00 00 00 00 05 12 00 00 00 00 10 24 00 FF 01 1F ........ ...$.... >[0A0] 00 01 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 ........ .....d.S >[0B0] 1D 37 E4 70 0D 6E D4 CF 9C EB 03 00 00 00 10 18 .7.p.n.. ........ >[0C0] 00 A9 00 12 00 01 02 00 00 00 00 00 05 20 00 00 ........ ..... .. >[0D0] 00 21 02 00 00 .!... > 000000 sec_io_desc sd data > 0000 revision : 0001 > 0002 type : 8404 > 0004 off_owner_sid: 00000014 > 0008 off_grp_sid : 00000030 > 000c off_sacl : 00000000 > 0010 off_dacl : 0000004c > 000014 smb_io_dom_sid owner_sid > 0014 sid_rev_num: 01 > 0015 num_auths : 05 > 0016 id_auth[0] : 00 > 0017 id_auth[1] : 00 > 0018 id_auth[2] : 00 > 0019 id_auth[3] : 00 > 001a id_auth[4] : 00 > 001b id_auth[5] : 05 > 001c sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000030 smb_io_dom_sid group_sid > 0030 sid_rev_num: 01 > 0031 num_auths : 05 > 0032 id_auth[0] : 00 > 0033 id_auth[1] : 00 > 0034 id_auth[2] : 00 > 0035 id_auth[3] : 00 > 0036 id_auth[4] : 00 > 0037 id_auth[5] : 05 > 0038 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 > 00004c sec_io_acl dacl > 004c revision: 0002 > 004e size : 0084 > 0050 num_aces : 00000005 > 000054 sec_io_ace ace_list[00]: > 0054 type : 00 > 0055 flags: 10 > 0056 size : 0014 > 0058 access_mask: 001301bf > 00005c smb_io_dom_sid trustee > 005c sid_rev_num: 01 > 005d num_auths : 01 > 005e id_auth[0] : 00 > 005f id_auth[1] : 00 > 0060 id_auth[2] : 00 > 0061 id_auth[3] : 00 > 0062 id_auth[4] : 00 > 0063 id_auth[5] : 01 > 0064 sub_auths : 00000000 > 000068 sec_io_ace ace_list[01]: > 0068 type : 00 > 0069 flags: 10 > 006a size : 0018 > 006c access_mask: 001f01ff > 000070 smb_io_dom_sid trustee > 0070 sid_rev_num: 01 > 0071 num_auths : 02 > 0072 id_auth[0] : 00 > 0073 id_auth[1] : 00 > 0074 id_auth[2] : 00 > 0075 id_auth[3] : 00 > 0076 id_auth[4] : 00 > 0077 id_auth[5] : 05 > 0078 sub_auths : 00000020 00000220 > 000080 sec_io_ace ace_list[02]: > 0080 type : 00 > 0081 flags: 10 > 0082 size : 0014 > 0084 access_mask: 001f01ff > 000088 smb_io_dom_sid trustee > 0088 sid_rev_num: 01 > 0089 num_auths : 01 > 008a id_auth[0] : 00 > 008b id_auth[1] : 00 > 008c id_auth[2] : 00 > 008d id_auth[3] : 00 > 008e id_auth[4] : 00 > 008f id_auth[5] : 05 > 0090 sub_auths : 00000012 > 000094 sec_io_ace ace_list[03]: > 0094 type : 00 > 0095 flags: 10 > 0096 size : 0024 > 0098 access_mask: 001f01ff > 00009c smb_io_dom_sid trustee > 009c sid_rev_num: 01 > 009d num_auths : 05 > 009e id_auth[0] : 00 > 009f id_auth[1] : 00 > 00a0 id_auth[2] : 00 > 00a1 id_auth[3] : 00 > 00a2 id_auth[4] : 00 > 00a3 id_auth[5] : 05 > 00a4 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 0000b8 sec_io_ace ace_list[04]: > 00b8 type : 00 > 00b9 flags: 10 > 00ba size : 0018 > 00bc access_mask: 001200a9 > 0000c0 smb_io_dom_sid trustee > 00c0 sid_rev_num: 01 > 00c1 num_auths : 02 > 00c2 id_auth[0] : 00 > 00c3 id_auth[1] : 00 > 00c4 id_auth[2] : 00 > 00c5 id_auth[3] : 00 > 00c6 id_auth[4] : 00 > 00c7 id_auth[5] : 05 > 00c8 sub_auths : 00000020 00000221 >write_socket(3,45) >write_socket(3,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=18 >smt_wct=0 >smb_bcc=0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000011 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=22 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 11 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 11 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 11 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000011 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 00000201 > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000012 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=23 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 12 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C 01 02 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=23 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 12 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=23 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 12 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000012 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000001 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 01 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 01 > 0030 sub_auths : 00000000 > 000034 lsa_io_trans_names names > 0034 num_entries : 00000000 > 0038 ptr_trans_names: 00000000 > 003c level: 0001 > 0040 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 00000013 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=174 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=24 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 92 (0x5C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=107 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 5C 00 00 00 13 00 00 00 44 .......\ .......D >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ >[050] 01 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,178) >write_socket(5,178) wrote 178 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=24 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 13 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=24 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 13 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000013 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000002 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 02 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000020 00000220 > 000038 lsa_io_trans_names names > 0038 num_entries : 00000000 > 003c ptr_trans_names: 00000000 > 0040 level: 0001 > 0044 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 00000014 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000048 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=178 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=25 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=111 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 60 00 00 00 14 00 00 00 48 .......