The Samba-Bugzilla – Attachment 519 Details for
Bug 1364
winbindd dies on SID lookup when used with ntlm_auth
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
winbindd debug=10 file
samba-bug-1364.txt (text/plain), 333.59 KB, created by
Tudor Panaitescu
on 2004-05-18 13:04:31 UTC
(
hide
)
Description:
winbindd debug=10 file
Filename:
MIME Type:
Creator:
Tudor Panaitescu
Created:
2004-05-18 13:04:31 UTC
Size:
333.59 KB
patch
obsolete
>winbindd version 3.0.4-2.3E started. >Copyright The Samba Team 2000-2004 >lp_load: refreshing parameters >Initialising global parameters >params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >Processing section "[global]" >doing parameter workgroup = AD >doing parameter netbios name = STAGE1 >handle_netbios_name: set global_myname to: STAGE1 >doing parameter interfaces = 10.32.1.90 >doing parameter realm = AD.COLORCON.COM >doing parameter security = ADS >doing parameter encrypt passwords = Yes >doing parameter update encrypted = Yes >doing parameter min protocol = NT1 >doing parameter local master = No >doing parameter wins server = 10.32.2.63 10.32.2.64 >doing parameter printing = cups >doing parameter winbind uid = 10000-20000 >doing parameter winbind gid = 10000-20000 >doing parameter winbind use default domain = yes >doing parameter password server = * >pm_process() returned Yes >lp_servicenumber: couldn't find homes >adding IPC service >adding IPC service >set_server_role: role = ROLE_DOMAIN_MEMBER >Attempting to register new charset UCS-2LE >Registered charset UCS-2LE >Attempting to register new charset UTF8 >Registered charset UTF8 >Attempting to register new charset ASCII >Registered charset ASCII >Attempting to register new charset 646 >Registered charset 646 >Attempting to register new charset ISO-8859-1 >Registered charset ISO-8859-1 >Attempting to register new charset UCS2-HEX >Registered charset UCS2-HEX >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >ms_fnmatch(10.32.1.90,eth0) -> -1 >ms_fnmatch(10.32.1.90,lo) -> -1 >added interface ip=10.32.1.90 bcast=10.32.31.255 nmask=255.255.224.0 >Netbios name list:- >my_netbios_names[0]="STAGE1" >ms_fnmatch(10.32.1.90,eth0) -> -1 >ms_fnmatch(10.32.1.90,lo) -> -1 >added interface ip=10.32.1.90 bcast=10.32.31.255 nmask=255.255.224.0 >Opening cache file at /var/cache/samba/gencache.tdb >namecache_enable: enabling netbios namecache, timeout 660 seconds >smb_register_idmap: Successfully added idmap backend 'ldap' >smb_register_idmap: Successfully added idmap backend 'tdb' >db_idmap_init: Opening tdbfile /var/cache/samba/winbindd_idmap.tdb >fcntl_lock 10 13 0 1 1 >fcntl_lock: Lock call successful >Registered MSG_REQ_POOL_USAGE >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >add_trusted_domain: AD is an NT4 domain >Added domain AD AD.COLORCON.COM S-0-0 >ads_dc_name: domain=AD >ads_find_dc: looking for realm 'AD.COLORCON.COM' >get_sorted_dc_list: attempting lookup using [ads] >internal_resolve_name: looking up AD.COLORCON.COM#1c >Returning valid cache entry: key = NBT/AD.COLORCON.COM#1C, value = 10.64.2.61:389,10.64.2.62:389,10.32.2.61:389, timeout = Tue May 18 10:49:24 2004 > >name AD.COLORCON.COM#1C found. >Adding 3 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 3 ip addresses in an unordered list >get_dc_list: 10.64.2.61:389 10.64.2.62:389 10.32.2.61:389 >ads_try_connect: trying ldap server '10.32.2.61' port 389 >Connected to LDAP server 10.32.2.61 >got ldap server name wep-ad-dc1@AD.COLORCON.COM, using bind path: dc=AD,dc=COLORCON,dc=COM >time offset is 173 seconds >ads_dc_name: using server='WEP-AD-DC1' IP=10.32.2.61 >IPC$ connections done anonymously >secrets_named_mutex: got mutex for WEP-AD-DC1 >Connecting to host=WEP-AD-DC1 >Connecting to 10.32.2.61 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >write_socket(13,183) >write_socket(13,183) wrote 183 >got smb length of 184 >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]= 5248 (0x1480) >smb_vwv[12]=35306 (0x89EA) >smb_vwv[13]=59292 (0xE79C) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]= 5248 (0x1480) >smb_vwv[12]=35306 (0x89EA) >smb_vwv[13]=59292 (0xE79C) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >Serverzone is 14400 >connecting to WEP-AD-DC1 from STAGE1 with kerberos principal [STAGE1$@AD.COLORCON.COM] >Doing spnego session setup (blob length=115) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=wep-ad-dc1$@AD.COLORCON.COM >Doing kerberos session setup >Advancing clock by 173 seconds to cope with clock skew >Ticket in ccache[MEMORY:cliconnect] expiration Tue, 18 May 2004 20:48:40 GMT >Ticket (wep-ad-dc1$@AD.COLORCON.COM) in ccache (MEMORY:cliconnect) is valid until: (Tue, 18 May 2004 20:48:40 GMT - 1084927720) >Got KRB5 session key of length 8 >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] E6 A1 EF 46 92 A1 2C D0 ...F..,. >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 8C 00 2B 1C BF 28 35 FC ..+..(5. >store_sequence_for_reply: stored seq = 1 mid = 2 >write_socket(13,1220) >write_socket(13,1220) wrote 1220 >got smb length of 143 >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=4099 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 6B 3E 20 8C C0 A7 17 84 k> ..... >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=4099 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 86 41 64 77 C4 1D 78 3C .Adw..x< >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(13,88) >write_socket(13,88) wrote 88 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 3E 4B DF 75 A9 8C 82 19 >K.u.... >cli_init_creds: user domain >secrets_named_mutex: released mutex for WEP-AD-DC1 >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 9E EA AD 49 A8 0B 6D 5B ...I..m[ >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(13,104) >write_socket(13,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 768 (0x300) >smb_vwv[ 3]= 256 (0x100) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] 1D 35 DE 85 83 BB 86 82 .5...... >Bind RPC Pipe[3]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 3919286a > 0024 data : b10c > 0026 data : 11d0 > 0028 data : 9b a8 > 002a data : 00 c0 4f d9 2e f5 > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:3 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 3 (0x3) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j >[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] 63 96 59 7D FA 60 13 BA c.Y}.`.. >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(13,158) >write_socket(13,158) wrote 158 >cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 17 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] D8 22 0F E9 F7 4C 3E 5F ."...L>_ >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... >[010] 00 B8 10 B8 10 17 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00062817 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >000000 ds_io_q_getprimdominfo > 0000 level: 0001 >create_rpc_request: opnum: 0x0 data_len: 0x1a >create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000000a > 0014 context_id: 0000 > 0016 opnum : 0000 >rpc_api_pipe: fnum:3 >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 3 (0x3) >smb_bcc=41 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 0A ........ ........ >[020] 00 00 00 00 00 00 00 01 00 ........ . >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] 7A A9 08 02 60 26 EE A6 z...`&.. >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(13,112) >write_socket(13,112) wrote 112 >cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >got smb length of 236 >size=236 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 180 (0xB4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 180 (0xB4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=181 >[000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 02 00 00 ........ ........ >[010] 00 9C 00 00 00 00 00 00 00 E8 6C 4F 0D 01 00 00 ........ ..lO.... >[020] 00 04 00 00 00 01 00 00 01 28 B9 49 0D 18 FA 16 ........ .(.I.... >[030] 00 B8 53 16 00 CE FA 73 7F 7A 2E 02 4B 8E B7 1D ..S....s .z..K... >[040] 41 DF 58 72 1E 03 00 00 00 00 00 00 00 03 00 00 A.Xr.... ........ >[050] 00 41 00 44 00 00 00 00 00 10 00 00 00 00 00 00 .A.D.... ........ >[060] 00 10 00 00 00 61 00 64 00 2E 00 63 00 6F 00 6C .....a.d ...c.o.l >[070] 00 6F 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F .o.r.c.o .n...c.o >[080] 00 6D 00 00 00 10 00 00 00 00 00 00 00 10 00 00 .m...... ........ >[090] 00 61 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 .a.d...c .o.l.o.r >[0A0] 00 63 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 00 .c.o.n.. .c.o.m.. >[0B0] 00 00 00 00 00 ..... >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] B9 A2 48 5E 53 A2 EB F7 ..H^S... >size=236 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 180 (0xB4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 180 (0xB4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=181 >[000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 02 00 00 ........ ........ >[010] 00 9C 00 00 00 00 00 00 00 E8 6C 4F 0D 01 00 00 ........ ..lO.... >[020] 00 04 00 00 00 01 00 00 01 28 B9 49 0D 18 FA 16 ........ .(.I.... >[030] 00 B8 53 16 00 CE FA 73 7F 7A 2E 02 4B 8E B7 1D ..S....s .z..K... >[040] 41 DF 58 72 1E 03 00 00 00 00 00 00 00 03 00 00 A.Xr.... ........ >[050] 00 41 00 44 00 00 00 00 00 10 00 00 00 00 00 00 .A.D.... ........ >[060] 00 10 00 00 00 61 00 64 00 2E 00 63 00 6F 00 6C .....a.d ...c.o.l >[070] 00 6F 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F .o.r.c.o .n...c.o >[080] 00 6D 00 00 00 10 00 00 00 00 00 00 00 10 00 00 .m...... ........ >[090] 00 61 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 .a.d...c .o.l.o.r >[0A0] 00 63 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 00 .c.o.n.. .c.o.m.. >[0B0] 00 00 00 00 00 ..... >cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >rpc_check_hdr: rdata->data_size = 180 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00b4 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000009c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 180 >rpc_api_pipe: fragment first and last both set >000018 ds_io_r_getprimdominfo > 0018 ptr: 0d4f6ce8 > 001c level: 0001 > 001e unknown0: 0000 > 0020 machine_role: 0004 > 0022 unknown: 0000 > 0024 flags: 01000001 > 0028 netbios_ptr: 0d49b928 > 002c dnsname_ptr: 0016fa18 > 0030 forestname_ptr: 001653b8 > 000034 smb_io_uuid domain_guid > 0034 data : 7f73face > 0038 data : 2e7a > 003a data : 4b02 > 003c data : 8e b7 > 003e data : 1d 41 df 58 72 1e > 000044 smb_io_unistr2 netbios_domain > 0044 uni_max_len: 00000003 > 0048 offset : 00000000 > 004c uni_str_len: 00000003 > 0050 buffer : A.D... > 000058 smb_io_unistr2 dns_domain > 0058 uni_max_len: 00000010 > 005c offset : 00000000 > 0060 uni_str_len: 00000010 > 0064 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m... > 000084 smb_io_unistr2 forest_domain > 0084 uni_max_len: 00000010 > 0088 offset : 00000000 > 008c uni_str_len: 00000010 > 0090 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m... > 00b0 status: NT_STATUS_OK >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] 04 85 68 ED AF 2C 2E 04 ..h..,.. >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(13,45) >write_socket(13,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=7 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 11 mid = 7 >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] 76 35 DB E6 1F 46 04 61 v5...F.a >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] E8 DD 32 E5 22 17 8D 50 ..2."..P >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(13,104) >write_socket(13,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 256 (0x100) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] D7 05 95 55 9F FB 5A 34 ...U..Z4 >Bind RPC Pipe[4]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:4 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 4 (0x4) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] 29 9E 51 3A 6E A3 1E FB ).Q:n... >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(13,158) >write_socket(13,158) wrote 158 >cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... >[010] 00 B8 10 B8 10 18 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] E5 C9 90 EF 21 B5 0A F0 ....!... >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... >[010] 00 B8 10 B8 10 18 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000003 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00062818 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >init_lsa_sec_qos >init_q_open_pol2: attr:0 da:33554432 >init_lsa_obj_attr >000000 lsa_io_q_open_pol2 > 0000 ptr : 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a lsa_io_obj_attr > 002c len : 00000018 > 0030 ptr_root_dir: 00000000 > 0034 ptr_obj_name: 00000000 > 0038 attributes : 00000000 > 003c ptr_sec_desc: 00000000 > 0040 ptr_sec_qos : 00000001 > 000044 lsa_io_obj_qos sec_qos > 0044 len : 0000000c > 0048 sec_imp_level : 0002 > 004a sec_ctxt_mode : 01 > 004b effective_only: 00 >lsa_io_sec_qos: length c does not match size 8 > 004c des_access: 02000000 >create_rpc_request: opnum: 0x2c data_len: 0x68 >create_rpc_request: data_len: 68 auth_len: 0 alloc_hint: 58 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000058 > 0014 context_id: 0000 > 0016 opnum : 002c >rpc_api_pipe: fnum:4 >size=186 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 104 (0x68) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 4 (0x4) >smb_bcc=119 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 68 00 00 00 04 00 00 00 58 .......h .......X >[020] 00 00 00 00 00 2C 00 01 00 00 00 0D 00 00 00 00 .....,.. ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 00 00 00 00 01 00 00 00 0C 00 00 00 02 ........ ........ >[070] 00 01 00 00 00 00 02 ....... >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] E0 95 15 93 52 15 1C C3 ....R... >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(13,190) >write_socket(13,190) wrote 190 >cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 5F 1D 40 ........ ....._.@ >[020] 31 65 22 9F 4D AD C3 F3 3C E2 F4 28 5A 00 00 00 1e".M... <..(Z... >[030] 00 . >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] F5 E1 7C 2D E1 0F 50 08 ..|-..P. >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 5F 1D 40 ........ ....._.@ >[020] 31 65 22 9F 4D AD C3 F3 3C E2 F4 28 5A 00 00 00 1e".M... <..(Z... >[030] 00 . >cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >rpc_check_hdr: rdata->data_size = 48 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 48 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_open_pol2 > 000018 smb_io_pol_hnd > 0018 data1: 00000000 > 001c data2: 31401d5f > 0020 data3: 2265 > 0022 data4: 4d9f > 0024 data5: ad c3 f3 3c e2 f4 28 5a > 002c status: NT_STATUS_OK >init_q_query2 >000000 lsa_io_q_query_info2 > 000000 smb_io_pol_hnd pol > 0000 data1: 00000000 > 0004 data2: 31401d5f > 0008 data3: 2265 > 000a data4: 4d9f > 000c data5: ad c3 f3 3c e2 f4 28 5a > 0014 info_class: 000c >create_rpc_request: opnum: 0x2e data_len: 0x2e >create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000001e > 0014 context_id: 0000 > 0016 opnum : 002e >rpc_api_pipe: fnum:4 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 4 (0x4) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 1E ........ ........ >[020] 00 00 00 00 00 2E 00 00 00 00 00 5F 1D 40 31 65 ........ ..._.@1e >[030] 22 9F 4D AD C3 F3 3C E2 F4 28 5A 0C 00 ".M...<. .(Z.. >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] AD F7 01 F7 70 2E D0 F8 ....p... >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(13,132) >write_socket(13,132) wrote 132 >cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >got smb length of 268 >size=268 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 212 (0xD4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 212 (0xD4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=213 >[000] 00 05 00 02 03 10 00 00 00 D4 00 00 00 05 00 00 ........ ........ >[010] 00 BC 00 00 00 00 00 00 00 60 0F 10 00 0C 00 00 ........ .`...... >[020] 00 04 00 06 00 28 B9 49 0D 1E 00 20 00 B8 53 16 .....(.I ... ..S. >[030] 00 1E 00 20 00 88 0C 13 00 CE FA 73 7F 7A 2E 02 ... .... ...s.z.. >[040] 4B 8E B7 1D 41 DF 58 72 1E 80 5C 13 00 03 00 00 K...A.Xr ..\..... >[050] 00 00 00 00 00 02 00 00 00 41 00 44 00 10 00 00 ........ .A.D.... >[060] 00 00 00 00 00 0F 00 00 00 61 00 64 00 2E 00 63 ........ .a.d...c >[070] 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E 00 2E .o.l.o.r .c.o.n.. >[080] 00 63 00 6F 00 6D 00 00 00 10 00 00 00 00 00 00 .c.o.m.. ........ >[090] 00 0F 00 00 00 61 00 64 00 2E 00 63 00 6F 00 6C .....a.d ...c.o.l >[0A0] 00 6F 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F .o.r.c.o .n...c.o >[0B0] 00 6D 00 00 00 04 00 00 00 01 04 00 00 00 00 00 .m...... ........ >[0C0] 05 15 00 00 00 FD 37 42 40 4F 75 88 21 43 17 0A ......7B @Ou.!C.. >[0D0] 32 00 00 00 00 2.... >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] EB D8 4D 24 7F 38 D5 09 ..M$.8.. >size=268 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 212 (0xD4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 212 (0xD4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=213 >[000] 00 05 00 02 03 10 00 00 00 D4 00 00 00 05 00 00 ........ ........ >[010] 00 BC 00 00 00 00 00 00 00 60 0F 10 00 0C 00 00 ........ .`...... >[020] 00 04 00 06 00 28 B9 49 0D 1E 00 20 00 B8 53 16 .....(.I ... ..S. >[030] 00 1E 00 20 00 88 0C 13 00 CE FA 73 7F 7A 2E 02 ... .... ...s.z.. >[040] 4B 8E B7 1D 41 DF 58 72 1E 80 5C 13 00 03 00 00 K...A.Xr ..\..... >[050] 00 00 00 00 00 02 00 00 00 41 00 44 00 10 00 00 ........ .A.D.... >[060] 00 00 00 00 00 0F 00 00 00 61 00 64 00 2E 00 63 ........ .a.d...c >[070] 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E 00 2E .o.l.o.r .c.o.n.. >[080] 00 63 00 6F 00 6D 00 00 00 10 00 00 00 00 00 00 .c.o.m.. ........ >[090] 00 0F 00 00 00 61 00 64 00 2E 00 63 00 6F 00 6C .....a.d ...c.o.l >[0A0] 00 6F 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F .o.r.c.o .n...c.o >[0B0] 00 6D 00 00 00 04 00 00 00 01 04 00 00 00 00 00 .m...... ........ >[0C0] 05 15 00 00 00 FD 37 42 40 4F 75 88 21 43 17 0A ......7B @Ou.!C.. >[0D0] 32 00 00 00 00 2.... >cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >rpc_check_hdr: rdata->data_size = 212 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00d4 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000bc > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 212 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_query_info2 > 0018 ptr: 00100f60 > 001c info_class: 000c > 00001e lsa_io_dns_dom_info info12 > 000020 smb_io_unihdr nb_name > 0020 uni_str_len: 0004 > 0022 uni_max_len: 0006 > 0024 buffer : 0d49b928 > 000028 smb_io_unihdr dns_name > 0028 uni_str_len: 001e > 002a uni_max_len: 0020 > 002c buffer : 001653b8 > 000030 smb_io_unihdr forest > 0030 uni_str_len: 001e > 0032 uni_max_len: 0020 > 0034 buffer : 00130c88 > 000038 smb_io_uuid dom_guid > 0038 data : 7f73face > 003c data : 2e7a > 003e data : 4b02 > 0040 data : 8e b7 > 0042 data : 1d 41 df 58 72 1e > 0048 dom_sid: 00135c80 > 00004c smb_io_unistr2 nb_name > 004c uni_max_len: 00000003 > 0050 offset : 00000000 > 0054 uni_str_len: 00000002 > 0058 buffer : A.D. > 00005c smb_io_unistr2 dns_name > 005c uni_max_len: 00000010 > 0060 offset : 00000000 > 0064 uni_str_len: 0000000f > 0068 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m. > 000086 smb_io_unistr2 forest > 0088 uni_max_len: 00000010 > 008c offset : 00000000 > 0090 uni_str_len: 0000000f > 0094 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m. > 0000b2 smb_io_dom_sid2 dom_sid > 00b4 num_auths: 00000004 > 0000b8 smb_io_dom_sid sid > 00b8 sid_rev_num: 01 > 00b9 num_auths : 04 > 00ba id_auth[0] : 00 > 00bb id_auth[1] : 00 > 00bc id_auth[2] : 00 > 00bd id_auth[3] : 00 > 00be id_auth[4] : 00 > 00bf id_auth[5] : 05 > 00c0 sub_auths : 00000015 404237fd 2188754f 320a1743 > 00d0 status: NT_STATUS_OK >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 06 BC BA A0 63 35 C2 3D ....c5.= >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(13,45) >write_socket(13,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 12 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] 0B 28 B2 35 B9 E1 0E EC .(.5.... >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] A3 6B F4 22 01 5C 85 D2 .k.".\.. >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(13,39) >write_socket(13,39) wrote 39 >got smb length of 35 >size=35 >smb_com=0x71 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=30721 >smb_pid=2230 >smb_uid=4099 >smb_mid=13 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] 2E C4 18 9C 81 F6 7A 41 ......zA >alternate_name: [Cached] - doing backend query for info for domain AD >ads: alternate_name >ads_find_dc: looking for realm 'ad.colorcon.com' >get_sorted_dc_list: attempting lookup using [ads] >internal_resolve_name: looking up ad.colorcon.com#1c >Returning valid cache entry: key = NBT/AD.COLORCON.COM#1C, value = 10.64.2.61:389,10.64.2.62:389,10.32.2.61:389, timeout = Tue May 18 10:49:24 2004 > >name ad.colorcon.com#1C found. >Adding 3 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 3 ip addresses in an unordered list >get_dc_list: 10.64.2.61:389 10.64.2.62:389 10.32.2.61:389 >ads_try_connect: trying ldap server '10.32.2.61' port 389 >Connected to LDAP server 10.32.2.61 >got ldap server name wep-ad-dc1@AD.COLORCON.COM, using bind path: dc=AD,dc=COLORCON,dc=COM >time offset is 173 seconds >Found SASL mechanism GSS-SPNEGO >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=wep-ad-dc1$@AD.COLORCON.COM >krb5_cc_get_principal failed (No credentials cache found) >Advancing clock by 173 seconds to cope with clock skew >Ticket in ccache[MEMORY:winbind_ccache] expiration Tue, 18 May 2004 20:51:33 GMT >Ticket (wep-ad-dc1$@AD.COLORCON.COM) in ccache (MEMORY:winbind_ccache) is valid until: (Tue, 18 May 2004 20:51:33 GMT - 1084927893) >Got KRB5 session key of length 8 >Found alternate name 'AD' for realm 'AD.COLORCON.COM' >scanning trusted domain list >trusted_domains: [Cached] - doing backend query for info for domain AD >ads: trusted_domains >ads_dc_name: domain=AD >ads_find_dc: looking for realm 'AD.COLORCON.COM' >get_sorted_dc_list: attempting lookup using [ads] >internal_resolve_name: looking up AD.COLORCON.COM#1c >Returning valid cache entry: key = NBT/AD.COLORCON.COM#1C, value = 10.64.2.61:389,10.64.2.62:389,10.32.2.61:389, timeout = Tue May 18 10:49:24 2004 > >name AD.COLORCON.COM#1C found. >Adding 3 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 3 ip addresses in an unordered list >get_dc_list: 10.64.2.61:389 10.64.2.62:389 10.32.2.61:389 >ads_try_connect: trying ldap server '10.32.2.61' port 389 >Connected to LDAP server 10.32.2.61 >got ldap server name wep-ad-dc1@AD.COLORCON.COM, using bind path: dc=AD,dc=COLORCON,dc=COM >time offset is 173 seconds >ads_dc_name: using server='WEP-AD-DC1' IP=10.32.2.61 >IPC$ connections done anonymously >secrets_named_mutex: got mutex for WEP-AD-DC1 >Connecting to host=WEP-AD-DC1 >Connecting to 10.32.2.61 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >write_socket(16,183) >write_socket(16,183) wrote 183 >got smb length of 184 >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=61056 (0xEE80) >smb_vwv[12]= 9442 (0x24E2) >smb_vwv[13]=59293 (0xE79D) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=61056 (0xEE80) >smb_vwv[12]= 9442 (0x24E2) >smb_vwv[13]=59293 (0xE79D) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >connecting to WEP-AD-DC1 from STAGE1 with kerberos principal [STAGE1$@AD.COLORCON.COM] >Doing spnego session setup (blob length=115) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=wep-ad-dc1$@AD.COLORCON.COM >Doing kerberos session setup >Advancing clock by 173 seconds to cope with clock skew >Ticket in ccache[MEMORY:cliconnect] expiration Tue, 18 May 2004 20:48:41 GMT >Ticket (wep-ad-dc1$@AD.COLORCON.COM) in ccache (MEMORY:cliconnect) is valid until: (Tue, 18 May 2004 20:48:41 GMT - 1084927721) >Got KRB5 session key of length 8 >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 70 5E D0 2C 2F A1 5B 34 p^.,/.[4 >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 4E ED F1 E3 7E C7 F7 EA N...~... >store_sequence_for_reply: stored seq = 1 mid = 2 >write_socket(16,1220) >write_socket(16,1220) wrote 1220 >got smb length of 143 >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=53249 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 1A A2 41 1A 6B CA 20 60 ..A.k. ` >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=53249 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 37 1C 04 9C 98 3F 90 38 7....?.8 >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(16,88) >write_socket(16,88) wrote 88 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 50 A4 53 0C B5 84 90 D9 P.S..... >cli_init_creds: user domain >secrets_named_mutex: released mutex for WEP-AD-DC1 >Using cleartext machine password >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] BE 42 09 BE 67 3B C2 A8 .B..g;.. >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] B3 CC 41 A6 D1 56 B7 EF ..A..V.. >Bind RPC Pipe[8004]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:8004 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32772 (0x8004) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] F3 33 E2 73 A4 0A FB 72 .3.s...r >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(16,158) >write_socket(16,158) wrote 158 >cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... >[010] 00 B8 10 B8 10 19 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 49 0D 01 00 00 00 00 00 00 \lsass.I ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] 69 A6 34 49 F7 ED 4F 10 i.4I..O. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... >[010] 00 B8 10 B8 10 19 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 49 0D 01 00 00 00 00 00 00 \lsass.I ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00062819 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >cli_net_req_chal: LSA Request Challenge from STAGE1 to WEP-AD-DC1: F8FBD7DD330B7ADC >init_q_req_chal: 621 >init_q_req_chal: 630 >000000 net_io_q_req_chal > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 > 002c uni_max_len: 00000007 > 0030 offset : 00000000 > 0034 uni_str_len: 00000007 > 0038 buffer : S.T.A.G.E.1... > 000046 smb_io_chal > 0046 data: f8 fb d7 dd 33 0b 7a dc >create_rpc_request: opnum: 0x4 data_len: 0x66 >create_rpc_request: data_len: 66 auth_len: 0 alloc_hint: 56 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0066 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000056 > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: fnum:8004 >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 102 (0x66) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 102 (0x66) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32772 (0x8004) >smb_bcc=117 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 66 00 00 00 07 00 00 00 56 .......f .......V >[020] 00 00 00 00 00 04 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 00 00 F8 FB D7 .T.A.G.E .1...... >[070] DD 33 0B 7A DC .3.z. >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] 16 CA 09 93 15 79 0C E5 .....y.. >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(16,188) >write_socket(16,188) wrote 188 >cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 E6 87 AC DD F5 EE 37 ........ .......7 >[020] 6D 00 00 00 00 m.... >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] 65 93 8B B7 15 4E FC A8 e....N.. >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 E6 87 AC DD F5 EE 37 ........ .......7 >[020] 6D 00 00 00 00 m.... >cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >rpc_check_hdr: rdata->data_size = 36 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 36 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_req_chal > 000018 smb_io_chal > 0018 data: e6 87 ac dd f5 ee 37 6d > 0020 status: NT_STATUS_OK >cred_session_key > clnt_chal: F8FBD7DD330B7ADC > srv_chal : E687ACDDF5EE376D > clnt+srv : DE8384BB28FAB149 > sess_key : 78591449649F06CC >cred_create > sess_key : 78591449649F06CC > stor_cred: F8FBD7DD330B7ADC > timestamp: 0 > timecred : F8FBD7DD330B7ADC > calc_cred: B97B7E3A55DA32B7 >cli_net_auth2: srv:\\WEP-AD-DC1 acct:STAGE1$ sc:2 mc: STAGE1 chal B97B7E3A55DA32B7 neg: 400701ff >init_q_auth_2: 742 >make_log_info 1336 >init_q_auth_2: 748 >000000 net_io_q_auth_2 > 000000 smb_io_log_info > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 unistr2 > 002c uni_max_len: 00000008 > 0030 offset : 00000000 > 0034 uni_str_len: 00000008 > 0038 buffer : S.T.A.G.E.1.$... > 0048 sec_chan: 0002 > 00004a smb_io_unistr2 unistr2 > 004c uni_max_len: 00000007 > 0050 offset : 00000000 > 0054 uni_str_len: 00000007 > 0058 buffer : S.T.A.G.E.1... > 000066 smb_io_chal > 0066 data: b9 7b 7e 3a 55 da 32 b7 > 00006e net_io_neg_flags > 0070 neg_flags: 400701ff >create_rpc_request: opnum: 0xf data_len: 0x8c >create_rpc_request: data_len: 8c auth_len: 0 alloc_hint: 7c >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 008c > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000007c > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: fnum:8004 >size=222 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=7 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 140 (0x8C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 140 (0x8C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32772 (0x8004) >smb_bcc=155 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 8C 00 00 00 08 00 00 00 7C ........ .......| >[020] 00 00 00 00 00 0F 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 24 00 00 00 02 .T.A.G.E .1.$.... >[070] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[080] 00 54 00 41 00 47 00 45 00 31 00 00 00 B9 7B 7E .T.A.G.E .1....{~ >[090] 3A 55 DA 32 B7 00 00 FF 01 07 40 :U.2.... ..@ >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] DD 91 B6 13 36 4E 27 EA ....6N'. >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(16,226) >write_socket(16,226) wrote 226 >cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 C8 7D C8 81 17 42 BE ........ ..}...B. >[020] F7 FF 01 07 40 00 00 00 00 ....@... . >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] 52 4B D8 D9 91 51 DD 1A RK...Q.. >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 C8 7D C8 81 17 42 BE ........ ..}...B. >[020] F7 FF 01 07 40 00 00 00 00 ....@... . >cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >rpc_check_hdr: rdata->data_size = 40 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 40 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_auth_2 > 000018 smb_io_chal > 0018 data: c8 7d c8 81 17 42 be f7 > 000020 net_io_neg_flags > 0020 neg_flags: 400701ff > 0024 status: NT_STATUS_OK >cred_create > sess_key : 78591449649F06CC > stor_cred: E687ACDDF5EE376D > timestamp: 0 > timecred : E687ACDDF5EE376D > calc_cred: C87DC8811742BEF7 >cred_assert > challenge : C87DC8811742BEF7 > calculated: C87DC8811742BEF7 >credentials check ok >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] 37 3B 00 AE 5D 84 71 46 7;..].qF >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 768 (0x300) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] 3B 23 D0 66 83 EF 35 39 ;#.f..59 >Bind RPC Pipe[8003]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr_auth hdr_auth > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_neg netsec_neg > 0008 type1: 00000000 > 000c type2: 00000003 >[000] 41 44 AD >[000] 53 54 41 47 45 31 STAGE1 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0062 > 000a auth_len : 0012 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:8003 >size=180 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 98 (0x62) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 98 (0x62) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32771 (0x8003) >smb_bcc=113 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 62 00 12 00 09 00 00 00 B8 .......b ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 41 44 00 53 54 41 47 45 31 .......A D.STAGE1 >[070] 00 . >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] 0D A3 AE D7 4F 9A 30 09 ....O.0. >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(16,184) >write_socket(16,184) wrote 184 >cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... >[010] 00 B8 10 B8 10 1A 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 FF 59 01 00 00 00 00 00 00 \lsass.. Y....... >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 A9 3D 6C .......= l >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] 3B E2 4D 1A FE 32 52 EE ;.M..2R. >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... >[010] 00 B8 10 B8 10 1A 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 FF 59 01 00 00 00 00 00 00 \lsass.. Y....... >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 A9 3D 6C .......= l >cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >rpc_check_hdr: rdata->data_size = 88 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000009 >rpc_api_pipe: len left: 0 smbtrans read: 88 >rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0006281a > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >000000 ds_io_q_enum_domain_trusts > 0000 server_ptr: 00000001 > 000004 smb_io_unistr2 server > 0004 uni_max_len: 0000000b > 0008 offset : 00000000 > 000c uni_str_len: 0000000b > 0010 buffer : W.E.P.-.A.D.-.D.C.1... > 0028 flags: 00000003 >000030 smb_io_rpc_hdr_auth hdr_auth > 0030 auth_type : 44 > 0031 auth_level : 05 > 0032 padding : 04 > 0033 reserved : 00 > 0034 auth_context : 00000001 >SCHANNEL seq_num=0 >SCHANNEL: netsec_encode seq_num=0 data_len=48 >000038 smb_io_rpc_auth_netsec_chk > 0038 sig : 77 00 ff ff ff ff 00 00 > 0040 seq_num: d4 fd 49 d6 a9 dd e6 1b > 0048 packet_digest: 8e 43 b7 c8 83 05 48 60 > 0050 confounder: de 13 93 62 cd 08 7e b3 >create_rpc_request: opnum: 0x28 data_len: 0x70 >create_rpc_request: data_len: 70 auth_len: 20 alloc_hint: 38 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0070 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000038 > 0014 context_id: 0000 > 0016 opnum : 0028 >rpc_api_pipe: fnum:8003 >size=194 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 112 (0x70) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 112 (0x70) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32771 (0x8003) >smb_bcc=127 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 70 00 20 00 0A 00 00 00 38 .......p . .....8 >[020] 00 00 00 00 00 28 00 01 00 00 00 0B 00 00 00 00 .....(.. ........ >[030] 00 00 00 0B 00 00 00 57 00 45 00 50 00 2D 00 41 .......W .E.P.-.A >[040] 00 44 00 2D 00 44 00 43 00 31 00 00 00 00 00 03 .D.-.D.C .1...... >[050] 00 00 00 00 00 00 00 44 05 04 00 01 00 00 00 77 .......D .......w >[060] 00 FF FF FF FF 00 00 D4 FD 49 D6 A9 DD E6 1B 8E ........ .I...... >[070] 43 B7 C8 83 05 48 60 DE 13 93 62 CD 08 7E B3 C....H`. ..b..~. >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] 69 51 85 97 D6 26 71 FC iQ...&q. >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(16,198) >write_socket(16,198) wrote 198 >cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >got smb length of 808 >size=808 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 752 (0x2F0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 752 (0x2F0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=753 >[000] 00 05 00 02 03 10 00 00 00 F0 02 20 00 0A 00 00 ........ ... .... >[010] 00 B0 02 00 00 00 00 00 00 05 00 00 00 F8 EB 50 ........ .......P >[020] 0D 05 00 00 00 EC EC 50 0D F6 EC 50 0D 23 00 00 .......P ...P.#.. >[030] 00 04 00 00 00 02 00 00 00 00 00 00 00 D4 EC 50 ........ .......P >[040] 0D A8 5E CE 45 03 5E AD 49 AF 23 14 EA 4F 11 43 ..^.E.^. I.#..O.C >[050] 13 38 ED 50 0D 3E ED 50 0D 23 00 00 00 04 00 00 .8.P.>.P .#...... >[060] 00 02 00 00 00 00 00 00 00 20 ED 50 0D 22 E9 0F ........ . .P.".. >[070] C8 AA 15 50 4F 9B 3F 3D 75 43 90 CD 94 7C ED 50 ...PO.?= uC...|.P >[080] 0D 82 ED 50 0D 23 00 00 00 04 00 00 00 02 00 00 ...P.#.. ........ >[090] 00 00 00 00 00 64 ED 50 0D 4D B9 58 7C 17 8E 5A .....d.P .M.X|..Z >[0A0] 48 8C 2A 72 87 47 25 FD 4D C0 ED 50 0D 00 00 00 H.*r.G%. M..P.... >[0B0] 00 22 00 00 00 00 00 00 00 01 00 00 00 04 00 00 ."...... ........ >[0C0] 01 A8 ED 50 0D 00 00 00 00 00 00 00 00 00 00 00 ...P.... ........ >[0D0] 00 00 00 00 00 E4 ED 50 0D EA ED 50 0D 1D 00 00 .......P ...P.... >[0E0] 00 00 00 00 00 02 00 00 00 00 00 00 00 CC ED 50 ........ .......P >[0F0] 0D CE FA 73 7F 7A 2E 02 4B 8E B7 1D 41 DF 58 72 ...s.z.. K...A.Xr >[100] 1E 05 00 00 00 00 00 00 00 05 00 00 00 45 00 4D ........ .....E.M >[110] 00 45 00 41 00 00 00 00 00 15 00 00 00 00 00 00 .E.A.... ........ >[120] 00 15 00 00 00 65 00 6D 00 65 00 61 00 2E 00 61 .....e.m .e.a...a >[130] 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 00 63 .d...c.o .l.o.r.c >[140] 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.n...c .o.m.... >[150] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[160] 00 A8 37 D6 65 43 17 0A 32 28 B3 A1 2E 03 00 00 ..7.eC.. 2(...... >[170] 00 00 00 00 00 03 00 00 00 41 00 50 00 00 00 00 ........ .A.P.... >[180] 00 13 00 00 00 00 00 00 00 13 00 00 00 61 00 70 ........ .....a.p >[190] 00 2E 00 61 00 64 00 2E 00 63 00 6F 00 6C 00 6F ...a.d.. .c.o.l.o >[1A0] 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F 00 6D .r.c.o.n ...c.o.m >[1B0] 00 00 00 00 00 04 00 00 00 01 04 00 00 00 00 00 ........ ........ >[1C0] 05 15 00 00 00 CD 7C 41 66 F5 36 45 49 43 17 0A ......|A f.6EIC.. >[1D0] 32 03 00 00 00 00 00 00 00 03 00 00 00 4E 00 41 2....... .....N.A >[1E0] 00 00 00 00 00 13 00 00 00 00 00 00 00 13 00 00 ........ ........ >[1F0] 00 6E 00 61 00 2E 00 61 00 64 00 2E 00 63 00 6F .n.a...a .d...c.o >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] 6B 53 4E 80 99 0C 55 0C kSN...U. >size=808 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 752 (0x2F0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 752 (0x2F0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=753 >[000] 00 05 00 02 03 10 00 00 00 F0 02 20 00 0A 00 00 ........ ... .... >[010] 00 B0 02 00 00 00 00 00 00 05 00 00 00 F8 EB 50 ........ .......P >[020] 0D 05 00 00 00 EC EC 50 0D F6 EC 50 0D 23 00 00 .......P ...P.#.. >[030] 00 04 00 00 00 02 00 00 00 00 00 00 00 D4 EC 50 ........ .......P >[040] 0D A8 5E CE 45 03 5E AD 49 AF 23 14 EA 4F 11 43 ..^.E.^. I.#..O.C >[050] 13 38 ED 50 0D 3E ED 50 0D 23 00 00 00 04 00 00 .8.P.>.P .#...... >[060] 00 02 00 00 00 00 00 00 00 20 ED 50 0D 22 E9 0F ........ . .P.".. >[070] C8 AA 15 50 4F 9B 3F 3D 75 43 90 CD 94 7C ED 50 ...PO.?= uC...|.P >[080] 0D 82 ED 50 0D 23 00 00 00 04 00 00 00 02 00 00 ...P.#.. ........ >[090] 00 00 00 00 00 64 ED 50 0D 4D B9 58 7C 17 8E 5A .....d.P .M.X|..Z >[0A0] 48 8C 2A 72 87 47 25 FD 4D C0 ED 50 0D 00 00 00 H.*r.G%. M..P.... >[0B0] 00 22 00 00 00 00 00 00 00 01 00 00 00 04 00 00 ."...... ........ >[0C0] 01 A8 ED 50 0D 00 00 00 00 00 00 00 00 00 00 00 ...P.... ........ >[0D0] 00 00 00 00 00 E4 ED 50 0D EA ED 50 0D 1D 00 00 .......P ...P.... >[0E0] 00 00 00 00 00 02 00 00 00 00 00 00 00 CC ED 50 ........ .......P >[0F0] 0D CE FA 73 7F 7A 2E 02 4B 8E B7 1D 41 DF 58 72 ...s.z.. K...A.Xr >[100] 1E 05 00 00 00 00 00 00 00 05 00 00 00 45 00 4D ........ .....E.M >[110] 00 45 00 41 00 00 00 00 00 15 00 00 00 00 00 00 .E.A.... ........ >[120] 00 15 00 00 00 65 00 6D 00 65 00 61 00 2E 00 61 .....e.m .e.a...a >[130] 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 00 63 .d...c.o .l.o.r.c >[140] 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.n...c .o.m.... >[150] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[160] 00 A8 37 D6 65 43 17 0A 32 28 B3 A1 2E 03 00 00 ..7.eC.. 2(...... >[170] 00 00 00 00 00 03 00 00 00 41 00 50 00 00 00 00 ........ .A.P.... >[180] 00 13 00 00 00 00 00 00 00 13 00 00 00 61 00 70 ........ .....a.p >[190] 00 2E 00 61 00 64 00 2E 00 63 00 6F 00 6C 00 6F ...a.d.. .c.o.l.o >[1A0] 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F 00 6D .r.c.o.n ...c.o.m >[1B0] 00 00 00 00 00 04 00 00 00 01 04 00 00 00 00 00 ........ ........ >[1C0] 05 15 00 00 00 CD 7C 41 66 F5 36 45 49 43 17 0A ......