` .......H >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ >[050] 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 ....... ... .... >[060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... >write_socket(5,182) >write_socket(5,182) wrote 182 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=25 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 14 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=25 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 14 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000014 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000001 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 01 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000012 > 000034 lsa_io_trans_names names > 0034 num_entries : 00000000 > 0038 ptr_trans_names: 00000000 > 003c level: 0001 > 0040 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005c > 000a auth_len : 0000 > 000c call_id : 00000015 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000044 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=174 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=26 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 92 (0x5C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 92 (0x5C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=107 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 5C 00 00 00 15 00 00 00 44 .......\ .......D >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 ........ ........ >[050] 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,178) >write_socket(5,178) wrote 178 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=26 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 15 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=26 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 15 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000015 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000005 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 05 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000015 1d53e264 0d70e437 9ccfd46e 000003eb > 000044 lsa_io_trans_names names > 0044 num_entries : 00000000 > 0048 ptr_trans_names: 00000000 > 004c level: 0001 > 0050 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000016 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=190 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=27 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 108 (0x6C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 108 (0x6C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=123 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 6C 00 00 00 16 00 00 00 54 .......l .......T >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........ >[050] 05 00 00 00 00 00 05 15 00 00 00 64 E2 53 1D 37 ........ ...d.S.7 >[060] E4 70 0D 6E D4 CF 9C EB 03 00 00 00 00 00 00 00 .p.n.... ........ >[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ... >write_socket(5,194) >write_socket(5,194) wrote 194 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=27 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 16 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=27 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 16 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000016 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >init_q_lookup_sids >init_lsa_sid_enum >000000 lsa_io_q_lookup_sids > 000000 smb_io_pol_hnd pol_hnd > 0000 handle_type: 0001130a > 000004 smb_io_uuid uuid > 0004 data : 00000000 > 0008 data : 0000 > 000a data : 0000 > 000c data : 00 00 > 000e data : 00 00 ab 1f d1 47 > 000014 lsa_io_sid_enum sids > 0014 num_entries : 00000001 > 0018 ptr_sid_enum: 00000001 > 001c num_entries2: 00000001 > 0020 ptr_sid[0]: 00000001 > 000024 smb_io_dom_sid2 sid[0] > 0024 num_auths: 00000002 > 000028 smb_io_dom_sid sid > 0028 sid_rev_num: 01 > 0029 num_auths : 02 > 002a id_auth[0] : 00 > 002b id_auth[1] : 00 > 002c id_auth[2] : 00 > 002d id_auth[3] : 00 > 002e id_auth[4] : 00 > 002f id_auth[5] : 05 > 0030 sub_auths : 00000020 00000221 > 000038 lsa_io_trans_names names > 0038 num_entries : 00000000 > 003c ptr_trans_names: 00000000 > 0040 level: 0001 > 0044 mapped_count: 00000000 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0000 > 000c call_id : 00000017 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000048 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: Remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000 >size=178 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=28 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 96 (0x60) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=111 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 60 00 00 00 17 00 00 00 48 .......` .......H >[020] 00 00 00 00 00 0F 00 0A 13 01 00 00 00 00 00 00 ........ ........ >[030] 00 00 00 00 00 00 00 AB 1F D1 47 01 00 00 00 01 ........ ..G..... >[040] 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 ........ ........ >[050] 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 ....... ...!.... >[060] 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ....... >write_socket(5,182) >write_socket(5,182) wrote 182 >got smb length of 88 >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=28 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 17 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >size=88 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=2048 >smb_pid=11668 >smb_uid=2048 >smb_mid=28 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 32 (0x20) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 32 (0x20) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=33 >[000] 00 05 00 03 03 10 00 00 00 20 00 00 00 17 00 00 ........ . ...... >[010] 00 20 00 00 00 00 00 00 00 1A 00 00 1C 00 00 00 . ...... ........ >[020] 00 . >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000017 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_CONTEXT_MISMATCH > 001c reserved: 00000000 >cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_CONTEXT_MISMATCH received from remote machine 172.17.8.186 pipe \lsarpc fnum 0x4000! >rpc_api_pipe: got PDU len of 32 at offset 0 >OWNER NAME: RECNEX6\user > >OWNER NAME: S-1-5-21-492036708-225502263-2630866030-1003 > >OWNER NAME: S-1-5-21-492036708-225502263-2630866030-1003 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3329">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5475
:
3328
| 3329