|A f.6EIC.. >[1D0] 32 03 00 00 00 00 00 00 00 03 00 00 00 4E 00 41 2....... .....N.A >[1E0] 00 00 00 00 00 13 00 00 00 00 00 00 00 13 00 00 ........ ........ >[1F0] 00 6E 00 61 00 2E 00 61 00 64 00 2E 00 63 00 6F .n.a...a .d...c.o >cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >rpc_check_hdr: rdata->data_size = 752 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 02f0 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000002b0 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 752 >rpc_auth_pipe: pkt_type: 2 len: 752 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 ff ff ff ff 00 00 > 0010 seq_num: 78 1b e2 64 9f dd 65 ae > 0018 packet_digest: fb 3c ce 39 7d 08 33 be > 0020 confounder: 00 00 00 00 00 00 00 00 >SCHANNEL: netsec_encode seq_num=1 data_len=688 >SCHANNEL: netsec_decode seq_num=1 data_len=688 >rpc_api_pipe: fragment first and last both set >000018 ds_io_r_enum_domain_trusts > 0018 num_domains: 00000005 > 00001c ds_io_dom_trusts_ctr domains > 001c ptr: 0d50ebf8 > 0020 max_count: 00000005 > 000024 ds_io_dom_trusts_ctr domain_trusts > 0024 netbios_ptr: 0d50ecec > 0028 dns_ptr: 0d50ecf6 > 002c flags: 00000023 > 0030 parent_index: 00000004 > 0034 trust_type: 00000002 > 0038 trust_attributes: 00000000 > 003c sid_ptr: 0d50ecd4 > 000040 smb_io_uuid guid > 0040 data : 45ce5ea8 > 0044 data : 5e03 > 0046 data : 49ad > 0048 data : af 23 > 004a data : 14 ea 4f 11 43 13 > 000050 ds_io_dom_trusts_ctr domain_trusts > 0050 netbios_ptr: 0d50ed38 > 0054 dns_ptr: 0d50ed3e > 0058 flags: 00000023 > 005c parent_index: 00000004 > 0060 trust_type: 00000002 > 0064 trust_attributes: 00000000 > 0068 sid_ptr: 0d50ed20 > 00006c smb_io_uuid guid > 006c data : c80fe922 > 0070 data : 15aa > 0072 data : 4f50 > 0074 data : 9b 3f > 0076 data : 3d 75 43 90 cd 94 > 00007c ds_io_dom_trusts_ctr domain_trusts > 007c netbios_ptr: 0d50ed7c > 0080 dns_ptr: 0d50ed82 > 0084 flags: 00000023 > 0088 parent_index: 00000004 > 008c trust_type: 00000002 > 0090 trust_attributes: 00000000 > 0094 sid_ptr: 0d50ed64 > 000098 smb_io_uuid guid > 0098 data : 7c58b94d > 009c data : 8e17 > 009e data : 485a > 00a0 data : 8c 2a > 00a2 data : 72 87 47 25 fd 4d > 0000a8 ds_io_dom_trusts_ctr domain_trusts > 00a8 netbios_ptr: 0d50edc0 > 00ac dns_ptr: 00000000 > 00b0 flags: 00000022 > 00b4 parent_index: 00000000 > 00b8 trust_type: 00000001 > 00bc trust_attributes: 01000004 > 00c0 sid_ptr: 0d50eda8 > 0000c4 smb_io_uuid guid > 00c4 data : 00000000 > 00c8 data : 0000 > 00ca data : 0000 > 00cc data : 00 00 > 00ce data : 00 00 00 00 00 00 > 0000d4 ds_io_dom_trusts_ctr domain_trusts > 00d4 netbios_ptr: 0d50ede4 > 00d8 dns_ptr: 0d50edea > 00dc flags: 0000001d > 00e0 parent_index: 00000000 > 00e4 trust_type: 00000002 > 00e8 trust_attributes: 00000000 > 00ec sid_ptr: 0d50edcc > 0000f0 smb_io_uuid guid > 00f0 data : 7f73face > 00f4 data : 2e7a > 00f6 data : 4b02 > 00f8 data : 8e b7 > 00fa data : 1d 41 df 58 72 1e > 000100 smb_io_unistr2 netbios_domain > 0100 uni_max_len: 00000005 > 0104 offset : 00000000 > 0108 uni_str_len: 00000005 > 010c buffer : E.M.E.A... > 000118 smb_io_unistr2 dns_domain > 0118 uni_max_len: 00000015 > 011c offset : 00000000 > 0120 uni_str_len: 00000015 > 0124 buffer : e.m.e.a...a.d...c.o.l.o.r.c.o.n...c.o.m... > 000150 smb_io_dom_sid2 sid > 0150 num_auths: 00000004 > 000154 smb_io_dom_sid sid > 0154 sid_rev_num: 01 > 0155 num_auths : 04 > 0156 id_auth[0] : 00 > 0157 id_auth[1] : 00 > 0158 id_auth[2] : 00 > 0159 id_auth[3] : 00 > 015a id_auth[4] : 00 > 015b id_auth[5] : 05 > 015c sub_auths : 00000015 65d637a8 320a1743 2ea1b328 > 00016c smb_io_unistr2 netbios_domain > 016c uni_max_len: 00000003 > 0170 offset : 00000000 > 0174 uni_str_len: 00000003 > 0178 buffer : A.P... > 000180 smb_io_unistr2 dns_domain > 0180 uni_max_len: 00000013 > 0184 offset : 00000000 > 0188 uni_str_len: 00000013 > 018c buffer : a.p...a.d...c.o.l.o.r.c.o.n...c.o.m... > 0001b4 smb_io_dom_sid2 sid > 01b4 num_auths: 00000004 > 0001b8 smb_io_dom_sid sid > 01b8 sid_rev_num: 01 > 01b9 num_auths : 04 > 01ba id_auth[0] : 00 > 01bb id_auth[1] : 00 > 01bc id_auth[2] : 00 > 01bd id_auth[3] : 00 > 01be id_auth[4] : 00 > 01bf id_auth[5] : 05 > 01c0 sub_auths : 00000015 66417ccd 494536f5 320a1743 > 0001d0 smb_io_unistr2 netbios_domain > 01d0 uni_max_len: 00000003 > 01d4 offset : 00000000 > 01d8 uni_str_len: 00000003 > 01dc buffer : N.A... > 0001e4 smb_io_unistr2 dns_domain > 01e4 uni_max_len: 00000013 > 01e8 offset : 00000000 > 01ec uni_str_len: 00000013 > 01f0 buffer : n.a...a.d...c.o.l.o.r.c.o.n...c.o.m... > 000218 smb_io_dom_sid2 sid > 0218 num_auths: 00000004 > 00021c smb_io_dom_sid sid > 021c sid_rev_num: 01 > 021d num_auths : 04 > 021e id_auth[0] : 00 > 021f id_auth[1] : 00 > 0220 id_auth[2] : 00 > 0221 id_auth[3] : 00 > 0222 id_auth[4] : 00 > 0223 id_auth[5] : 05 > 0224 sub_auths : 00000015 74d97781 773ce092 6b635f23 > 000234 smb_io_unistr2 netbios_domain > 0234 uni_max_len: 00000005 > 0238 offset : 00000000 > 023c uni_str_len: 00000005 > 0240 buffer : C.C.U.S... > 00024c smb_io_unistr2 - NULL dns_domain > 00024c smb_io_dom_sid2 sid > 024c num_auths: 00000004 > 000250 smb_io_dom_sid sid > 0250 sid_rev_num: 01 > 0251 num_auths : 04 > 0252 id_auth[0] : 00 > 0253 id_auth[1] : 00 > 0254 id_auth[2] : 00 > 0255 id_auth[3] : 00 > 0256 id_auth[4] : 00 > 0257 id_auth[5] : 05 > 0258 sub_auths : 00000015 21280f89 21c44c28 5baa187b > 000268 smb_io_unistr2 netbios_domain > 0268 uni_max_len: 00000003 > 026c offset : 00000000 > 0270 uni_str_len: 00000003 > 0274 buffer : A.D... > 00027c smb_io_unistr2 dns_domain > 027c uni_max_len: 00000010 > 0280 offset : 00000000 > 0284 uni_str_len: 00000010 > 0288 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m... > 0002a8 smb_io_dom_sid2 sid > 02a8 num_auths: 00000004 > 0002ac smb_io_dom_sid sid > 02ac sid_rev_num: 01 > 02ad num_auths : 04 > 02ae id_auth[0] : 00 > 02af id_auth[1] : 00 > 02b0 id_auth[2] : 00 > 02b1 id_auth[3] : 00 > 02b2 id_auth[4] : 00 > 02b3 id_auth[5] : 05 > 02b4 sub_auths : 00000015 404237fd 2188754f 320a1743 > 02c4 status: NT_STATUS_OK >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] 45 88 AB 41 4E 8C FD E3 E..AN... >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=11 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 19 mid = 11 >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] 78 F3 E0 31 68 47 8B 64 x..1hG.d >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 15 3D 5E 3C BC A7 E3 E4 .=^<.... >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 12 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] 46 78 77 D4 C0 1E DC 38 Fxw....8 >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] 88 B4 80 DB A9 DF 1F 21 .......! >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 35 >size=35 >smb_com=0x71 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=47107 >smb_pid=2230 >smb_uid=53249 >smb_mid=13 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] 81 2D 82 BA EA A3 9E 18 .-...... >Found domain EMEA >add_trusted_domain: EMEA is an NT4 domain >Added domain EMEA emea.ad.colorcon.com S-1-5-21-1708537768-839522115-782349096 >trustdom_store: storing SID S-1-5-21-1708537768-839522115-782349096 of domain EMEA >Adding cache entry with key = TDOM/EMEA.AD.COLORCON.COM; value = S-1-5-21-1708537768-839522115-782349096 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Adding cache entry with key = TDOM/EMEA; value = S-1-5-21-1708537768-839522115-782349096 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Found domain AP >add_trusted_domain: AP is an NT4 domain >Added domain AP ap.ad.colorcon.com S-1-5-21-1715567821-1229272821-839522115 >trustdom_store: storing SID S-1-5-21-1715567821-1229272821-839522115 of domain AP >Adding cache entry with key = TDOM/AP.AD.COLORCON.COM; value = S-1-5-21-1715567821-1229272821-839522115 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Adding cache entry with key = TDOM/AP; value = S-1-5-21-1715567821-1229272821-839522115 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Found domain NA >add_trusted_domain: NA is an NT4 domain >Added domain NA na.ad.colorcon.com S-1-5-21-1960408961-2000478354-1801674531 >trustdom_store: storing SID S-1-5-21-1960408961-2000478354-1801674531 of domain NA >Adding cache entry with key = TDOM/NA.AD.COLORCON.COM; value = S-1-5-21-1960408961-2000478354-1801674531 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Adding cache entry with key = TDOM/NA; value = S-1-5-21-1960408961-2000478354-1801674531 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Found domain CCUS >add_trusted_domain: CCUS is an NT4 domain >Added domain CCUS S-1-5-21-556273545-566512680-1537874043 >trustdom_store: storing SID S-1-5-21-556273545-566512680-1537874043 of domain CCUS >Adding cache entry with key = TDOM/CCUS; value = S-1-5-21-556273545-566512680-1537874043 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Found domain AD >trustdom_store: storing SID S-1-5-21-1078081533-562591055-839522115 of domain AD >Adding cache entry with key = TDOM/AD.COLORCON.COM; value = S-1-5-21-1078081533-562591055-839522115 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >Adding cache entry with key = TDOM/AD; value = S-1-5-21-1078081533-562591055-839522115 and timeout = Tue May 18 10:53:41 2004 > (300 seconds ahead) >add_trusted_domain: BUILTIN is an NT4 domain >Added domain BUILTIN S-1-5-32 >add_trusted_domain: STAGE1 is an NT4 domain >Added domain STAGE1 S-1-5-21-1517240271-3033396884-2545237836 >scanning trusted domain list >trusted_domains: [Cached] - doing backend query for info for domain AD >ads: trusted_domains >ads_dc_name: domain=AD >ads_find_dc: looking for realm 'AD.COLORCON.COM' >get_sorted_dc_list: attempting lookup using [ads] >internal_resolve_name: looking up AD.COLORCON.COM#1c >Returning valid cache entry: key = NBT/AD.COLORCON.COM#1C, value = 10.64.2.61:389,10.64.2.62:389,10.32.2.61:389, timeout = Tue May 18 10:49:24 2004 > >name AD.COLORCON.COM#1C found. >Adding 3 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 3 ip addresses in an unordered list >get_dc_list: 10.64.2.61:389 10.64.2.62:389 10.32.2.61:389 >ads_try_connect: trying ldap server '10.32.2.61' port 389 >Connected to LDAP server 10.32.2.61 >got ldap server name wep-ad-dc1@AD.COLORCON.COM, using bind path: dc=AD,dc=COLORCON,dc=COM >time offset is 173 seconds >ads_dc_name: using server='WEP-AD-DC1' IP=10.32.2.61 >IPC$ connections done anonymously >secrets_named_mutex: got mutex for WEP-AD-DC1 >Connecting to host=WEP-AD-DC1 >Connecting to 10.32.2.61 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >write_socket(16,183) >write_socket(16,183) wrote 183 >got smb length of 184 >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=34944 (0x8880) >smb_vwv[12]=29584 (0x7390) >smb_vwv[13]=59293 (0xE79D) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=34944 (0x8880) >smb_vwv[12]=29584 (0x7390) >smb_vwv[13]=59293 (0xE79D) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >connecting to WEP-AD-DC1 from STAGE1 with kerberos principal [STAGE1$@AD.COLORCON.COM] >Doing spnego session setup (blob length=115) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=wep-ad-dc1$@AD.COLORCON.COM >Doing kerberos session setup >Advancing clock by 173 seconds to cope with clock skew >Ticket in ccache[MEMORY:cliconnect] expiration Tue, 18 May 2004 20:48:41 GMT >Ticket (wep-ad-dc1$@AD.COLORCON.COM) in ccache (MEMORY:cliconnect) is valid until: (Tue, 18 May 2004 20:48:41 GMT - 1084927721) >Got KRB5 session key of length 8 >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] E0 0B FB 79 8A 34 AE 15 ...y.4.. >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 41 DF B6 01 85 C4 12 6E A......n >store_sequence_for_reply: stored seq = 1 mid = 2 >write_socket(16,1220) >write_socket(16,1220) wrote 1220 >got smb length of 143 >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=26627 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 08 E6 53 17 B5 9D 82 FA ..S..... >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=26627 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 59 23 2B 63 DF 6B 1E EE Y#+c.k.. >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(16,88) >write_socket(16,88) wrote 88 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 63 D5 16 79 4C EE C5 49 c..yL..I >cli_init_creds: user domain >secrets_named_mutex: released mutex for WEP-AD-DC1 >Using cleartext machine password >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] E3 62 B5 0F 28 53 5E 14 .b..(S^. >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] 14 EF 2B FF 5E 53 18 23 ..+.^S.# >Bind RPC Pipe[800c]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:800c >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 0B 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] 72 EF BB 22 77 8B F2 18 r.."w... >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(16,158) >write_socket(16,158) wrote 158 >cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 ........ .D...... >[010] 00 B8 10 B8 10 1B 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] 3F BC 5B B0 C2 CC 24 8B ?.[...$. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 ........ .D...... >[010] 00 B8 10 B8 10 1B 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 0000000b >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0006281b > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >cli_net_req_chal: LSA Request Challenge from STAGE1 to WEP-AD-DC1: E11E0898F89DB814 >init_q_req_chal: 621 >init_q_req_chal: 630 >000000 net_io_q_req_chal > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 > 002c uni_max_len: 00000007 > 0030 offset : 00000000 > 0034 uni_str_len: 00000007 > 0038 buffer : S.T.A.G.E.1... > 000046 smb_io_chal > 0046 data: e1 1e 08 98 f8 9d b8 14 >create_rpc_request: opnum: 0x4 data_len: 0x66 >create_rpc_request: data_len: 66 auth_len: 0 alloc_hint: 56 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0066 > 000a auth_len : 0000 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000056 > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: fnum:800c >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 102 (0x66) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 102 (0x66) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=117 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 66 00 00 00 0C 00 00 00 56 .......f .......V >[020] 00 00 00 00 00 04 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 00 00 E1 1E 08 .T.A.G.E .1...... >[070] 98 F8 9D B8 14 ..... >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] 40 01 E8 7D 5D A9 FC 2A @..}]..* >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(16,188) >write_socket(16,188) wrote 188 >cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0C 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 43 9C DF C5 88 A6 04 ........ .C...... >[020] 77 00 00 00 00 w.... >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] 21 66 A4 A1 85 36 C7 8C !f...6.. >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0C 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 43 9C DF C5 88 A6 04 ........ .C...... >[020] 77 00 00 00 00 w.... >cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >rpc_check_hdr: rdata->data_size = 36 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 36 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_req_chal > 000018 smb_io_chal > 0018 data: 43 9c df c5 88 a6 04 77 > 0020 status: NT_STATUS_OK >cred_session_key > clnt_chal: E11E0898F89DB814 > srv_chal : 439CDFC588A60477 > clnt+srv : 24BBE75D8044BD8B > sess_key : 75A1A3CD4C7E8D2A >cred_create > sess_key : 75A1A3CD4C7E8D2A > stor_cred: E11E0898F89DB814 > timestamp: 0 > timecred : E11E0898F89DB814 > calc_cred: D5941004027CA323 >cli_net_auth2: srv:\\WEP-AD-DC1 acct:STAGE1$ sc:2 mc: STAGE1 chal D5941004027CA323 neg: 400701ff >init_q_auth_2: 742 >make_log_info 1336 >init_q_auth_2: 748 >000000 net_io_q_auth_2 > 000000 smb_io_log_info > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 unistr2 > 002c uni_max_len: 00000008 > 0030 offset : 00000000 > 0034 uni_str_len: 00000008 > 0038 buffer : S.T.A.G.E.1.$... > 0048 sec_chan: 0002 > 00004a smb_io_unistr2 unistr2 > 004c uni_max_len: 00000007 > 0050 offset : 00000000 > 0054 uni_str_len: 00000007 > 0058 buffer : S.T.A.G.E.1... > 000066 smb_io_chal > 0066 data: d5 94 10 04 02 7c a3 23 > 00006e net_io_neg_flags > 0070 neg_flags: 400701ff >create_rpc_request: opnum: 0xf data_len: 0x8c >create_rpc_request: data_len: 8c auth_len: 0 alloc_hint: 7c >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 008c > 000a auth_len : 0000 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000007c > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: fnum:800c >size=222 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=7 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 140 (0x8C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 140 (0x8C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=155 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 8C 00 00 00 0D 00 00 00 7C ........ .......| >[020] 00 00 00 00 00 0F 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 24 00 00 00 02 .T.A.G.E .1.$.... >[070] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[080] 00 54 00 41 00 47 00 45 00 31 00 00 00 D5 94 10 .T.A.G.E .1...... >[090] 04 02 7C A3 23 00 00 FF 01 07 40 ..|.#... ..@ >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] 5B FF C6 EB A9 0F AD BC [....... >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(16,226) >write_socket(16,226) wrote 226 >cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0D 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 2E 71 C4 D0 93 76 C7 ........ ..q...v. >[020] 59 FF 01 07 40 00 00 00 00 Y...@... . >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] BD 67 D9 68 1F A0 FB C8 .g.h.... >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0D 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 2E 71 C4 D0 93 76 C7 ........ ..q...v. >[020] 59 FF 01 07 40 00 00 00 00 Y...@... . >cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >rpc_check_hdr: rdata->data_size = 40 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 40 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_auth_2 > 000018 smb_io_chal > 0018 data: 2e 71 c4 d0 93 76 c7 59 > 000020 net_io_neg_flags > 0020 neg_flags: 400701ff > 0024 status: NT_STATUS_OK >cred_create > sess_key : 75A1A3CD4C7E8D2A > stor_cred: 439CDFC588A60477 > timestamp: 0 > timecred : 439CDFC588A60477 > calc_cred: 2E71C4D09376C759 >cred_assert > challenge : 2E71C4D09376C759 > calculated: 2E71C4D09376C759 >credentials check ok >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] 5A 27 2E 39 D7 A4 98 75 Z'.9...u >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 2560 (0xA00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] E7 B6 D3 FE 0C 11 CA 67 .......g >Bind RPC Pipe[800a]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr_auth hdr_auth > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_neg netsec_neg > 0008 type1: 00000000 > 000c type2: 00000003 >[000] 41 44 AD >[000] 53 54 41 47 45 31 STAGE1 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0062 > 000a auth_len : 0012 > 000c call_id : 0000000e >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:800a >size=180 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 98 (0x62) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 98 (0x62) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32778 (0x800A) >smb_bcc=113 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 62 00 12 00 0E 00 00 00 B8 .......b ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 41 44 00 53 54 41 47 45 31 .......A D.STAGE1 >[070] 00 . >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] BE DC AA 37 7A 71 6F 5F ...7zqo_ >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(16,184) >write_socket(16,184) wrote 184 >cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 0E 00 00 ........ .X...... >[010] 00 B8 10 B8 10 1C 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 50 0D 01 00 00 00 00 00 00 \lsass.P ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 ED 50 0D .......P . >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] 1F 25 53 E2 8E 0D 59 72 .%S...Yr >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 0E 00 00 ........ .X...... >[010] 00 B8 10 B8 10 1C 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 50 0D 01 00 00 00 00 00 00 \lsass.P ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 ED 50 0D .......P . >cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >rpc_check_hdr: rdata->data_size = 88 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 0000000e >rpc_api_pipe: len left: 0 smbtrans read: 88 >rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0006281c > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >000000 ds_io_q_enum_domain_trusts > 0000 server_ptr: 00000001 > 000004 smb_io_unistr2 server > 0004 uni_max_len: 0000000b > 0008 offset : 00000000 > 000c uni_str_len: 0000000b > 0010 buffer : W.E.P.-.A.D.-.D.C.1... > 0028 flags: 00000003 >000030 smb_io_rpc_hdr_auth hdr_auth > 0030 auth_type : 44 > 0031 auth_level : 05 > 0032 padding : 04 > 0033 reserved : 00 > 0034 auth_context : 00000001 >SCHANNEL seq_num=0 >SCHANNEL: netsec_encode seq_num=0 data_len=48 >000038 smb_io_rpc_auth_netsec_chk > 0038 sig : 77 00 ff ff ff ff 00 00 > 0040 seq_num: fa 6c 30 43 eb 9f 1a 3a > 0048 packet_digest: 55 30 dc 71 e5 c8 c9 74 > 0050 confounder: 34 51 3d 9c f6 8b d7 83 >create_rpc_request: opnum: 0x28 data_len: 0x70 >create_rpc_request: data_len: 70 auth_len: 20 alloc_hint: 38 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0070 > 000a auth_len : 0020 > 000c call_id : 0000000f >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000038 > 0014 context_id: 0000 > 0016 opnum : 0028 >rpc_api_pipe: fnum:800a >size=194 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 112 (0x70) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 112 (0x70) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32778 (0x800A) >smb_bcc=127 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 70 00 20 00 0F 00 00 00 38 .......p . .....8 >[020] 00 00 00 00 00 28 00 01 00 00 00 0B 00 00 00 00 .....(.. ........ >[030] 00 00 00 0B 00 00 00 57 00 45 00 50 00 2D 00 41 .......W .E.P.-.A >[040] 00 44 00 2D 00 44 00 43 00 31 00 00 00 00 00 03 .D.-.D.C .1...... >[050] 00 00 00 00 00 00 00 44 05 04 00 01 00 00 00 77 .......D .......w >[060] 00 FF FF FF FF 00 00 FA 6C 30 43 EB 9F 1A 3A 55 ........ l0C...:U >[070] 30 DC 71 E5 C8 C9 74 34 51 3D 9C F6 8B D7 83 0.q...t4 Q=..... >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] 67 7B A9 07 4F 45 AC 8E g{..OE.. >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(16,198) >write_socket(16,198) wrote 198 >cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >got smb length of 808 >size=808 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 752 (0x2F0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 752 (0x2F0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=753 >[000] 00 05 00 02 03 10 00 00 00 F0 02 20 00 0F 00 00 ........ ... .... >[010] 00 B0 02 00 00 00 00 00 00 05 00 00 00 F8 EB 50 ........ .......P >[020] 0D 05 00 00 00 EC EC 50 0D F6 EC 50 0D 23 00 00 .......P ...P.#.. >[030] 00 04 00 00 00 02 00 00 00 00 00 00 00 D4 EC 50 ........ .......P >[040] 0D A8 5E CE 45 03 5E AD 49 AF 23 14 EA 4F 11 43 ..^.E.^. I.#..O.C >[050] 13 38 ED 50 0D 3E ED 50 0D 23 00 00 00 04 00 00 .8.P.>.P .#...... >[060] 00 02 00 00 00 00 00 00 00 20 ED 50 0D 22 E9 0F ........ . .P.".. >[070] C8 AA 15 50 4F 9B 3F 3D 75 43 90 CD 94 7C ED 50 ...PO.?= uC...|.P >[080] 0D 82 ED 50 0D 23 00 00 00 04 00 00 00 02 00 00 ...P.#.. ........ >[090] 00 00 00 00 00 64 ED 50 0D 4D B9 58 7C 17 8E 5A .....d.P .M.X|..Z >[0A0] 48 8C 2A 72 87 47 25 FD 4D C0 ED 50 0D 00 00 00 H.*r.G%. M..P.... >[0B0] 00 22 00 00 00 00 00 00 00 01 00 00 00 04 00 00 ."...... ........ >[0C0] 01 A8 ED 50 0D 00 00 00 00 00 00 00 00 00 00 00 ...P.... ........ >[0D0] 00 00 00 00 00 E4 ED 50 0D EA ED 50 0D 1D 00 00 .......P ...P.... >[0E0] 00 00 00 00 00 02 00 00 00 00 00 00 00 CC ED 50 ........ .......P >[0F0] 0D CE FA 73 7F 7A 2E 02 4B 8E B7 1D 41 DF 58 72 ...s.z.. K...A.Xr >[100] 1E 05 00 00 00 00 00 00 00 05 00 00 00 45 00 4D ........ .....E.M >[110] 00 45 00 41 00 00 00 00 00 15 00 00 00 00 00 00 .E.A.... ........ >[120] 00 15 00 00 00 65 00 6D 00 65 00 61 00 2E 00 61 .....e.m .e.a...a >[130] 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 00 63 .d...c.o .l.o.r.c >[140] 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.n...c .o.m.... >[150] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[160] 00 A8 37 D6 65 43 17 0A 32 28 B3 A1 2E 03 00 00 ..7.eC.. 2(...... >[170] 00 00 00 00 00 03 00 00 00 41 00 50 00 00 00 00 ........ .A.P.... >[180] 00 13 00 00 00 00 00 00 00 13 00 00 00 61 00 70 ........ .....a.p >[190] 00 2E 00 61 00 64 00 2E 00 63 00 6F 00 6C 00 6F ...a.d.. .c.o.l.o >[1A0] 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F 00 6D .r.c.o.n ...c.o.m >[1B0] 00 00 00 00 00 04 00 00 00 01 04 00 00 00 00 00 ........ ........ >[1C0] 05 15 00 00 00 CD 7C 41 66 F5 36 45 49 43 17 0A ......|A f.6EIC.. >[1D0] 32 03 00 00 00 00 00 00 00 03 00 00 00 4E 00 41 2....... .....N.A >[1E0] 00 00 00 00 00 13 00 00 00 00 00 00 00 13 00 00 ........ ........ >[1F0] 00 6E 00 61 00 2E 00 61 00 64 00 2E 00 63 00 6F .n.a...a .d...c.o >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] 99 73 CC 8D 27 BA 4F 72 .s..'.Or >size=808 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 752 (0x2F0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 752 (0x2F0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=753 >[000] 00 05 00 02 03 10 00 00 00 F0 02 20 00 0F 00 00 ........ ... .... >[010] 00 B0 02 00 00 00 00 00 00 05 00 00 00 F8 EB 50 ........ .......P >[020] 0D 05 00 00 00 EC EC 50 0D F6 EC 50 0D 23 00 00 .......P ...P.#.. >[030] 00 04 00 00 00 02 00 00 00 00 00 00 00 D4 EC 50 ........ .......P >[040] 0D A8 5E CE 45 03 5E AD 49 AF 23 14 EA 4F 11 43 ..^.E.^. I.#..O.C >[050] 13 38 ED 50 0D 3E ED 50 0D 23 00 00 00 04 00 00 .8.P.>.P .#...... >[060] 00 02 00 00 00 00 00 00 00 20 ED 50 0D 22 E9 0F ........ . .P.".. >[070] C8 AA 15 50 4F 9B 3F 3D 75 43 90 CD 94 7C ED 50 ...PO.?= uC...|.P >[080] 0D 82 ED 50 0D 23 00 00 00 04 00 00 00 02 00 00 ...P.#.. ........ >[090] 00 00 00 00 00 64 ED 50 0D 4D B9 58 7C 17 8E 5A .....d.P .M.X|..Z >[0A0] 48 8C 2A 72 87 47 25 FD 4D C0 ED 50 0D 00 00 00 H.*r.G%. M..P.... >[0B0] 00 22 00 00 00 00 00 00 00 01 00 00 00 04 00 00 ."...... ........ >[0C0] 01 A8 ED 50 0D 00 00 00 00 00 00 00 00 00 00 00 ...P.... ........ >[0D0] 00 00 00 00 00 E4 ED 50 0D EA ED 50 0D 1D 00 00 .......P ...P.... >[0E0] 00 00 00 00 00 02 00 00 00 00 00 00 00 CC ED 50 ........ .......P >[0F0] 0D CE FA 73 7F 7A 2E 02 4B 8E B7 1D 41 DF 58 72 ...s.z.. K...A.Xr >[100] 1E 05 00 00 00 00 00 00 00 05 00 00 00 45 00 4D ........ .....E.M >[110] 00 45 00 41 00 00 00 00 00 15 00 00 00 00 00 00 .E.A.... ........ >[120] 00 15 00 00 00 65 00 6D 00 65 00 61 00 2E 00 61 .....e.m .e.a...a >[130] 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 00 63 .d...c.o .l.o.r.c >[140] 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.n...c .o.m.... >[150] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[160] 00 A8 37 D6 65 43 17 0A 32 28 B3 A1 2E 03 00 00 ..7.eC.. 2(...... >[170] 00 00 00 00 00 03 00 00 00 41 00 50 00 00 00 00 ........ .A.P.... >[180] 00 13 00 00 00 00 00 00 00 13 00 00 00 61 00 70 ........ .....a.p >[190] 00 2E 00 61 00 64 00 2E 00 63 00 6F 00 6C 00 6F ...a.d.. .c.o.l.o >[1A0] 00 72 00 63 00 6F 00 6E 00 2E 00 63 00 6F 00 6D .r.c.o.n ...c.o.m >[1B0] 00 00 00 00 00 04 00 00 00 01 04 00 00 00 00 00 ........ ........ >[1C0] 05 15 00 00 00 CD 7C 41 66 F5 36 45 49 43 17 0A ......|A f.6EIC.. >[1D0] 32 03 00 00 00 00 00 00 00 03 00 00 00 4E 00 41 2....... .....N.A >[1E0] 00 00 00 00 00 13 00 00 00 00 00 00 00 13 00 00 ........ ........ >[1F0] 00 6E 00 61 00 2E 00 61 00 64 00 2E 00 63 00 6F .n.a...a .d...c.o >cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >rpc_check_hdr: rdata->data_size = 752 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 02f0 > 000a auth_len : 0020 > 000c call_id : 0000000f >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000002b0 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 752 >rpc_auth_pipe: pkt_type: 2 len: 752 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 ff ff ff ff 00 00 > 0010 seq_num: a6 d9 9e 2a a7 87 f7 bb > 0018 packet_digest: 3b 0e 8f bf 80 87 fb 20 > 0020 confounder: 00 00 00 00 00 00 00 00 >SCHANNEL: netsec_encode seq_num=1 data_len=688 >SCHANNEL: netsec_decode seq_num=1 data_len=688 >rpc_api_pipe: fragment first and last both set >000018 ds_io_r_enum_domain_trusts > 0018 num_domains: 00000005 > 00001c ds_io_dom_trusts_ctr domains > 001c ptr: 0d50ebf8 > 0020 max_count: 00000005 > 000024 ds_io_dom_trusts_ctr domain_trusts > 0024 netbios_ptr: 0d50ecec > 0028 dns_ptr: 0d50ecf6 > 002c flags: 00000023 > 0030 parent_index: 00000004 > 0034 trust_type: 00000002 > 0038 trust_attributes: 00000000 > 003c sid_ptr: 0d50ecd4 > 000040 smb_io_uuid guid > 0040 data : 45ce5ea8 > 0044 data : 5e03 > 0046 data : 49ad > 0048 data : af 23 > 004a data : 14 ea 4f 11 43 13 > 000050 ds_io_dom_trusts_ctr domain_trusts > 0050 netbios_ptr: 0d50ed38 > 0054 dns_ptr: 0d50ed3e > 0058 flags: 00000023 > 005c parent_index: 00000004 > 0060 trust_type: 00000002 > 0064 trust_attributes: 00000000 > 0068 sid_ptr: 0d50ed20 > 00006c smb_io_uuid guid > 006c data : c80fe922 > 0070 data : 15aa > 0072 data : 4f50 > 0074 data : 9b 3f > 0076 data : 3d 75 43 90 cd 94 > 00007c ds_io_dom_trusts_ctr domain_trusts > 007c netbios_ptr: 0d50ed7c > 0080 dns_ptr: 0d50ed82 > 0084 flags: 00000023 > 0088 parent_index: 00000004 > 008c trust_type: 00000002 > 0090 trust_attributes: 00000000 > 0094 sid_ptr: 0d50ed64 > 000098 smb_io_uuid guid > 0098 data : 7c58b94d > 009c data : 8e17 > 009e data : 485a > 00a0 data : 8c 2a > 00a2 data : 72 87 47 25 fd 4d > 0000a8 ds_io_dom_trusts_ctr domain_trusts > 00a8 netbios_ptr: 0d50edc0 > 00ac dns_ptr: 00000000 > 00b0 flags: 00000022 > 00b4 parent_index: 00000000 > 00b8 trust_type: 00000001 > 00bc trust_attributes: 01000004 > 00c0 sid_ptr: 0d50eda8 > 0000c4 smb_io_uuid guid > 00c4 data : 00000000 > 00c8 data : 0000 > 00ca data : 0000 > 00cc data : 00 00 > 00ce data : 00 00 00 00 00 00 > 0000d4 ds_io_dom_trusts_ctr domain_trusts > 00d4 netbios_ptr: 0d50ede4 > 00d8 dns_ptr: 0d50edea > 00dc flags: 0000001d > 00e0 parent_index: 00000000 > 00e4 trust_type: 00000002 > 00e8 trust_attributes: 00000000 > 00ec sid_ptr: 0d50edcc > 0000f0 smb_io_uuid guid > 00f0 data : 7f73face > 00f4 data : 2e7a > 00f6 data : 4b02 > 00f8 data : 8e b7 > 00fa data : 1d 41 df 58 72 1e > 000100 smb_io_unistr2 netbios_domain > 0100 uni_max_len: 00000005 > 0104 offset : 00000000 > 0108 uni_str_len: 00000005 > 010c buffer : E.M.E.A... > 000118 smb_io_unistr2 dns_domain > 0118 uni_max_len: 00000015 > 011c offset : 00000000 > 0120 uni_str_len: 00000015 > 0124 buffer : e.m.e.a...a.d...c.o.l.o.r.c.o.n...c.o.m... > 000150 smb_io_dom_sid2 sid > 0150 num_auths: 00000004 > 000154 smb_io_dom_sid sid > 0154 sid_rev_num: 01 > 0155 num_auths : 04 > 0156 id_auth[0] : 00 > 0157 id_auth[1] : 00 > 0158 id_auth[2] : 00 > 0159 id_auth[3] : 00 > 015a id_auth[4] : 00 > 015b id_auth[5] : 05 > 015c sub_auths : 00000015 65d637a8 320a1743 2ea1b328 > 00016c smb_io_unistr2 netbios_domain > 016c uni_max_len: 00000003 > 0170 offset : 00000000 > 0174 uni_str_len: 00000003 > 0178 buffer : A.P... > 000180 smb_io_unistr2 dns_domain > 0180 uni_max_len: 00000013 > 0184 offset : 00000000 > 0188 uni_str_len: 00000013 > 018c buffer : a.p...a.d...c.o.l.o.r.c.o.n...c.o.m... > 0001b4 smb_io_dom_sid2 sid > 01b4 num_auths: 00000004 > 0001b8 smb_io_dom_sid sid > 01b8 sid_rev_num: 01 > 01b9 num_auths : 04 > 01ba id_auth[0] : 00 > 01bb id_auth[1] : 00 > 01bc id_auth[2] : 00 > 01bd id_auth[3] : 00 > 01be id_auth[4] : 00 > 01bf id_auth[5] : 05 > 01c0 sub_auths : 00000015 66417ccd 494536f5 320a1743 > 0001d0 smb_io_unistr2 netbios_domain > 01d0 uni_max_len: 00000003 > 01d4 offset : 00000000 > 01d8 uni_str_len: 00000003 > 01dc buffer : N.A... > 0001e4 smb_io_unistr2 dns_domain > 01e4 uni_max_len: 00000013 > 01e8 offset : 00000000 > 01ec uni_str_len: 00000013 > 01f0 buffer : n.a...a.d...c.o.l.o.r.c.o.n...c.o.m... > 000218 smb_io_dom_sid2 sid > 0218 num_auths: 00000004 > 00021c smb_io_dom_sid sid > 021c sid_rev_num: 01 > 021d num_auths : 04 > 021e id_auth[0] : 00 > 021f id_auth[1] : 00 > 0220 id_auth[2] : 00 > 0221 id_auth[3] : 00 > 0222 id_auth[4] : 00 > 0223 id_auth[5] : 05 > 0224 sub_auths : 00000015 74d97781 773ce092 6b635f23 > 000234 smb_io_unistr2 netbios_domain > 0234 uni_max_len: 00000005 > 0238 offset : 00000000 > 023c uni_str_len: 00000005 > 0240 buffer : C.C.U.S... > 00024c smb_io_unistr2 - NULL dns_domain > 00024c smb_io_dom_sid2 sid > 024c num_auths: 00000004 > 000250 smb_io_dom_sid sid > 0250 sid_rev_num: 01 > 0251 num_auths : 04 > 0252 id_auth[0] : 00 > 0253 id_auth[1] : 00 > 0254 id_auth[2] : 00 > 0255 id_auth[3] : 00 > 0256 id_auth[4] : 00 > 0257 id_auth[5] : 05 > 0258 sub_auths : 00000015 21280f89 21c44c28 5baa187b > 000268 smb_io_unistr2 netbios_domain > 0268 uni_max_len: 00000003 > 026c offset : 00000000 > 0270 uni_str_len: 00000003 > 0274 buffer : A.D... > 00027c smb_io_unistr2 dns_domain > 027c uni_max_len: 00000010 > 0280 offset : 00000000 > 0284 uni_str_len: 00000010 > 0288 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m... > 0002a8 smb_io_dom_sid2 sid > 02a8 num_auths: 00000004 > 0002ac smb_io_dom_sid sid > 02ac sid_rev_num: 01 > 02ad num_auths : 04 > 02ae id_auth[0] : 00 > 02af id_auth[1] : 00 > 02b0 id_auth[2] : 00 > 02b1 id_auth[3] : 00 > 02b2 id_auth[4] : 00 > 02b3 id_auth[5] : 05 > 02b4 sub_auths : 00000015 404237fd 2188754f 320a1743 > 02c4 status: NT_STATUS_OK >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] 20 A3 DF 17 B5 D7 CF 1C ....... >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=11 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 19 mid = 11 >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] 2E 58 A1 AD AC 58 7D 81 .X...X}. >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 52 00 CB A8 A4 A6 48 88 R.....H. >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 12 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] 88 7A 1C B9 A3 DB 1A 69 .z.....i >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] A2 4E AE 4A 1C 15 5B 27 .N.J..[' >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(16,39) >write_socket(16,39) wrote 39 >got smb length of 35 >size=35 >smb_com=0x71 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=14342 >smb_pid=2230 >smb_uid=26627 >smb_mid=13 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] B5 94 D5 86 37 19 F9 02 ....7... >Found domain EMEA >trustdom_store: storing SID S-1-5-21-1708537768-839522115-782349096 of domain EMEA >Adding cache entry with key = TDOM/EMEA.AD.COLORCON.COM; value = S-1-5-21-1708537768-839522115-782349096 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Adding cache entry with key = TDOM/EMEA; value = S-1-5-21-1708537768-839522115-782349096 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Found domain AP >trustdom_store: storing SID S-1-5-21-1715567821-1229272821-839522115 of domain AP >Adding cache entry with key = TDOM/AP.AD.COLORCON.COM; value = S-1-5-21-1715567821-1229272821-839522115 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Adding cache entry with key = TDOM/AP; value = S-1-5-21-1715567821-1229272821-839522115 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Found domain NA >trustdom_store: storing SID S-1-5-21-1960408961-2000478354-1801674531 of domain NA >Adding cache entry with key = TDOM/NA.AD.COLORCON.COM; value = S-1-5-21-1960408961-2000478354-1801674531 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Adding cache entry with key = TDOM/NA; value = S-1-5-21-1960408961-2000478354-1801674531 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Found domain CCUS >trustdom_store: storing SID S-1-5-21-556273545-566512680-1537874043 of domain CCUS >Adding cache entry with key = TDOM/CCUS; value = S-1-5-21-556273545-566512680-1537874043 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Found domain AD >trustdom_store: storing SID S-1-5-21-1078081533-562591055-839522115 of domain AD >Adding cache entry with key = TDOM/AD.COLORCON.COM; value = S-1-5-21-1078081533-562591055-839522115 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >Adding cache entry with key = TDOM/AD; value = S-1-5-21-1078081533-562591055-839522115 and timeout = Tue May 18 10:53:41 2004 > (299 seconds ahead) >open_winbindd_socket: opened socket fd 16 >open_winbindd_priv_socket: opened socket fd 18 >accepted socket 19 >client_read: read 1824 bytes. Need 0 more for a full request. >process_request: request fn INTERFACE_VERSION >[ 2231]: request interface version >client_write: wrote 1300 bytes. >client_read: read 1824 bytes. Need 0 more for a full request. >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 2231]: request location of privileged pipe >client_write: wrote 1300 bytes. >client_write: need to write 37 extra data bytes. >client_write: wrote 37 bytes. >client_write: client_write: complete response written. >accepted socket 20 >client_read: read 0 bytes. Need 1824 more for a full request. >read failed on sock 19, pid 2231: EOF >client_read: read 1824 bytes. Need 0 more for a full request. >process_request: request fn INFO >[ 2231]: request misc info >client_write: wrote 1300 bytes. >client_read: read 1824 bytes. Need 0 more for a full request. >process_request: request fn LOOKUPNAME >[ 2231]: lookupname AD\Universal-ACL-InternetAccess >name_to_sid: [Cached] - doing backend query for name for domain AD >rpc: name_to_sid name=Universal-ACL-InternetAccess >name_to_sid [rpc] Universal-ACL-InternetAccess for domain AD >ads_dc_name: domain=AD >ads_find_dc: looking for realm 'AD.COLORCON.COM' >get_sorted_dc_list: attempting lookup using [ads] >internal_resolve_name: looking up AD.COLORCON.COM#1c >Returning valid cache entry: key = NBT/AD.COLORCON.COM#1C, value = 10.64.2.61:389,10.64.2.62:389,10.32.2.61:389, timeout = Tue May 18 10:49:24 2004 > >name AD.COLORCON.COM#1C found. >Adding 3 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 3 ip addresses in an unordered list >get_dc_list: 10.64.2.61:389 10.64.2.62:389 10.32.2.61:389 >ads_try_connect: trying ldap server '10.32.2.61' port 389 >Connected to LDAP server 10.32.2.61 >got ldap server name wep-ad-dc1@AD.COLORCON.COM, using bind path: dc=AD,dc=COLORCON,dc=COM >time offset is 173 seconds >ads_dc_name: using server='WEP-AD-DC1' IP=10.32.2.61 >IPC$ connections done anonymously >secrets_named_mutex: got mutex for WEP-AD-DC1 >Connecting to host=WEP-AD-DC1 >Connecting to 10.32.2.61 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >write_socket(19,183) >write_socket(19,183) wrote 183 >got smb length of 184 >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]= 2688 (0xA80) >smb_vwv[12]=38283 (0x958B) >smb_vwv[13]=59295 (0xE79F) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]= 2688 (0xA80) >smb_vwv[12]=38283 (0x958B) >smb_vwv[13]=59295 (0xE79F) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >connecting to WEP-AD-DC1 from STAGE1 with kerberos principal [STAGE1$@AD.COLORCON.COM] >Doing spnego session setup (blob length=115) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=wep-ad-dc1$@AD.COLORCON.COM >Doing kerberos session setup >Advancing clock by 173 seconds to cope with clock skew >Ticket in ccache[MEMORY:cliconnect] expiration Tue, 18 May 2004 20:48:45 GMT >Ticket (wep-ad-dc1$@AD.COLORCON.COM) in ccache (MEMORY:cliconnect) is valid until: (Tue, 18 May 2004 20:48:45 GMT - 1084927725) >Got KRB5 session key of length 8 >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 01 F4 29 46 85 10 F1 34 ..)F...4 >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] D8 96 B9 25 14 8A D5 8E ...%.... >store_sequence_for_reply: stored seq = 1 mid = 2 >write_socket(19,1220) >write_socket(19,1220) wrote 1220 >got smb length of 143 >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=8193 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] B9 BE 86 49 C7 DC 3C B8 ...I..<. >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=8193 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 78 3C 85 1C 1A F0 B9 1A x<...... >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(19,88) >write_socket(19,88) wrote 88 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 59 3F 41 C2 57 00 B7 2A Y?A.W..* >cli_init_creds: user domain >secrets_named_mutex: released mutex for WEP-AD-DC1 >Using cleartext machine password >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 8D 1B EC A0 81 59 AB EB .....Y.. >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(19,108) >write_socket(19,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 256 (0x100) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] 8B 1A 58 61 55 4D C8 85 ..XaUM.. >Bind RPC Pipe[1]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000010 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:1 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 1 (0x1) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 10 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] 9B 2A A8 65 20 4A 59 DE .*.e JY. >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(19,158) >write_socket(19,158) wrote 158 >cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 10 00 00 ........ .D...... >[010] 00 B8 10 B8 10 1D 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] B1 FB 96 7F E7 0F 6B FD ......k. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 10 00 00 ........ .D...... >[010] 00 B8 10 B8 10 1D 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000010 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0006281d > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >cli_net_req_chal: LSA Request Challenge from STAGE1 to WEP-AD-DC1: E3F2B620DF77D82B >init_q_req_chal: 621 >init_q_req_chal: 630 >000000 net_io_q_req_chal > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 > 002c uni_max_len: 00000007 > 0030 offset : 00000000 > 0034 uni_str_len: 00000007 > 0038 buffer : S.T.A.G.E.1... > 000046 smb_io_chal > 0046 data: e3 f2 b6 20 df 77 d8 2b >create_rpc_request: opnum: 0x4 data_len: 0x66 >create_rpc_request: data_len: 66 auth_len: 0 alloc_hint: 56 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0066 > 000a auth_len : 0000 > 000c call_id : 00000011 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000056 > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: fnum:1 >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 102 (0x66) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 102 (0x66) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 1 (0x1) >smb_bcc=117 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 66 00 00 00 11 00 00 00 56 .......f .......V >[020] 00 00 00 00 00 04 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 00 00 E3 F2 B6 .T.A.G.E .1...... >[070] 20 DF 77 D8 2B .w.+ >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] 30 61 97 E9 6C B0 EA E2 0a..l... >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(19,188) >write_socket(19,188) wrote 188 >cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 A0 7F C6 1A 97 F9 94 ........ ........ >[020] 37 00 00 00 00 7.... >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] 46 77 CA DC CD D2 BA 34 Fw.....4 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 A0 7F C6 1A 97 F9 94 ........ ........ >[020] 37 00 00 00 00 7.... >cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >rpc_check_hdr: rdata->data_size = 36 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000011 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 36 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_req_chal > 000018 smb_io_chal > 0018 data: a0 7f c6 1a 97 f9 94 37 > 0020 status: NT_STATUS_OK >cred_session_key > clnt_chal: E3F2B620DF77D82B > srv_chal : A07FC61A97F99437 > clnt+srv : 83727D3B76716D63 > sess_key : 835B30074B51F3C7 >cred_create > sess_key : 835B30074B51F3C7 > stor_cred: E3F2B620DF77D82B > timestamp: 0 > timecred : E3F2B620DF77D82B > calc_cred: D04800381E9ED5FB >cli_net_auth2: srv:\\WEP-AD-DC1 acct:STAGE1$ sc:2 mc: STAGE1 chal D04800381E9ED5FB neg: 400701ff >init_q_auth_2: 742 >make_log_info 1336 >init_q_auth_2: 748 >000000 net_io_q_auth_2 > 000000 smb_io_log_info > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 unistr2 > 002c uni_max_len: 00000008 > 0030 offset : 00000000 > 0034 uni_str_len: 00000008 > 0038 buffer : S.T.A.G.E.1.$... > 0048 sec_chan: 0002 > 00004a smb_io_unistr2 unistr2 > 004c uni_max_len: 00000007 > 0050 offset : 00000000 > 0054 uni_str_len: 00000007 > 0058 buffer : S.T.A.G.E.1... > 000066 smb_io_chal > 0066 data: d0 48 00 38 1e 9e d5 fb > 00006e net_io_neg_flags > 0070 neg_flags: 400701ff >create_rpc_request: opnum: 0xf data_len: 0x8c >create_rpc_request: data_len: 8c auth_len: 0 alloc_hint: 7c >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 008c > 000a auth_len : 0000 > 000c call_id : 00000012 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000007c > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: fnum:1 >size=222 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=7 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 140 (0x8C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 140 (0x8C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 1 (0x1) >smb_bcc=155 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 8C 00 00 00 12 00 00 00 7C ........ .......| >[020] 00 00 00 00 00 0F 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 24 00 00 00 02 .T.A.G.E .1.$.... >[070] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[080] 00 54 00 41 00 47 00 45 00 31 00 00 00 D0 48 00 .T.A.G.E .1....H. >[090] 38 1E 9E D5 FB 00 00 FF 01 07 40 8....... ..@ >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] 19 B5 E1 14 07 42 88 88 .....B.. >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(19,226) >write_socket(19,226) wrote 226 >cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 24 4B 57 77 78 F9 BD ........ .$KWwx.. >[020] C5 FF 01 07 40 00 00 00 00 ....@... . >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] 7A B8 58 00 18 AD 3E 4D z.X...>M >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 24 4B 57 77 78 F9 BD ........ .$KWwx.. >[020] C5 FF 01 07 40 00 00 00 00 ....@... . >cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >rpc_check_hdr: rdata->data_size = 40 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000012 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 40 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_auth_2 > 000018 smb_io_chal > 0018 data: 24 4b 57 77 78 f9 bd c5 > 000020 net_io_neg_flags > 0020 neg_flags: 400701ff > 0024 status: NT_STATUS_OK >cred_create > sess_key : 835B30074B51F3C7 > stor_cred: A07FC61A97F99437 > timestamp: 0 > timecred : A07FC61A97F99437 > calc_cred: 244B577778F9BDC5 >cred_assert > challenge : 244B577778F9BDC5 > calculated: 244B577778F9BDC5 >credentials check ok >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] B3 EF DD F8 43 1D DC 5D ....C..] >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(19,104) >write_socket(19,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1536 (0x600) >smb_vwv[ 3]= 256 (0x100) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] 92 4D 02 DB DF 55 8B EB .M...U.. >Bind RPC Pipe[6]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr_auth hdr_auth > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_neg netsec_neg > 0008 type1: 00000000 > 000c type2: 00000003 >[000] 41 44 AD >[000] 53 54 41 47 45 31 STAGE1 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0062 > 000a auth_len : 0012 > 000c call_id : 00000013 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:6 >size=180 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 98 (0x62) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 98 (0x62) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 6 (0x6) >smb_bcc=113 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 62 00 12 00 13 00 00 00 B8 .......b ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 41 44 00 53 54 41 47 45 31 .......A D.STAGE1 >[070] 00 . >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] A7 8F B0 AC AE EF 93 C0 ........ >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(19,184) >write_socket(19,184) wrote 184 >cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 13 00 00 ........ .X...... >[010] 00 B8 10 B8 10 1E 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 50 0D 01 00 00 00 00 00 00 \lsass.P ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 ED 50 0D .......P . >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] C3 AB CB 41 50 F2 1C AB ...AP... >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 13 00 00 ........ .X...... >[010] 00 B8 10 B8 10 1E 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 50 0D 01 00 00 00 00 00 00 \lsass.P ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 ED 50 0D .......P . >cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >rpc_check_hdr: rdata->data_size = 88 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000013 >rpc_api_pipe: len left: 0 smbtrans read: 88 >rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0006281e > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >init_open_pol: attr:0 da:33554432 >init_lsa_obj_attr >000000 lsa_io_q_open_pol > 0000 ptr : 00000001 > 0004 system_name: 005c > 000008 lsa_io_obj_attr > 0008 len : 00000018 > 000c ptr_root_dir: 00000000 > 0010 ptr_obj_name: 00000000 > 0014 attributes : 00000000 > 0018 ptr_sec_desc: 00000000 > 001c ptr_sec_qos : 00000000 > 0020 des_access: 02000000 >000028 smb_io_rpc_hdr_auth hdr_auth > 0028 auth_type : 44 > 0029 auth_level : 05 > 002a padding : 04 > 002b reserved : 00 > 002c auth_context : 00000001 >SCHANNEL seq_num=0 >SCHANNEL: netsec_encode seq_num=0 data_len=40 >000030 smb_io_rpc_auth_netsec_chk > 0030 sig : 77 00 ff ff ff ff 00 00 > 0038 seq_num: e5 53 af 31 ee d8 d3 fb > 0040 packet_digest: d6 45 e7 84 72 7e f7 a1 > 0048 confounder: ad 86 05 21 04 2c a9 8f >create_rpc_request: opnum: 0x6 data_len: 0x68 >create_rpc_request: data_len: 68 auth_len: 20 alloc_hint: 30 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0020 > 000c call_id : 00000014 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000030 > 0014 context_id: 0000 > 0016 opnum : 0006 >rpc_api_pipe: fnum:6 >size=186 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 104 (0x68) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 6 (0x6) >smb_bcc=119 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 68 00 20 00 14 00 00 00 30 .......h . .....0 >[020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... >[030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 44 ........ .......D >[050] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 E5 .......w ........ >[060] 53 AF 31 EE D8 D3 FB D6 45 E7 84 72 7E F7 A1 AD S.1..... E..r~... >[070] 86 05 21 04 2C A9 8F ..!.,.. >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] C2 71 82 FB AD DB 28 20 .q....( >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(19,190) >write_socket(19,190) wrote 190 >cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >got smb length of 152 >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 14 00 00 ........ .`. .... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CC F0 66 ........ .......f >[020] 31 CC 96 4A 41 AD 09 96 4B DA FC 4E 4D 00 00 00 1..JA... K..NM... >[030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..... .D...... >[040] 00 77 00 FF FF FF FF 00 00 E4 04 6D 53 AB 0A 08 .w...... ...mS... >[050] 75 94 89 DE 76 42 7D A0 6C 00 00 00 00 00 00 00 u...vB}. l....... >[060] 00 . >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] A4 32 68 EB BE A9 92 BC .2h..... >size=152 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 96 (0x60) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 96 (0x60) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=97 >[000] 00 05 00 02 03 10 00 00 00 60 00 20 00 14 00 00 ........ .`. .... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CC F0 66 ........ .......f >[020] 31 CC 96 4A 41 AD 09 96 4B DA FC 4E 4D 00 00 00 1..JA... K..NM... >[030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..... .D...... >[040] 00 77 00 FF FF FF FF 00 00 E4 04 6D 53 AB 0A 08 .w...... ...mS... >[050] 75 94 89 DE 76 42 7D A0 6C 00 00 00 00 00 00 00 u...vB}. l....... >[060] 00 . >cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >rpc_check_hdr: rdata->data_size = 96 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0060 > 000a auth_len : 0020 > 000c call_id : 00000014 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 96 >rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 08 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 ff ff ff ff 00 00 > 0010 seq_num: e4 04 6d 53 ab 0a 08 75 > 0018 packet_digest: 94 89 de 76 42 7d a0 6c > 0020 confounder: 00 00 00 00 00 00 00 00 >SCHANNEL: netsec_encode seq_num=1 data_len=32 >SCHANNEL: netsec_decode seq_num=1 data_len=32 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_open_pol > 000018 smb_io_pol_hnd > 0018 data1: 00000000 > 001c data2: 3166f0cc > 0020 data3: 96cc > 0022 data4: 414a > 0024 data5: ad 09 96 4b da fc 4e 4d > 002c status: NT_STATUS_OK >init_q_lookup_names >000000 lsa_io_q_lookup_names > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 3166f0cc > 0008 data3: 96cc > 000a data4: 414a > 000c data5: ad 09 96 4b da fc 4e 4d > 0014 num_entries : 00000001 > 0018 num_entries2 : 00000001 > 00001c smb_io_unihdr hdr_name > 001c uni_str_len: 003e > 001e uni_max_len: 003e > 0020 buffer : 00000001 > 000024 smb_io_unistr2 dom_name > 0024 uni_max_len: 0000001f > 0028 offset : 00000000 > 002c uni_str_len: 0000001f > 0030 buffer : A.D.\.U.n.i.v.e.r.s.a.l.-.A.C.L.-.I.n.t.e.r.n.e.t.A.c.c.e.s.s. > 0070 num_trans_entries : 00000000 > 0074 ptr_trans_sids : 00000000 > 0078 lookup_level : 00000001 > 007c mapped_count : 00000000 >000080 smb_io_rpc_hdr_auth hdr_auth > 0080 auth_type : 44 > 0081 auth_level : 05 > 0082 padding : 00 > 0083 reserved : 00 > 0084 auth_context : 00000001 >SCHANNEL seq_num=2 >SCHANNEL: netsec_encode seq_num=2 data_len=128 >000088 smb_io_rpc_auth_netsec_chk > 0088 sig : 77 00 ff ff ff ff 00 00 > 0090 seq_num: 2a 3c 3b f7 10 a9 0a bc > 0098 packet_digest: d4 65 11 cf ef ad df 88 > 00a0 confounder: 8d 5d e2 3b 2b 27 78 78 >create_rpc_request: opnum: 0xe data_len: 0xc0 >create_rpc_request: data_len: c0 auth_len: 20 alloc_hint: 88 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00c0 > 000a auth_len : 0020 > 000c call_id : 00000015 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000088 > 0014 context_id: 0000 > 0016 opnum : 000e >rpc_api_pipe: fnum:6 >size=274 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 192 (0xC0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 192 (0xC0) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]= 6 (0x6) >smb_bcc=207 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 C0 00 20 00 15 00 00 00 88 ........ . ...... >[020] 00 00 00 00 00 0E 00 00 00 00 00 CC F0 66 31 CC ........ .....f1. >[030] 96 4A 41 AD 09 96 4B DA FC 4E 4D 01 00 00 00 01 .JA...K. .NM..... >[040] 00 00 00 3E 00 3E 00 01 00 00 00 1F 00 00 00 00 ...>.>.. ........ >[050] 00 00 00 1F 00 00 00 41 00 44 00 5C 00 55 00 6E .......A .D.\.U.n >[060] 00 69 00 76 00 65 00 72 00 73 00 61 00 6C 00 2D .i.v.e.r .s.a.l.- >[070] 00 41 00 43 00 4C 00 2D 00 49 00 6E 00 74 00 65 .A.C.L.- .I.n.t.e >[080] 00 72 00 6E 00 65 00 74 00 41 00 63 00 63 00 65 .r.n.e.t .A.c.c.e >[090] 00 73 00 73 00 00 00 00 00 00 00 00 00 00 00 01 .s.s.... ........ >[0A0] 00 00 00 00 00 00 00 44 05 00 00 01 00 00 00 77 .......D .......w >[0B0] 00 FF FF FF FF 00 00 2A 3C 3B F7 10 A9 0A BC D4 .......* <;...... >[0C0] 65 11 CF EF AD DF 88 8D 5D E2 3B 2B 27 78 78 e....... ].;+'xx >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] B1 C0 F9 CC E5 B8 14 76 .......v >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(19,278) >write_socket(19,278) wrote 278 >cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >got smb length of 232 >size=232 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 176 (0xB0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 176 (0xB0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=177 >[000] 00 05 00 02 03 10 00 00 00 B0 00 20 00 15 00 00 ........ ... .... >[010] 00 6C 00 00 00 00 00 00 00 30 EE 4C 0D 01 00 00 .l...... .0.L.... >[020] 00 40 EF 50 0D 20 00 00 00 01 00 00 00 04 00 06 .@.P. .. ........ >[030] 00 A8 01 10 00 60 80 10 00 03 00 00 00 00 00 00 .....`.. ........ >[040] 00 02 00 00 00 41 00 44 00 04 00 00 00 01 04 00 .....A.D ........ >[050] 00 00 00 00 05 15 00 00 00 FD 37 42 40 4F 75 88 ........ ..7B@Ou. >[060] 21 43 17 0A 32 01 00 00 00 A0 EF 4D 0D 01 00 00 !C..2... ...M.... >[070] 00 02 00 6C 00 5B 04 00 00 00 00 00 00 01 00 00 ...l.[.. ........ >[080] 00 00 00 00 00 6D 00 00 00 44 05 04 00 01 00 00 .....m.. .D...... >[090] 00 77 00 FF FF FF FF 00 00 6F 93 92 FA 61 EE 25 .w...... .o...a.% >[0A0] A7 91 82 4B 18 2D 81 B4 A2 00 00 00 00 00 00 00 ...K.-.. ........ >[0B0] 00 . >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] 2C 22 F3 DA B9 D5 9A 9F ,"...... >size=232 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=38916 >smb_pid=2230 >smb_uid=8193 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 176 (0xB0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 176 (0xB0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=177 >[000] 00 05 00 02 03 10 00 00 00 B0 00 20 00 15 00 00 ........ ... .... >[010] 00 6C 00 00 00 00 00 00 00 30 EE 4C 0D 01 00 00 .l...... .0.L.... >[020] 00 40 EF 50 0D 20 00 00 00 01 00 00 00 04 00 06 .@.P. .. ........ >[030] 00 A8 01 10 00 60 80 10 00 03 00 00 00 00 00 00 .....`.. ........ >[040] 00 02 00 00 00 41 00 44 00 04 00 00 00 01 04 00 .....A.D ........ >[050] 00 00 00 00 05 15 00 00 00 FD 37 42 40 4F 75 88 ........ ..7B@Ou. >[060] 21 43 17 0A 32 01 00 00 00 A0 EF 4D 0D 01 00 00 !C..2... ...M.... >[070] 00 02 00 6C 00 5B 04 00 00 00 00 00 00 01 00 00 ...l.[.. ........ >[080] 00 00 00 00 00 6D 00 00 00 44 05 04 00 01 00 00 .....m.. .D...... >[090] 00 77 00 FF FF FF FF 00 00 6F 93 92 FA 61 EE 25 .w...... .o...a.% >[0A0] A7 91 82 4B 18 2D 81 B4 A2 00 00 00 00 00 00 00 ...K.-.. ........ >[0B0] 00 . >cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >rpc_check_hdr: rdata->data_size = 176 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00b0 > 000a auth_len : 0020 > 000c call_id : 00000015 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000006c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 176 >rpc_auth_pipe: pkt_type: 2 len: 176 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 04 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 ff ff ff ff 00 00 > 0010 seq_num: 6f 93 92 fa 61 ee 25 a7 > 0018 packet_digest: 91 82 4b 18 2d 81 b4 a2 > 0020 confounder: 00 00 00 00 00 00 00 00 >SCHANNEL: netsec_encode seq_num=3 data_len=112 >SCHANNEL: netsec_decode seq_num=3 data_len=112 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_lookup_names > 0018 ptr_dom_ref: 0d4cee30 > 00001c lsa_io_dom_r_ref > 001c num_ref_doms_1: 00000001 > 0020 ptr_ref_dom : 0d50ef40 > 0024 max_entries : 00000020 > 0028 num_ref_doms_2: 00000001 > 00002c smb_io_unihdr dom_ref[0] > 002c uni_str_len: 0004 > 002e uni_max_len: 0006 > 0030 buffer : 001001a8 > 0034 sid_ptr[0] : 00108060 > 000038 smb_io_unistr2 dom_ref[0] > 0038 uni_max_len: 00000003 > 003c offset : 00000000 > 0040 uni_str_len: 00000002 > 0044 buffer : A.D. > 000048 smb_io_dom_sid2 sid_ptr[0] > 0048 num_auths: 00000004 > 00004c smb_io_dom_sid sid > 004c sid_rev_num: 01 > 004d num_auths : 04 > 004e id_auth[0] : 00 > 004f id_auth[1] : 00 > 0050 id_auth[2] : 00 > 0051 id_auth[3] : 00 > 0052 id_auth[4] : 00 > 0053 id_auth[5] : 05 > 0054 sub_auths : 00000015 404237fd 2188754f 320a1743 > 0064 num_entries: 00000001 > 0068 ptr_entries: 0d4defa0 > 006c num_entries2: 00000001 > 000070 smb_io_dom_rid2 > 0070 type : 02 > 0074 rid : 0000045b > 0078 rid_idx: 00000000 > 007c mapped_count: 00000001 > 0080 status : NT_STATUS_OK >client_write: wrote 1300 bytes. >client_read: read 1824 bytes. Need 0 more for a full request. >process_request: request fn PAM_AUTH >[ 2231]: pam auth NA\jschmo >is_myname("NA") returns 0 >Using cleartext machine password >ads_dc_name: domain=AD >ads_find_dc: looking for realm 'AD.COLORCON.COM' >get_sorted_dc_list: attempting lookup using [ads] >internal_resolve_name: looking up AD.COLORCON.COM#1c >Returning valid cache entry: key = NBT/AD.COLORCON.COM#1C, value = 10.64.2.61:389,10.64.2.62:389,10.32.2.61:389, timeout = Tue May 18 10:49:24 2004 > >name AD.COLORCON.COM#1C found. >Adding 3 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 3 ip addresses in an unordered list >get_dc_list: 10.64.2.61:389 10.64.2.62:389 10.32.2.61:389 >ads_try_connect: trying ldap server '10.32.2.61' port 389 >Connected to LDAP server 10.32.2.61 >got ldap server name wep-ad-dc1@AD.COLORCON.COM, using bind path: dc=AD,dc=COLORCON,dc=COM >time offset is 174 seconds >ads_dc_name: using server='WEP-AD-DC1' IP=10.32.2.61 >IPC$ connections done anonymously >secrets_named_mutex: got mutex for WEP-AD-DC1 >Connecting to host=WEP-AD-DC1 >Connecting to 10.32.2.61 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >write_socket(21,183) >write_socket(21,183) wrote 183 >got smb length of 184 >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=19072 (0x4A80) >smb_vwv[12]=57814 (0xE1D6) >smb_vwv[13]=59295 (0xE79F) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >size=184 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=19072 (0x4A80) >smb_vwv[12]=57814 (0xE1D6) >smb_vwv[13]=59295 (0xE79F) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=115 >[000] 04 5C D6 7C 02 83 73 4C A5 9B 60 95 8F CE 72 B5 .\.|..sL ..`...r. >[010] 60 61 06 06 2B 06 01 05 05 02 A0 57 30 55 A0 30 `a..+... ...W0U.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 21 30 1F A0 1D 1B 1B 77 65 70 2D 61 64 2D 64 .!0..... wep-ad-d >[060] 63 31 24 40 41 44 2E 43 4F 4C 4F 52 43 4F 4E 2E c1$@AD.C OLORCON. >[070] 43 4F 4D COM >connecting to WEP-AD-DC1 from STAGE1 with kerberos principal [STAGE1$@AD.COLORCON.COM] >Doing spnego session setup (blob length=115) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=wep-ad-dc1$@AD.COLORCON.COM >Doing kerberos session setup >Advancing clock by 173 seconds to cope with clock skew >Ticket in ccache[MEMORY:cliconnect] expiration Tue, 18 May 2004 20:48:45 GMT >Ticket (wep-ad-dc1$@AD.COLORCON.COM) in ccache (MEMORY:cliconnect) is valid until: (Tue, 18 May 2004 20:48:45 GMT - 1084927725) >Got KRB5 session key of length 8 >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 9B B3 37 52 86 AB CE DA ..7R.... >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 00 3B A5 92 3A B0 DB 66 .;..:..f >store_sequence_for_reply: stored seq = 1 mid = 2 >write_socket(21,1220) >write_socket(21,1220) wrote 1220 >got smb length of 143 >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=36865 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] CF A9 85 69 7F F7 34 65 ...i..4e >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=36865 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 04 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 92 AD 51 B9 0E 79 2E 71 ..Q..y.q >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(21,88) >write_socket(21,88) wrote 88 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 38 63 45 8E B9 A9 34 12 8cE...4. >cli_init_creds: user domain >secrets_named_mutex: released mutex for WEP-AD-DC1 >Using cleartext machine password >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 9D 7D EC DF 0A 72 D7 18 .}...r.. >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(21,108) >write_socket(21,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] 84 4D 8B 64 6C 45 C0 3D .M.dlE.= >Bind RPC Pipe[4000]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000016 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:4000 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 16 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] B6 89 A7 DD CE 6C F5 16 .....l.. >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(21,158) >write_socket(21,158) wrote 158 >cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 16 00 00 ........ .D...... >[010] 00 B8 10 B8 10 1F 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] E5 67 81 A7 93 5A 35 28 .g...Z5( >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 16 00 00 ........ .D...... >[010] 00 B8 10 B8 10 1F 28 06 00 0C 00 5C 50 49 50 45 ......(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000016 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0006281f > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >cli_net_req_chal: LSA Request Challenge from STAGE1 to WEP-AD-DC1: 2850982AFD1DF8F3 >init_q_req_chal: 621 >init_q_req_chal: 630 >000000 net_io_q_req_chal > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 > 002c uni_max_len: 00000007 > 0030 offset : 00000000 > 0034 uni_str_len: 00000007 > 0038 buffer : S.T.A.G.E.1... > 000046 smb_io_chal > 0046 data: 28 50 98 2a fd 1d f8 f3 >create_rpc_request: opnum: 0x4 data_len: 0x66 >create_rpc_request: data_len: 66 auth_len: 0 alloc_hint: 56 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0066 > 000a auth_len : 0000 > 000c call_id : 00000017 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000056 > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: fnum:4000 >size=184 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 102 (0x66) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 102 (0x66) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=117 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 66 00 00 00 17 00 00 00 56 .......f .......V >[020] 00 00 00 00 00 04 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 00 00 28 50 98 .T.A.G.E .1...(P. >[070] 2A FD 1D F8 F3 *.... >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] B7 DF 91 CC B6 D1 A5 57 .......W >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(21,188) >write_socket(21,188) wrote 188 >cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 17 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 99 F0 8E DF B5 A2 98 ........ ........ >[020] E0 00 00 00 00 ..... >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] BF FD C2 59 AA D1 98 9B ...Y.... >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 17 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 99 F0 8E DF B5 A2 98 ........ ........ >[020] E0 00 00 00 00 ..... >cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >rpc_check_hdr: rdata->data_size = 36 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000017 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 36 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_req_chal > 000018 smb_io_chal > 0018 data: 99 f0 8e df b5 a2 98 e0 > 0020 status: NT_STATUS_OK >cred_session_key > clnt_chal: 2850982AFD1DF8F3 > srv_chal : 99F08EDFB5A298E0 > clnt+srv : C140270AB2C090D4 > sess_key : E7BEFDB68299D69A >cred_create > sess_key : E7BEFDB68299D69A > stor_cred: 2850982AFD1DF8F3 > timestamp: 0 > timecred : 2850982AFD1DF8F3 > calc_cred: F0D95ED1ECEFC2D6 >cli_net_auth2: srv:\\WEP-AD-DC1 acct:STAGE1$ sc:2 mc: STAGE1 chal F0D95ED1ECEFC2D6 neg: 400701ff >init_q_auth_2: 742 >make_log_info 1336 >init_q_auth_2: 748 >000000 net_io_q_auth_2 > 000000 smb_io_log_info > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 unistr2 > 002c uni_max_len: 00000008 > 0030 offset : 00000000 > 0034 uni_str_len: 00000008 > 0038 buffer : S.T.A.G.E.1.$... > 0048 sec_chan: 0002 > 00004a smb_io_unistr2 unistr2 > 004c uni_max_len: 00000007 > 0050 offset : 00000000 > 0054 uni_str_len: 00000007 > 0058 buffer : S.T.A.G.E.1... > 000066 smb_io_chal > 0066 data: f0 d9 5e d1 ec ef c2 d6 > 00006e net_io_neg_flags > 0070 neg_flags: 400701ff >create_rpc_request: opnum: 0xf data_len: 0x8c >create_rpc_request: data_len: 8c auth_len: 0 alloc_hint: 7c >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 008c > 000a auth_len : 0000 > 000c call_id : 00000018 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000007c > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: fnum:4000 >size=222 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=7 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 140 (0x8C) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 140 (0x8C) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16384 (0x4000) >smb_bcc=155 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 8C 00 00 00 18 00 00 00 7C ........ .......| >[020] 00 00 00 00 00 0F 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 24 00 00 00 02 .T.A.G.E .1.$.... >[070] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[080] 00 54 00 41 00 47 00 45 00 31 00 00 00 F0 D9 5E .T.A.G.E .1.....^ >[090] D1 EC EF C2 D6 00 00 FF 01 07 40 ........ ..@ >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] 40 A8 F7 3B 69 41 89 25 @..;iA.% >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(21,226) >write_socket(21,226) wrote 226 >cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 18 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 0A E0 0D ED B4 6B F3 ........ ......k. >[020] AC FF 01 07 40 00 00 00 00 ....@... . >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] FA 63 58 8A C8 19 0E 5A .cX....Z >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 18 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 0A E0 0D ED B4 6B F3 ........ ......k. >[020] AC FF 01 07 40 00 00 00 00 ....@... . >cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num = 12 >rpc_check_hdr: rdata->data_size = 40 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000018 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 40 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_auth_2 > 000018 smb_io_chal > 0018 data: 0a e0 0d ed b4 6b f3 ac > 000020 net_io_neg_flags > 0020 neg_flags: 400701ff > 0024 status: NT_STATUS_OK >cred_create > sess_key : E7BEFDB68299D69A > stor_cred: 99F08EDFB5A298E0 > timestamp: 0 > timecred : 99F08EDFB5A298E0 > calc_cred: 0AE00DEDB46BF3AC >cred_assert > challenge : 0AE00DEDB46BF3AC > calculated: 0AE00DEDB46BF3AC >credentials check ok >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] 95 4C 58 10 08 33 46 AD .LX..3F. >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(21,108) >write_socket(21,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] AA 9E AA 57 2E 06 6C DE ...W..l. >Bind RPC Pipe[800c]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr_auth hdr_auth > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_neg netsec_neg > 0008 type1: 00000000 > 000c type2: 00000003 >[000] 41 44 AD >[000] 53 54 41 47 45 31 STAGE1 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0062 > 000a auth_len : 0012 > 000c call_id : 00000019 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:800c >size=180 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 98 (0x62) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 98 (0x62) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=113 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 62 00 12 00 19 00 00 00 B8 .......b ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 41 44 00 53 54 41 47 45 31 .......A D.STAGE1 >[070] 00 . >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] 1B 9D C3 CF CC 82 C9 6A .......j >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(21,184) >write_socket(21,184) wrote 184 >cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 19 00 00 ........ .X...... >[010] 00 B8 10 B8 10 20 28 06 00 0C 00 5C 50 49 50 45 ..... (. ...\PIPE >[020] 5C 6C 73 61 73 73 00 89 A4 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 A3 56 85 .......V . >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] CD A1 42 70 7B 86 46 E1 ..Bp{.F. >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 19 00 00 ........ .X...... >[010] 00 B8 10 B8 10 20 28 06 00 0C 00 5C 50 49 50 45 ..... (. ...\PIPE >[020] 5C 6C 73 61 73 73 00 89 A4 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 A3 56 85 .......V . >cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >rpc_check_hdr: rdata->data_size = 88 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000019 >rpc_api_pipe: len left: 0 smbtrans read: 88 >rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00062820 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >secrets_named_mutex: got mutex for NETLOGON\WEP-AD-DC1 >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] C5 4A F4 BE 67 97 88 E0 .J..g... >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(21,45) >write_socket(21,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=10 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 17 mid = 10 >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] 7D 22 88 80 A2 9B 66 DF }"....f. >cli_net_req_chal: LSA Request Challenge from STAGE1 to WEP-AD-DC1: E5F7842024A51967 >init_q_req_chal: 621 >init_q_req_chal: 630 >000000 net_io_q_req_chal > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 > 002c uni_max_len: 00000007 > 0030 offset : 00000000 > 0034 uni_str_len: 00000007 > 0038 buffer : S.T.A.G.E.1... > 000046 smb_io_chal > 0046 data: e5 f7 84 20 24 a5 19 67 >000050 smb_io_rpc_hdr_auth hdr_auth > 0050 auth_type : 44 > 0051 auth_level : 05 > 0052 padding : 02 > 0053 reserved : 00 > 0054 auth_context : 00000001 >SCHANNEL seq_num=0 >SCHANNEL: netsec_encode seq_num=0 data_len=80 >000058 smb_io_rpc_auth_netsec_chk > 0058 sig : 77 00 ff ff ff ff 00 00 > 0060 seq_num: 6d 62 4f 5c a1 b7 40 d1 > 0068 packet_digest: 18 cd b2 cf a2 c4 85 7c > 0070 confounder: b6 8c 54 4e fd 36 7a b6 >create_rpc_request: opnum: 0x4 data_len: 0x90 >create_rpc_request: data_len: 90 auth_len: 20 alloc_hint: 58 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0090 > 000a auth_len : 0020 > 000c call_id : 0000001a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000058 > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: fnum:800c >size=226 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 144 (0x90) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=159 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 00 20 00 1A 00 00 00 58 ........ . .....X >[020] 00 00 00 00 00 04 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 00 00 E5 F7 84 .T.A.G.E .1...... >[070] 20 24 A5 19 67 00 00 44 05 02 00 01 00 00 00 77 $..g..D .......w >[080] 00 FF FF FF FF 00 00 6D 62 4F 5C A1 B7 40 D1 18 .......m bO\..@.. >[090] CD B2 CF A2 C4 85 7C B6 8C 54 4E FD 36 7A B6 ......|. .TN.6z. >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] AC 6F 1A DE B7 1A 5D 00 .o....]. >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(21,230) >write_socket(21,230) wrote 230 >cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >got smb length of 136 >size=136 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 80 (0x50) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 80 (0x50) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=81 >[000] 00 05 00 02 03 10 00 00 00 50 00 20 00 1A 00 00 ........ .P. .... >[010] 00 0C 00 00 00 00 00 00 00 54 F5 78 C9 FC 12 AB ........ .T.x.... >[020] 21 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 !....... .D...... >[030] 00 77 00 FF FF FF FF 00 00 2B 90 5F 2A 5C 8D 74 .w...... .+._*\.t >[040] C4 D3 81 16 B3 12 E4 3D D7 00 00 00 00 00 00 00 .......= ........ >[050] 00 . >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] A4 50 F6 1B 01 63 67 6B .P...cgk >size=136 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 80 (0x50) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 80 (0x50) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=81 >[000] 00 05 00 02 03 10 00 00 00 50 00 20 00 1A 00 00 ........ .P. .... >[010] 00 0C 00 00 00 00 00 00 00 54 F5 78 C9 FC 12 AB ........ .T.x.... >[020] 21 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 !....... .D...... >[030] 00 77 00 FF FF FF FF 00 00 2B 90 5F 2A 5C 8D 74 .w...... .+._*\.t >[040] C4 D3 81 16 B3 12 E4 3D D7 00 00 00 00 00 00 00 .......= ........ >[050] 00 . >cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >rpc_check_hdr: rdata->data_size = 80 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0020 > 000c call_id : 0000001a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 80 >rpc_auth_pipe: pkt_type: 2 len: 80 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 04 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 ff ff ff ff 00 00 > 0010 seq_num: 2b 90 5f 2a 5c 8d 74 c4 > 0018 packet_digest: d3 81 16 b3 12 e4 3d d7 > 0020 confounder: 00 00 00 00 00 00 00 00 >SCHANNEL: netsec_encode seq_num=1 data_len=16 >SCHANNEL: netsec_decode seq_num=1 data_len=16 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_req_chal > 000018 smb_io_chal > 0018 data: 54 f5 78 c9 fc 12 ab 21 > 0020 status: NT_STATUS_OK >cred_session_key > clnt_chal: E5F7842024A51967 > srv_chal : 54F578C9FC12AB21 > clnt+srv : 39EDFDE920B8C488 > sess_key : 1BC63C6F7E1435AC >cred_create > sess_key : 1BC63C6F7E1435AC > stor_cred: E5F7842024A51967 > timestamp: 0 > timecred : E5F7842024A51967 > calc_cred: 0AF8CDEC385FF2DF >cli_net_auth2: srv:\\WEP-AD-DC1 acct:STAGE1$ sc:2 mc: STAGE1 chal 0AF8CDEC385FF2DF neg: 400701ff >init_q_auth_2: 742 >make_log_info 1336 >init_q_auth_2: 748 >000000 net_io_q_auth_2 > 000000 smb_io_log_info > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 00002a smb_io_unistr2 unistr2 > 002c uni_max_len: 00000008 > 0030 offset : 00000000 > 0034 uni_str_len: 00000008 > 0038 buffer : S.T.A.G.E.1.$... > 0048 sec_chan: 0002 > 00004a smb_io_unistr2 unistr2 > 004c uni_max_len: 00000007 > 0050 offset : 00000000 > 0054 uni_str_len: 00000007 > 0058 buffer : S.T.A.G.E.1... > 000066 smb_io_chal > 0066 data: 0a f8 cd ec 38 5f f2 df > 00006e net_io_neg_flags > 0070 neg_flags: 400701ff >000078 smb_io_rpc_hdr_auth hdr_auth > 0078 auth_type : 44 > 0079 auth_level : 05 > 007a padding : 04 > 007b reserved : 00 > 007c auth_context : 00000001 >SCHANNEL seq_num=2 >SCHANNEL: netsec_encode seq_num=2 data_len=120 >000080 smb_io_rpc_auth_netsec_chk > 0080 sig : 77 00 ff ff ff ff 00 00 > 0088 seq_num: 06 fb b8 d1 12 ad 16 51 > 0090 packet_digest: d0 dd 4a cf bb 1c a1 b1 > 0098 confounder: b1 35 c5 f2 ed 01 46 e1 >create_rpc_request: opnum: 0xf data_len: 0xb8 >create_rpc_request: data_len: b8 auth_len: 20 alloc_hint: 80 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00b8 > 000a auth_len : 0020 > 000c call_id : 0000001b >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000080 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: fnum:800c >size=266 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=12 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 184 (0xB8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 184 (0xB8) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=199 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 B8 00 20 00 1B 00 00 00 80 ........ . ...... >[020] 00 00 00 00 00 0F 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 41 00 44 00 2D 00 44 00 43 00 31 00 00 .-.A.D.- .D.C.1.. >[050] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 53 ........ .......S >[060] 00 54 00 41 00 47 00 45 00 31 00 24 00 00 00 02 .T.A.G.E .1.$.... >[070] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 53 ........ .......S >[080] 00 54 00 41 00 47 00 45 00 31 00 00 00 0A F8 CD .T.A.G.E .1...... >[090] EC 38 5F F2 DF 00 00 FF 01 07 40 00 00 00 00 44 .8_..... ..@....D >[0A0] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 06 .......w ........ >[0B0] FB B8 D1 12 AD 16 51 D0 DD 4A CF BB 1C A1 B1 B1 ......Q. .J...... >[0C0] 35 C5 F2 ED 01 46 E1 5....F. >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 47 BC 5E A5 D3 11 5C 80 G.^...\. >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(21,270) >write_socket(21,270) wrote 270 >cli_signing_trans_start: storing mid = 12, reply_seq_num = 21, send_seq_num = 20 data->send_seq_num = 22 >got smb length of 136 >size=136 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=12 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 80 (0x50) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 80 (0x50) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=81 >[000] 00 05 00 02 03 10 00 00 00 50 00 20 00 1B 00 00 ........ .P. .... >[010] 00 10 00 00 00 00 00 00 00 47 02 C8 64 87 CF 35 ........ .G..d..5 >[020] 0C FF 01 07 40 00 00 00 00 44 05 00 00 01 00 00 ....@... .D...... >[030] 00 77 00 FF FF FF FF 00 00 F5 59 3D 84 BB DB 05 .w...... ..Y=.... >[040] F3 2C 9C B1 0F 07 E8 EB 70 00 00 00 00 00 00 00 .,...... p....... >[050] 00 . >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] 94 69 32 7F E4 7F 33 DE .i2...3. >size=136 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=12 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 80 (0x50) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 80 (0x50) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=81 >[000] 00 05 00 02 03 10 00 00 00 50 00 20 00 1B 00 00 ........ .P. .... >[010] 00 10 00 00 00 00 00 00 00 47 02 C8 64 87 CF 35 ........ .G..d..5 >[020] 0C FF 01 07 40 00 00 00 00 44 05 00 00 01 00 00 ....@... .D...... >[030] 00 77 00 FF FF FF FF 00 00 F5 59 3D 84 BB DB 05 .w...... ..Y=.... >[040] F3 2C 9C B1 0F 07 E8 EB 70 00 00 00 00 00 00 00 .,...... p....... >[050] 00 . >cli_signing_trans_stop: freeing mid = 12, reply_seq_num = 21, send_seq_num = 20 data->send_seq_num = 22 >rpc_check_hdr: rdata->data_size = 80 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0020 > 000c call_id : 0000001b >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 80 >rpc_auth_pipe: pkt_type: 2 len: 80 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 05 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 ff ff ff ff 00 00 > 0010 seq_num: f5 59 3d 84 bb db 05 f3 > 0018 packet_digest: 2c 9c b1 0f 07 e8 eb 70 > 0020 confounder: 00 00 00 00 00 00 00 00 >SCHANNEL: netsec_encode seq_num=3 data_len=16 >SCHANNEL: netsec_decode seq_num=3 data_len=16 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_auth_2 > 000018 smb_io_chal > 0018 data: 47 02 c8 64 87 cf 35 0c > 000020 net_io_neg_flags > 0020 neg_flags: 400701ff > 0024 status: NT_STATUS_OK >cred_create > sess_key : 1BC63C6F7E1435AC > stor_cred: 54F578C9FC12AB21 > timestamp: 0 > timecred : 54F578C9FC12AB21 > calc_cred: 4702C86487CF350C >cred_assert > challenge : 4702C86487CF350C > calculated: 4702C86487CF350C >credentials check ok >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] AF 4F 9A DE B8 2C 16 2C .O...,., >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(21,108) >write_socket(21,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=13 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3328 (0xD00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] 97 7E 2F 9C F4 13 7F 53 .~/....S >Bind RPC Pipe[800d]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr_auth hdr_auth > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_neg netsec_neg > 0008 type1: 00000000 > 000c type2: 00000003 >[000] 41 44 AD >[000] 53 54 41 47 45 31 STAGE1 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0062 > 000a auth_len : 0012 > 000c call_id : 0000001c >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:800d >size=180 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=14 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 98 (0x62) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 98 (0x62) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32781 (0x800D) >smb_bcc=113 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 62 00 12 00 1C 00 00 00 B8 .......b ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 41 44 00 53 54 41 47 45 31 .......A D.STAGE1 >[070] 00 . >simple_packet_signature: sequence number 24 >client_sign_outgoing_message: sent SMB signature of >[000] D0 F6 28 F6 48 C5 2B BC ..(.H.+. >store_sequence_for_reply: stored seq = 25 mid = 14 >write_socket(21,184) >write_socket(21,184) wrote 184 >cli_signing_trans_start: storing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 1C 00 00 ........ .X...... >[010] 00 B8 10 B8 10 21 28 06 00 0C 00 5C 50 49 50 45 .....!(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 00 00 ........ . >simple_packet_signature: sequence number 25 >client_check_incoming_message: seq 25: got good SMB signature of >[000] 42 4D 9F 15 26 5B 7C 17 BM..&[|. >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 1C 00 00 ........ .X...... >[010] 00 B8 10 B8 10 21 28 06 00 0C 00 5C 50 49 50 45 .....!(. ...\PIPE >[020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 00 00 ........ . >cli_signing_trans_stop: freeing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 >rpc_check_hdr: rdata->data_size = 88 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 0000001c >rpc_api_pipe: len left: 0 smbtrans read: 88 >rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00062821 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >secrets_named_mutex: released mutex for NETLOGON\WEP-AD-DC1 >cred_create > sess_key : 1BC63C6F7E1435AC > stor_cred: 0AF8CDEC385FF2DF > timestamp: 40aa224e > timecred : 581A782D385FF2DF > calc_cred: 15FC78D35F18D9E1 >init_id_info2: 1125 >make_logon_id: 1515 >init_sam_info: 1231 >make_clnt_info: 1430 >init_clnt_srv: 1275 >000000 net_io_q_sam_logon > 000000 smb_io_sam_info > 000000 smb_io_clnt_info2 > 000000 smb_io_clnt_srv > 0000 undoc_buffer : 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 002c undoc_buffer2: 00000001 > 000030 smb_io_unistr2 unistr2 > 0030 uni_max_len: 00000007 > 0034 offset : 00000000 > 0038 uni_str_len: 00000007 > 003c buffer : S.T.A.G.E.1... > 004c ptr_cred: 00000001 > 000050 smb_io_cred > 000050 smb_io_chal > 0050 data: 15 fc 78 d3 5f 18 d9 e1 > 000058 smb_io_utime > 0058 time: 40aa224e > 005c ptr_rtn_cred : 00000001 > 000060 smb_io_cred > 000060 smb_io_chal > 0060 data: 00 00 00 00 00 00 00 00 > 000068 smb_io_utime > 0068 time: 00000000 > 006c logon_level : 0002 > 00006e smb_io_sam_info logon_info > 006e switch_value : 0002 > 000070 net_io_id_info2 > 0070 ptr_id_info2: 00000001 > 000074 smb_io_unihdr unihdr > 0074 uni_str_len: 0004 > 0076 uni_max_len: 0004 > 0078 buffer : 00000001 > 007c param_ctrl: 00000000 > 000080 smb_io_logon_id > 0080 low : 0000dead > 0084 high: 0000beef > 000088 smb_io_unihdr unihdr > 0088 uni_str_len: 000c > 008a uni_max_len: 000c > 008c buffer : 00000001 > 000090 smb_io_unihdr unihdr > 0090 uni_str_len: 0010 > 0092 uni_max_len: 0010 > 0094 buffer : 00000001 > 0098 lm_chal: ee fc 7a 3a 8c 26 9d 29 > 0000a0 smb_io_strhdr hdr_nt_chal_resp > 00a0 str_str_len: 0018 > 00a2 str_max_len: 0018 > 00a4 buffer : 00000001 > 0000a8 smb_io_strhdr hdr_lm_chal_resp > 00a8 str_str_len: 0018 > 00aa str_max_len: 0018 > 00ac buffer : 00000001 > 0000b0 smb_io_unistr2 uni_domain_name > 00b0 uni_max_len: 00000002 > 00b4 offset : 00000000 > 00b8 uni_str_len: 00000002 > 00bc buffer : N.A. > 0000c0 smb_io_unistr2 uni_user_name > 00c0 uni_max_len: 00000006 > 00c4 offset : 00000000 > 00c8 uni_str_len: 00000006 > 00cc buffer : j.s.c.h.m.o. > 0000d8 smb_io_unistr2 uni_wksta_name > 00d8 uni_max_len: 00000008 > 00dc offset : 00000000 > 00e0 uni_str_len: 00000008 > 00e4 buffer : \.\.S.T.A.G.E.1. > 0000f4 smb_io_string2 nt_chal_resp > 00f4 str_max_len: 00000018 > 00f8 offset : 00000000 > 00fc str_str_len: 00000018 > 0100 buffer : Is..+..lYG.......\bR..`. > 000118 smb_io_string2 lm_chal_resp > 0118 str_max_len: 00000018 > 011c offset : 00000000 > 0120 str_str_len: 00000018 > 0124 buffer : .p...f..._ f^..0a.].I..n > 013c validation_level: 0003 >000140 smb_io_rpc_hdr_auth hdr_auth > 0140 auth_type : 44 > 0141 auth_level : 06 > 0142 padding : 02 > 0143 reserved : 00 > 0144 auth_context : 00000001 >SCHANNEL seq_num=0 >SCHANNEL: netsec_encode seq_num=0 data_len=320 >000148 smb_io_rpc_auth_netsec_chk > 0148 sig : 77 00 7a 00 ff ff 00 00 > 0150 seq_num: 39 54 cc be 73 a9 4e 60 > 0158 packet_digest: 1a 87 e9 6c 67 32 14 15 > 0160 confounder: 6b 13 7d a6 2f f4 fd d0 >create_rpc_request: opnum: 0x2 data_len: 0x180 >create_rpc_request: data_len: 180 auth_len: 20 alloc_hint: 148 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0180 > 000a auth_len : 0020 > 000c call_id : 0000001d >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000148 > 0014 context_id: 0000 > 0016 opnum : 0002 >rpc_api_pipe: fnum:800d >size=466 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=15 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 384 (0x180) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 384 (0x180) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32781 (0x800D) >smb_bcc=399 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 80 01 20 00 1D 00 00 00 48 ........ . .....H >[020] 01 00 00 00 00 02 00 3E 33 9C DB 8A 33 5A 55 49 .......> 3...3ZUI >[030] CB A0 8D 51 A2 9D 15 8C E6 3B C3 C0 F5 47 D3 19 ...Q.... .;...G.. >[040] 1C 54 B8 23 24 5B F1 12 EF 07 75 25 DE 26 40 89 .T.#$[.. ..u%.&@. >[050] 52 E0 EA 7A 6C 56 62 4B 24 6E 80 4F 90 75 E4 48 R..zlVbK $n.O.u.H >[060] B1 A9 2D 98 88 F8 E9 08 E2 ED AC 1B BB 0C F1 F5 ..-..... ........ >[070] 81 85 56 8C D7 2C 1D 0F 11 D3 88 C6 19 51 AA F2 ..V..,.. .....Q.. >[080] 4D 19 8F C8 ED DD BB 0C 6C B2 0D 7A 1B 16 CC 6A M....... l..z...j >[090] E9 08 73 C9 51 78 41 83 9E DA 54 0D 22 C6 2C 35 ..s.QxA. ..T.".,5 >[0A0] 06 CC 08 AD B9 ED 96 7F 9B 2E 20 ED 6D 6B 4F F0 ........ .. .mkO. >[0B0] D4 E6 6C 13 3E 1C 37 FC 5A 06 33 41 AF AE BC 79 ..l.>.7. Z.3A...y >[0C0] C9 D7 0F ED 94 F1 49 EF FC B3 9B F5 09 21 AF 01 ......I. .....!.. >[0D0] A7 D3 CB 98 C3 AA A5 B2 B5 C3 41 18 49 8D 70 C3 ........ ..A.I.p. >[0E0] 78 42 69 F0 1C F2 A5 E3 56 3B 7E 4F 9D CF 86 AA xBi..... V;~O.... >[0F0] 46 4E 31 B6 61 DF 1D 41 34 D8 55 2E 47 8F 8B D7 FN1.a..A 4.U.G... >[100] 23 CF DC 2F 11 41 29 A5 FA 39 26 1D A2 D0 BB AA #../.A). .9&..... >[110] 18 57 84 0E 96 70 81 BD 2A 59 FD CE CB 5A FF 68 .W...p.. *Y...Z.h >[120] 91 43 AD 9E A2 DF 8D 90 F8 B6 23 A1 16 57 52 0D .C...... ..#..WR. >[130] 2A 1B 06 5C 68 80 E5 4D 1B 7B B2 4D EA 6B 09 F7 *..\h..M .{.M.k.. >[140] DA C0 51 92 A6 3C E4 31 85 3F 52 50 C3 FC D6 C7 ..Q..<.1 .?RP.... >[150] 3D B9 41 1B 4C F4 B7 31 B1 91 08 22 4D 07 8D 7A =.A.L..1 ..."M..z >[160] AB C4 F2 0B A4 4C 80 44 06 02 00 01 00 00 00 77 .....L.D .......w >[170] 00 7A 00 FF FF 00 00 39 54 CC BE 73 A9 4E 60 1A .z.....9 T..s.N`. >[180] 87 E9 6C 67 32 14 15 6B 13 7D A6 2F F4 FD D0 ..lg2..k .}./... >simple_packet_signature: sequence number 26 >client_sign_outgoing_message: sent SMB signature of >[000] 82 9F 98 8C 6F B2 F2 5A ....o..Z >store_sequence_for_reply: stored seq = 27 mid = 15 >write_socket(21,470) >write_socket(21,470) wrote 470 >cli_signing_trans_start: storing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 >got smb length of 600 >size=600 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 544 (0x220) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 544 (0x220) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=545 >[000] 00 05 00 02 03 10 00 00 00 20 02 20 00 1D 00 00 ........ . . .... >[010] 00 E0 01 00 00 00 00 00 00 70 0C 47 3B CB AF A4 ........ .p.G;... >[020] D4 95 79 DD 32 6B F6 19 96 43 9E B7 EE 1A 1C A5 ..y.2k.. .C...... >[030] A1 1A E8 FD EF 72 30 B1 2E B0 F6 F1 8E 91 12 51 .....r0. .......Q >[040] C8 AD 78 36 19 6F A0 9B B0 94 89 9E B6 23 42 55 ..x6.o.. .....#BU >[050] B8 21 0F 59 0D 42 03 12 BC 4F B5 71 32 57 CC B1 .!.Y.B.. .O.q2W.. >[060] 9E 2F 36 11 47 D0 8D 55 25 FE 78 A4 62 81 7F C4 ./6.G..U %.x.b... >[070] 70 EA B6 4D 31 A9 55 EB C8 67 93 42 74 CB AD EE p..M1.U. .g.Bt... >[080] F6 AC FE B3 66 0B B7 F2 18 63 49 96 53 25 2E A7 ....f... .cI.S%.. >[090] D9 7C F8 FD 72 4C DE F7 8B CF 86 F7 DD 93 BD 68 .|..rL.. .......h >[0A0] C0 30 49 73 8F 5F 34 23 0E 80 1D 35 A3 B2 00 44 .0Is._4# ...5...D >[0B0] 7D 12 43 23 4F C6 98 82 B5 2B 81 1B 6A 06 06 70 }.C#O... .+..j..p >[0C0] D8 3E 93 64 24 8C 2A 0B 5E 5F 3D 14 31 AE 7E 39 .>.d$.*. ^_=.1.~9 >[0D0] EF E4 66 CB 26 42 2D 3E 4B 7D F2 8E 91 A0 40 FF ..f.&B-> K}....@. >[0E0] 12 83 55 2E D0 DE B2 53 BF 4D D6 B7 78 68 3D 22 ..U....S .M..xh=" >[0F0] 6D BF 22 0C 3E CB E0 A3 C8 21 8F 66 88 D4 B2 8F m.".>... .!.f.... >[100] 83 9A C8 FD DF 4B 31 08 56 7F 76 6F EA A5 C7 C3 .....K1. V.vo.... >[110] 2E AC FF 65 71 40 0A 1E 32 01 6A 13 42 4A 29 8B ...eq@.. 2.j.BJ). >[120] 49 E9 49 65 6B 71 52 AF 7B 64 7F 86 D0 CA 5D 7D I.IekqR. {d....]} >[130] DC E8 7B CE 35 22 40 97 D6 02 02 C3 8F C4 7B D1 ..{.5"@. ......{. >[140] 47 5E 7C 5B 9D CA 84 1F FD 4D 71 9A B6 56 E1 14 G^|[.... .Mq..V.. >[150] 3C 5B 53 DA 44 9D 61 23 26 7A 19 56 17 E8 8B 63 <[S.D.a# &z.V...c >[160] E4 CB F1 4A 29 3D 38 AC 0B E8 89 A5 4E 71 B0 FB ...J)=8. ....Nq.. >[170] 7D CD 40 DE D9 BE 17 B2 F0 98 02 01 33 82 6B F0 }.@..... ....3.k. >[180] F2 C2 13 05 CE 90 DB 3E 01 40 F4 3A A4 FA EF 01 .......> .@.:.... >[190] 4B 6D A8 3E 47 83 F1 12 61 DE 59 1A 1D 2A 1B CD Km.>G... a.Y..*.. >[1A0] EA C6 72 9F A0 C5 4A EE F1 78 45 3B 6A 36 F2 C6 ..r...J. .xE;j6.. >[1B0] 8A B8 5E 67 F7 04 69 D0 23 42 64 1D 64 0D 51 D0 ..^g..i. #Bd.d.Q. >[1C0] FE 77 AD 1E C1 22 86 B9 E0 13 35 61 4B E8 8A 28 .w...".. ..5aK..( >[1D0] 15 04 9E 94 4A C8 A7 1F AE 0A 48 83 30 BB 60 4D ....J... ..H.0.`M >[1E0] BD 3F 33 01 F6 23 85 C7 F1 E5 26 7B 3D 0F 87 F5 .?3..#.. ..&{=... >[1F0] D5 07 CD 46 96 2F 0C 6A EA 44 06 00 00 01 00 00 ...F./.j .D...... >simple_packet_signature: sequence number 27 >client_check_incoming_message: seq 27: got good SMB signature of >[000] 51 30 D5 9F 9A B1 74 44 Q0....tD >size=600 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 544 (0x220) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 544 (0x220) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=545 >[000] 00 05 00 02 03 10 00 00 00 20 02 20 00 1D 00 00 ........ . . .... >[010] 00 E0 01 00 00 00 00 00 00 70 0C 47 3B CB AF A4 ........ .p.G;... >[020] D4 95 79 DD 32 6B F6 19 96 43 9E B7 EE 1A 1C A5 ..y.2k.. .C...... >[030] A1 1A E8 FD EF 72 30 B1 2E B0 F6 F1 8E 91 12 51 .....r0. .......Q >[040] C8 AD 78 36 19 6F A0 9B B0 94 89 9E B6 23 42 55 ..x6.o.. .....#BU >[050] B8 21 0F 59 0D 42 03 12 BC 4F B5 71 32 57 CC B1 .!.Y.B.. .O.q2W.. >[060] 9E 2F 36 11 47 D0 8D 55 25 FE 78 A4 62 81 7F C4 ./6.G..U %.x.b... >[070] 70 EA B6 4D 31 A9 55 EB C8 67 93 42 74 CB AD EE p..M1.U. .g.Bt... >[080] F6 AC FE B3 66 0B B7 F2 18 63 49 96 53 25 2E A7 ....f... .cI.S%.. >[090] D9 7C F8 FD 72 4C DE F7 8B CF 86 F7 DD 93 BD 68 .|..rL.. .......h >[0A0] C0 30 49 73 8F 5F 34 23 0E 80 1D 35 A3 B2 00 44 .0Is._4# ...5...D >[0B0] 7D 12 43 23 4F C6 98 82 B5 2B 81 1B 6A 06 06 70 }.C#O... .+..j..p >[0C0] D8 3E 93 64 24 8C 2A 0B 5E 5F 3D 14 31 AE 7E 39 .>.d$.*. ^_=.1.~9 >[0D0] EF E4 66 CB 26 42 2D 3E 4B 7D F2 8E 91 A0 40 FF ..f.&B-> K}....@. >[0E0] 12 83 55 2E D0 DE B2 53 BF 4D D6 B7 78 68 3D 22 ..U....S .M..xh=" >[0F0] 6D BF 22 0C 3E CB E0 A3 C8 21 8F 66 88 D4 B2 8F m.".>... .!.f.... >[100] 83 9A C8 FD DF 4B 31 08 56 7F 76 6F EA A5 C7 C3 .....K1. V.vo.... >[110] 2E AC FF 65 71 40 0A 1E 32 01 6A 13 42 4A 29 8B ...eq@.. 2.j.BJ). >[120] 49 E9 49 65 6B 71 52 AF 7B 64 7F 86 D0 CA 5D 7D I.IekqR. {d....]} >[130] DC E8 7B CE 35 22 40 97 D6 02 02 C3 8F C4 7B D1 ..{.5"@. ......{. >[140] 47 5E 7C 5B 9D CA 84 1F FD 4D 71 9A B6 56 E1 14 G^|[.... .Mq..V.. >[150] 3C 5B 53 DA 44 9D 61 23 26 7A 19 56 17 E8 8B 63 <[S.D.a# &z.V...c >[160] E4 CB F1 4A 29 3D 38 AC 0B E8 89 A5 4E 71 B0 FB ...J)=8. ....Nq.. >[170] 7D CD 40 DE D9 BE 17 B2 F0 98 02 01 33 82 6B F0 }.@..... ....3.k. >[180] F2 C2 13 05 CE 90 DB 3E 01 40 F4 3A A4 FA EF 01 .......> .@.:.... >[190] 4B 6D A8 3E 47 83 F1 12 61 DE 59 1A 1D 2A 1B CD Km.>G... a.Y..*.. >[1A0] EA C6 72 9F A0 C5 4A EE F1 78 45 3B 6A 36 F2 C6 ..r...J. .xE;j6.. >[1B0] 8A B8 5E 67 F7 04 69 D0 23 42 64 1D 64 0D 51 D0 ..^g..i. #Bd.d.Q. >[1C0] FE 77 AD 1E C1 22 86 B9 E0 13 35 61 4B E8 8A 28 .w...".. ..5aK..( >[1D0] 15 04 9E 94 4A C8 A7 1F AE 0A 48 83 30 BB 60 4D ....J... ..H.0.`M >[1E0] BD 3F 33 01 F6 23 85 C7 F1 E5 26 7B 3D 0F 87 F5 .?3..#.. ..&{=... >[1F0] D5 07 CD 46 96 2F 0C 6A EA 44 06 00 00 01 00 00 ...F./.j .D...... >cli_signing_trans_stop: freeing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 >rpc_check_hdr: rdata->data_size = 544 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0220 > 000a auth_len : 0020 > 000c call_id : 0000001d >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000001e0 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 544 >rpc_auth_pipe: pkt_type: 2 len: 544 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: f3 85 91 f8 1c 76 c8 ba > 0018 packet_digest: c2 82 74 f7 4b a5 ea fc > 0020 confounder: fe 82 4d 26 d7 a2 43 b7 >SCHANNEL: netsec_encode seq_num=1 data_len=480 >SCHANNEL: netsec_decode seq_num=1 data_len=480 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_sam_logon > 0018 buffer_creds: 0009c990 > 00001c smb_io_cred > 00001c smb_io_chal > 001c data: 57 9d 60 52 8e 23 1c 50 > 000024 smb_io_utime > 0024 time: 00000000 > 0028 switch_value: 0003 > 00002c net_io_user_info3 > 002c ptr_user_info : 0d4ff050 > 000030 smb_io_time logon time > 0030 low : 82f1c47b > 0034 high: 01c43916 > 000038 smb_io_time logoff time > 0038 low : ffffffff > 003c high: 7fffffff > 000040 smb_io_time kickoff time > 0040 low : ffffffff > 0044 high: 7fffffff > 000048 smb_io_time last set time > 0048 low : c09254c1 > 004c high: 01c4385c > 000050 smb_io_time can change time > 0050 low : 68b3d4c1 > 0054 high: 01c44038 > 000058 smb_io_time must change time > 0058 low : b15b54c1 > 005c high: 01c46782 > 000060 smb_io_unihdr hdr_user_name > 0060 uni_str_len: 000c > 0062 uni_max_len: 000e > 0064 buffer : 0d4ff1b4 > 000068 smb_io_unihdr hdr_full_name > 0068 uni_str_len: 0000 > 006a uni_max_len: 0000 > 006c buffer : 00000000 > 000070 smb_io_unihdr hdr_logon_script > 0070 uni_str_len: 0000 > 0072 uni_max_len: 0000 > 0074 buffer : 00000000 > 000078 smb_io_unihdr hdr_profile_path > 0078 uni_str_len: 0000 > 007a uni_max_len: 0000 > 007c buffer : 00000000 > 000080 smb_io_unihdr hdr_home_dir > 0080 uni_str_len: 0000 > 0082 uni_max_len: 0000 > 0084 buffer : 00000000 > 000088 smb_io_unihdr hdr_dir_drive > 0088 uni_str_len: 0000 > 008a uni_max_len: 0000 > 008c buffer : 00000000 > 0090 logon_count : 0039 > 0092 bad_pw_count : 0000 > 0094 user_rid : 0000089f > 0098 group_rid : 00000201 > 009c num_groups : 00000007 > 00a0 buffer_groups : 0d4ff11c > 00a4 user_flgs : 00000120 > 00a8 user_sess_key: c6 9a 5d 40 81 b4 2b a4 db 2c 78 45 b8 7e d5 e7 > 0000b8 smb_io_unihdr hdr_logon_srv > 00b8 uni_str_len: 0014 > 00ba uni_max_len: 0016 > 00bc buffer : 0d4ff1c2 > 0000c0 smb_io_unihdr hdr_logon_dom > 00c0 uni_str_len: 0004 > 00c2 uni_max_len: 0006 > 00c4 buffer : 0d4ff1d8 > 00c8 buffer_dom_id : 0d4ff19c > 00cc padding : 57 3f 92 a9 80 74 5e 73 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00f4 num_other_sids: 00000002 > 00f8 buffer_other_sids: 0d4ff154 > 0000fc smb_io_unistr2 uni_user_name > 00fc uni_max_len: 00000007 > 0100 offset : 00000000 > 0104 uni_str_len: 00000006 > 0108 buffer : j.s.c.h.m.o. > 000114 smb_io_unistr2 - NULL uni_full_name > 000114 smb_io_unistr2 - NULL uni_logon_script > 000114 smb_io_unistr2 - NULL uni_profile_path > 000114 smb_io_unistr2 - NULL uni_home_dir > 000114 smb_io_unistr2 - NULL uni_dir_drive > 0114 num_groups2 : 00000007 > 000118 smb_io_gid > 0118 g_rid: 00000cbd > 011c attr : 00000007 > 000120 smb_io_gid > 0120 g_rid: 00000a36 > 0124 attr : 00000007 > 000128 smb_io_gid > 0128 g_rid: 00000cef > 012c attr : 00000007 > 000130 smb_io_gid > 0130 g_rid: 000008e9 > 0134 attr : 00000007 > 000138 smb_io_gid > 0138 g_rid: 000008f5 > 013c attr : 00000007 > 000140 smb_io_gid > 0140 g_rid: 00000201 > 0144 attr : 00000007 > 000148 smb_io_gid > 0148 g_rid: 00000fc0 > 014c attr : 00000007 > 000150 smb_io_unistr2 uni_logon_srv > 0150 uni_max_len: 0000000b > 0154 offset : 00000000 > 0158 uni_str_len: 0000000a > 015c buffer : W.E.P.-.N.A.-.D.C.2. > 000170 smb_io_unistr2 uni_logon_dom > 0170 uni_max_len: 00000003 > 0174 offset : 00000000 > 0178 uni_str_len: 00000002 > 017c buffer : N.A. > 000180 smb_io_dom_sid2 > 0180 num_auths: 00000004 > 000184 smb_io_dom_sid sid > 0184 sid_rev_num: 01 > 0185 num_auths : 04 > 0186 id_auth[0] : 00 > 0187 id_auth[1] : 00 > 0188 id_auth[2] : 00 > 0189 id_auth[3] : 00 > 018a id_auth[4] : 00 > 018b id_auth[5] : 05 > 018c sub_auths : 00000015 74d97781 773ce092 6b635f23 > 019c num_other_groups: 00000002 > 0001a0 smb_io_gid > 01a0 g_rid: 0d4ff164 > 01a4 attr : 00000007 > 0001a8 smb_io_gid > 01a8 g_rid: 0d4ff180 > 01ac attr : 00000007 > 0001b0 smb_io_dom_sid2 > 01b0 num_auths: 00000005 > 0001b4 smb_io_dom_sid sid > 01b4 sid_rev_num: 01 > 01b5 num_auths : 05 > 01b6 id_auth[0] : 00 > 01b7 id_auth[1] : 00 > 01b8 id_auth[2] : 00 > 01b9 id_auth[3] : 00 > 01ba id_auth[4] : 00 > 01bb id_auth[5] : 05 > 01bc sub_auths : 00000015 404237fd 2188754f 320a1743 0000045b > 0001d0 smb_io_dom_sid2 > 01d0 num_auths: 00000005 > 0001d4 smb_io_dom_sid sid > 01d4 sid_rev_num: 01 > 01d5 num_auths : 05 > 01d6 id_auth[0] : 00 > 01d7 id_auth[1] : 00 > 01d8 id_auth[2] : 00 > 01d9 id_auth[3] : 00 > 01da id_auth[4] : 00 > 01db id_auth[5] : 05 > 01dc sub_auths : 00000015 404237fd 2188754f 320a1743 00000465 > 01f0 auth_resp : 00000001 > 01f4 status : NT_STATUS_OK >clnt_deal_with_creds: 148 >cred_create > sess_key : 1BC63C6F7E1435AC > stor_cred: 0AF8CDEC385FF2DF > timestamp: 40aa224f > timecred : 591A782D385FF2DF > calc_cred: 579D60528E231C50 >cred_assert > challenge : 579D60528E231C50 > calculated: 579D60528E231C50 >credentials check ok > new clnt cred: 591A782D385FF2DF >netsamlogon_cache_store: SID [S-1-5-21-1960408961-2000478354-1801674531-2207] >0000 timestamp: 40aa224e >000004 net_io_user_info3 > 0004 ptr_user_info : 0d4ff050 > 000008 smb_io_time logon time > 0008 low : 82f1c47b > 000c high: 01c43916 > 000010 smb_io_time logoff time > 0010 low : ffffffff > 0014 high: 7fffffff > 000018 smb_io_time kickoff time > 0018 low : ffffffff > 001c high: 7fffffff > 000020 smb_io_time last set time > 0020 low : c09254c1 > 0024 high: 01c4385c > 000028 smb_io_time can change time > 0028 low : 68b3d4c1 > 002c high: 01c44038 > 000030 smb_io_time must change time > 0030 low : b15b54c1 > 0034 high: 01c46782 > 000038 smb_io_unihdr hdr_user_name > 0038 uni_str_len: 000c > 003a uni_max_len: 000e > 003c buffer : 0d4ff1b4 > 000040 smb_io_unihdr hdr_full_name > 0040 uni_str_len: 0000 > 0042 uni_max_len: 0000 > 0044 buffer : 00000000 > 000048 smb_io_unihdr hdr_logon_script > 0048 uni_str_len: 0000 > 004a uni_max_len: 0000 > 004c buffer : 00000000 > 000050 smb_io_unihdr hdr_profile_path > 0050 uni_str_len: 0000 > 0052 uni_max_len: 0000 > 0054 buffer : 00000000 > 000058 smb_io_unihdr hdr_home_dir > 0058 uni_str_len: 0000 > 005a uni_max_len: 0000 > 005c buffer : 00000000 > 000060 smb_io_unihdr hdr_dir_drive > 0060 uni_str_len: 0000 > 0062 uni_max_len: 0000 > 0064 buffer : 00000000 > 0068 logon_count : 0039 > 006a bad_pw_count : 0000 > 006c user_rid : 0000089f > 0070 group_rid : 00000201 > 0074 num_groups : 00000007 > 0078 buffer_groups : 0d4ff11c > 007c user_flgs : 00000120 > 0080 user_sess_key: ad e4 79 89 5e e9 05 49 74 c4 f3 6c 78 cb 76 e2 > 000090 smb_io_unihdr hdr_logon_srv > 0090 uni_str_len: 0014 > 0092 uni_max_len: 0016 > 0094 buffer : 0d4ff1c2 > 000098 smb_io_unihdr hdr_logon_dom > 0098 uni_str_len: 0004 > 009a uni_max_len: 0006 > 009c buffer : 0d4ff1d8 > 00a0 buffer_dom_id : 0d4ff19c > 00a4 padding : 3c 41 b6 60 5f 29 70 9e bf e8 8b 29 c0 b5 a3 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00cc num_other_sids: 00000002 > 00d0 buffer_other_sids: 0d4ff154 > 0000d4 smb_io_unistr2 uni_user_name > 00d4 uni_max_len: 00000007 > 00d8 offset : 00000000 > 00dc uni_str_len: 00000006 > 00e0 buffer : j.s.c.h.m.o. > 0000ec smb_io_unistr2 - NULL uni_full_name > 0000ec smb_io_unistr2 - NULL uni_logon_script > 0000ec smb_io_unistr2 - NULL uni_profile_path > 0000ec smb_io_unistr2 - NULL uni_home_dir > 0000ec smb_io_unistr2 - NULL uni_dir_drive > 00ec num_groups2 : 00000007 > 0000f0 smb_io_gid > 00f0 g_rid: 00000cbd > 00f4 attr : 00000007 > 0000f8 smb_io_gid > 00f8 g_rid: 00000a36 > 00fc attr : 00000007 > 000100 smb_io_gid > 0100 g_rid: 00000cef > 0104 attr : 00000007 > 000108 smb_io_gid > 0108 g_rid: 000008e9 > 010c attr : 00000007 > 000110 smb_io_gid > 0110 g_rid: 000008f5 > 0114 attr : 00000007 > 000118 smb_io_gid > 0118 g_rid: 00000201 > 011c attr : 00000007 > 000120 smb_io_gid > 0120 g_rid: 00000fc0 > 0124 attr : 00000007 > 000128 smb_io_unistr2 uni_logon_srv > 0128 uni_max_len: 0000000b > 012c offset : 00000000 > 0130 uni_str_len: 0000000a > 0134 buffer : W.E.P.-.N.A.-.D.C.2. > 000148 smb_io_unistr2 uni_logon_dom > 0148 uni_max_len: 00000003 > 014c offset : 00000000 > 0150 uni_str_len: 00000002 > 0154 buffer : N.A. > 000158 smb_io_dom_sid2 > 0158 num_auths: 00000004 > 00015c smb_io_dom_sid sid > 015c sid_rev_num: 01 > 015d num_auths : 04 > 015e id_auth[0] : 00 > 015f id_auth[1] : 00 > 0160 id_auth[2] : 00 > 0161 id_auth[3] : 00 > 0162 id_auth[4] : 00 > 0163 id_auth[5] : 05 > 0164 sub_auths : 00000015 74d97781 773ce092 6b635f23 > 0174 num_other_groups: 00000002 > 000178 smb_io_gid > 0178 g_rid: 0d4ff164 > 017c attr : 00000007 > 000180 smb_io_gid > 0180 g_rid: 0d4ff180 > 0184 attr : 00000007 > 000188 smb_io_dom_sid2 > 0188 num_auths: 00000005 > 00018c smb_io_dom_sid sid > 018c sid_rev_num: 01 > 018d num_auths : 05 > 018e id_auth[0] : 00 > 018f id_auth[1] : 00 > 0190 id_auth[2] : 00 > 0191 id_auth[3] : 00 > 0192 id_auth[4] : 00 > 0193 id_auth[5] : 05 > 0194 sub_auths : 00000015 404237fd 2188754f 320a1743 0000045b > 0001a8 smb_io_dom_sid2 > 01a8 num_auths: 00000005 > 0001ac smb_io_dom_sid sid > 01ac sid_rev_num: 01 > 01ad num_auths : 05 > 01ae id_auth[0] : 00 > 01af id_auth[1] : 00 > 01b0 id_auth[2] : 00 > 01b1 id_auth[3] : 00 > 01b2 id_auth[4] : 00 > 01b3 id_auth[5] : 05 > 01b4 sub_auths : 00000015 404237fd 2188754f 320a1743 00000465 >init_r_getdcname >000000 net_io_q_getdcname > 0000 ptr_logon_server: 00000001 > 000004 smb_io_unistr2 logon_server > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.A.D.-.D.C.1... > 002c ptr_domainname: 00000001 > 000030 smb_io_unistr2 domainname > 0030 uni_max_len: 00000003 > 0034 offset : 00000000 > 0038 uni_str_len: 00000003 > 003c buffer : N.A... >000048 smb_io_rpc_hdr_auth hdr_auth > 0048 auth_type : 44 > 0049 auth_level : 06 > 004a padding : 06 > 004b reserved : 00 > 004c auth_context : 00000001 >SCHANNEL seq_num=2 >SCHANNEL: netsec_encode seq_num=2 data_len=72 >000050 smb_io_rpc_auth_netsec_chk > 0050 sig : 77 00 7a 00 ff ff 00 00 > 0058 seq_num: 5b a3 a6 c5 55 a3 8e df > 0060 packet_digest: 7a 47 c7 50 08 77 d1 ea > 0068 confounder: d3 95 62 79 c8 15 77 56 >create_rpc_request: opnum: 0xd data_len: 0x88 >create_rpc_request: data_len: 88 auth_len: 20 alloc_hint: 50 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0088 > 000a auth_len : 0020 > 000c call_id : 0000001e >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000050 > 0014 context_id: 0000 > 0016 opnum : 000d >rpc_api_pipe: fnum:800d >size=218 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=16 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 136 (0x88) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 136 (0x88) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32781 (0x800D) >smb_bcc=151 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 88 00 20 00 1E 00 00 00 50 ........ . .....P >[020] 00 00 00 00 00 0D 00 5C 28 B2 47 B0 59 90 86 D8 .......\ (.G.Y... >[030] D2 21 EC B1 B9 62 A0 AB A7 9A 0C 94 FF 0B 55 19 .!...b.. ......U. >[040] CE E4 14 D9 D1 5C F0 63 F9 79 33 1D 33 66 7C 44 .....\.c .y3.3f|D >[050] 42 53 A1 C7 A2 80 1D F2 9C 9D A5 FA 87 7A 3D 9F BS...... .....z=. >[060] E0 04 02 BC 00 55 3B B0 F4 AE A3 98 D1 14 34 44 .....U;. ......4D >[070] 06 06 00 01 00 00 00 77 00 7A 00 FF FF 00 00 5B .......w .z.....[ >[080] A3 A6 C5 55 A3 8E DF 7A 47 C7 50 08 77 D1 EA D3 ...U...z G.P.w... >[090] 95 62 79 C8 15 77 56 .by..wV >simple_packet_signature: sequence number 28 >client_sign_outgoing_message: sent SMB signature of >[000] FE 65 F1 66 38 33 B2 69 .e.f83.i >store_sequence_for_reply: stored seq = 29 mid = 16 >write_socket(21,222) >write_socket(21,222) wrote 222 >cli_signing_trans_start: storing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 >got smb length of 168 >size=168 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 112 (0x70) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 112 (0x70) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 05 00 02 03 10 00 00 00 70 00 20 00 1E 00 00 ........ .p. .... >[010] 00 30 00 00 00 00 00 00 00 B5 A2 9F 5B CA FA 29 .0...... ....[..) >[020] 61 C2 1A A9 AA 26 0F F4 44 2C CF 01 FB 21 AC FC a....&.. D,...!.. >[030] 19 71 16 08 CB 97 9E 3B 2D 6F AE 7D 41 6F A7 29 .q.....; -o.}Ao.) >[040] 63 57 F1 C3 B8 43 88 A9 25 44 06 00 00 01 00 00 cW...C.. %D...... >[050] 00 77 00 7A 00 FF FF 00 00 12 46 20 21 29 43 97 .w.z.... ..F !)C. >[060] C1 46 A1 46 4F 06 D3 4D C2 E6 08 89 FB 91 28 FC .F.FO..M ......(. >[070] 81 . >simple_packet_signature: sequence number 29 >client_check_incoming_message: seq 29: got good SMB signature of >[000] 8F 4D F6 3A 73 E3 BF 80 .M.:s... >size=168 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=16388 >smb_pid=2230 >smb_uid=36865 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 112 (0x70) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 112 (0x70) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] 00 05 00 02 03 10 00 00 00 70 00 20 00 1E 00 00 ........ .p. .... >[010] 00 30 00 00 00 00 00 00 00 B5 A2 9F 5B CA FA 29 .0...... ....[..) >[020] 61 C2 1A A9 AA 26 0F F4 44 2C CF 01 FB 21 AC FC a....&.. D,...!.. >[030] 19 71 16 08 CB 97 9E 3B 2D 6F AE 7D 41 6F A7 29 .q.....; -o.}Ao.) >[040] 63 57 F1 C3 B8 43 88 A9 25 44 06 00 00 01 00 00 cW...C.. %D...... >[050] 00 77 00 7A 00 FF FF 00 00 12 46 20 21 29 43 97 .w.z.... ..F !)C. >[060] C1 46 A1 46 4F 06 D3 4D C2 E6 08 89 FB 91 28 FC .F.FO..M ......(. >[070] 81 . >cli_signing_trans_stop: freeing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 >rpc_check_hdr: rdata->data_size = 112 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0070 > 000a auth_len : 0020 > 000c call_id : 0000001e >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000030 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 112 >rpc_auth_pipe: pkt_type: 2 len: 112 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 padding : 00 > 0003 reserved : 00 > 0004 auth_context : 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: 12 46 20 21 29 43 97 c1 > 0018 packet_digest: 46 a1 46 4f 06 d3 4d c2 > 0020 confounder: e6 08 89 fb 91 28 fc 81 >SCHANNEL: netsec_encode seq_num=3 data_len=48 >SCHANNEL: netsec_decode seq_num=3 data_len=48 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_getdcname > 0018 ptr_dcname: 00141010 > 00001c smb_io_unistr2 dcname > 001c uni_max_len: 0000000d > 0020 offset : 00000000 > 0024 uni_str_len: 0000000d > 0028 buffer : \.\.W.E.P.-.N.A.-.D.C.2... > 0042 status: NT_STATUS_OK >internal_resolve_name: looking up WEP-NA-DC2#20 >Returning valid cache entry: key = NBT/WEP-NA-DC2#20, value = 10.32.2.64:0, timeout = Tue May 18 10:49:35 2004 > >name WEP-NA-DC2#20 found. >IPC$ connections done anonymously >secrets_named_mutex: got mutex for WEP-NA-DC2 >Connecting to host=WEP-NA-DC2 >Connecting to 10.32.2.64 at port 445 >socket option SO_KEEPALIVE = 0 >socket option SO_REUSEADDR = 0 >socket option SO_BROADCAST = 0 >socket option TCP_NODELAY = 1 >socket option IPTOS_LOWDELAY = 0 >socket option IPTOS_THROUGHPUT = 0 >socket option SO_SNDBUF = 16384 >socket option SO_RCVBUF = 87380 >socket option SO_SNDLOWAT = 1 >socket option SO_RCVLOWAT = 1 >socket option SO_SNDTIMEO = 0 >socket option SO_RCVTIMEO = 0 >write_socket(22,183) >write_socket(22,183) wrote 183 >got smb length of 187 >size=187 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=49792 (0xC280) >smb_vwv[12]=14900 (0x3A34) >smb_vwv[13]=59296 (0xE7A0) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=118 >[000] 6C 7A 9B 53 65 B1 39 4B 88 0C 3B 2E 4D 5D 9F 87 lz.Se.9K ..;.M].. >[010] 60 64 06 06 2B 06 01 05 05 02 A0 5A 30 58 A0 30 `d..+... ...Z0X.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 24 30 22 A0 20 1B 1E 77 65 70 2D 6E 61 2D 64 .$0". .. wep-na-d >[060] 63 32 24 40 4E 41 2E 41 44 2E 43 4F 4C 4F 52 43 c2$@NA.A D.COLORC >[070] 4F 4E 2E 43 4F 4D ON.COM >size=187 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=2230 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]=49792 (0xC280) >smb_vwv[12]=14900 (0x3A34) >smb_vwv[13]=59296 (0xE7A0) >smb_vwv[14]=50236 (0xC43C) >smb_vwv[15]=61441 (0xF001) >smb_vwv[16]= 0 (0x0) >smb_bcc=118 >[000] 6C 7A 9B 53 65 B1 39 4B 88 0C 3B 2E 4D 5D 9F 87 lz.Se.9K ..;.M].. >[010] 60 64 06 06 2B 06 01 05 05 02 A0 5A 30 58 A0 30 `d..+... ...Z0X.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 24 30 22 A0 20 1B 1E 77 65 70 2D 6E 61 2D 64 .$0". .. wep-na-d >[060] 63 32 24 40 4E 41 2E 41 44 2E 43 4F 4C 4F 52 43 c2$@NA.A D.COLORC >[070] 4F 4E 2E 43 4F 4D ON.COM >connecting to WEP-NA-DC2 from STAGE1 with kerberos principal [STAGE1$@AD.COLORCON.COM] >Doing spnego session setup (blob length=118) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=wep-na-dc2$@NA.AD.COLORCON.COM >Doing kerberos session setup >Advancing clock by 173 seconds to cope with clock skew >Ticket in ccache[MEMORY:cliconnect] expiration Tue, 18 May 2004 20:48:46 GMT >Ticket (wep-na-dc2$@NA.AD.COLORCON.COM) in ccache (MEMORY:cliconnect) is valid until: (Tue, 18 May 2004 20:48:46 GMT - 1084927726) >Got KRB5 session key of length 8 >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 02 6B 83 16 1F 26 6B CB .k...&k. >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] D6 7B 32 DC B5 23 D5 20 .{2..#. >store_sequence_for_reply: stored seq = 1 mid = 2 >write_socket(22,1224) >write_socket(22,1224) wrote 1224 >got smb length of 143 >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=4097 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] A5 DF 1C AC 02 4C 66 66 .....Lff >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=2230 >smb_uid=4097 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] F5 61 AE 72 0E C4 DC 87 .a.r.... >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(22,88) >write_socket(22,88) wrote 88 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 51 2D F4 BE 2D 5E 6A 8F Q-..-^j. >cli_init_creds: user domain >secrets_named_mutex: released mutex for WEP-NA-DC2 >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 02 A4 04 3F BB 6E 8F D3 ...?.n.. >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(22,104) >write_socket(22,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 512 (0x200) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] E1 46 8B EB F7 92 B3 45 .F.....E >Bind RPC Pipe[4002]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 0000001f >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 3919286a > 0024 data : b10c > 0026 data : 11d0 > 0028 data : 9b a8 > 002a data : 00 c0 4f d9 2e f5 > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:4002 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16386 (0x4002) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 1F 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j >[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] CB 11 9B ED 4D 7E 00 6E ....M~.n >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(22,158) >write_socket(22,158) wrote 158 >cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 1F 00 00 ........ .D...... >[010] 00 B8 10 B8 10 34 5F 13 00 0C 00 5C 50 49 50 45 .....4_. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] 05 F0 E2 A6 31 50 04 08 ....1P.. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 1F 00 00 ........ .D...... >[010] 00 B8 10 B8 10 34 5F 13 00 0C 00 5C 50 49 50 45 .....4_. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 0000001f >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00135f34 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >000000 ds_io_q_getprimdominfo > 0000 level: 0001 >create_rpc_request: opnum: 0x0 data_len: 0x1a >create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000020 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000000a > 0014 context_id: 0000 > 0016 opnum : 0000 >rpc_api_pipe: fnum:4002 >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16386 (0x4002) >smb_bcc=41 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 1A 00 00 00 20 00 00 00 0A ........ ... .... >[020] 00 00 00 00 00 00 00 01 00 ........ . >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] 64 6C 94 D0 26 D6 3A 5A dl..&.:Z >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(22,112) >write_socket(22,112) wrote 112 >cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >got smb length of 244 >size=244 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 188 (0xBC) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 188 (0xBC) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=189 >[000] 00 05 00 02 03 10 00 00 00 BC 00 00 00 20 00 00 ........ ..... .. >[010] 00 A4 00 00 00 00 00 00 00 F8 50 36 02 01 00 00 ........ ..P6.... >[020] 00 04 00 00 00 01 00 00 01 38 BD 0F 00 10 3E 2E ........ .8....>. >[030] 0D 80 F2 35 02 4D B9 58 7C 17 8E 5A 48 8C 2A 72 ...5.M.X |..ZH.*r >[040] 87 47 25 FD 4D 03 00 00 00 00 00 00 00 03 00 00 .G%.M... ........ >[050] 00 4E 00 41 00 00 00 00 00 13 00 00 00 00 00 00 .N.A.... ........ >[060] 00 13 00 00 00 6E 00 61 00 2E 00 61 00 64 00 2E .....n.a ...a.d.. >[070] 00 63 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E .c.o.l.o .r.c.o.n >[080] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 10 00 00 ...c.o.m ........ >[090] 00 00 00 00 00 10 00 00 00 61 00 64 00 2E 00 63 ........ .a.d...c >[0A0] 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E 00 2E .o.l.o.r .c.o.n.. >[0B0] 00 63 00 6F 00 6D 00 00 00 00 00 00 00 .c.o.m.. ..... >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] 7E 85 57 C5 06 01 42 69 ~.W...Bi >size=244 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 188 (0xBC) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 188 (0xBC) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=189 >[000] 00 05 00 02 03 10 00 00 00 BC 00 00 00 20 00 00 ........ ..... .. >[010] 00 A4 00 00 00 00 00 00 00 F8 50 36 02 01 00 00 ........ ..P6.... >[020] 00 04 00 00 00 01 00 00 01 38 BD 0F 00 10 3E 2E ........ .8....>. >[030] 0D 80 F2 35 02 4D B9 58 7C 17 8E 5A 48 8C 2A 72 ...5.M.X |..ZH.*r >[040] 87 47 25 FD 4D 03 00 00 00 00 00 00 00 03 00 00 .G%.M... ........ >[050] 00 4E 00 41 00 00 00 00 00 13 00 00 00 00 00 00 .N.A.... ........ >[060] 00 13 00 00 00 6E 00 61 00 2E 00 61 00 64 00 2E .....n.a ...a.d.. >[070] 00 63 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E .c.o.l.o .r.c.o.n >[080] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 10 00 00 ...c.o.m ........ >[090] 00 00 00 00 00 10 00 00 00 61 00 64 00 2E 00 63 ........ .a.d...c >[0A0] 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E 00 2E .o.l.o.r .c.o.n.. >[0B0] 00 63 00 6F 00 6D 00 00 00 00 00 00 00 .c.o.m.. ..... >cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >rpc_check_hdr: rdata->data_size = 188 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00bc > 000a auth_len : 0000 > 000c call_id : 00000020 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000a4 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 188 >rpc_api_pipe: fragment first and last both set >000018 ds_io_r_getprimdominfo > 0018 ptr: 023650f8 > 001c level: 0001 > 001e unknown0: 0000 > 0020 machine_role: 0004 > 0022 unknown: 0000 > 0024 flags: 01000001 > 0028 netbios_ptr: 000fbd38 > 002c dnsname_ptr: 0d2e3e10 > 0030 forestname_ptr: 0235f280 > 000034 smb_io_uuid domain_guid > 0034 data : 7c58b94d > 0038 data : 8e17 > 003a data : 485a > 003c data : 8c 2a > 003e data : 72 87 47 25 fd 4d > 000044 smb_io_unistr2 netbios_domain > 0044 uni_max_len: 00000003 > 0048 offset : 00000000 > 004c uni_str_len: 00000003 > 0050 buffer : N.A... > 000058 smb_io_unistr2 dns_domain > 0058 uni_max_len: 00000013 > 005c offset : 00000000 > 0060 uni_str_len: 00000013 > 0064 buffer : n.a...a.d...c.o.l.o.r.c.o.n...c.o.m... > 00008c smb_io_unistr2 forest_domain > 008c uni_max_len: 00000010 > 0090 offset : 00000000 > 0094 uni_str_len: 00000010 > 0098 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m... > 00b8 status: NT_STATUS_OK >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] A6 90 B6 D3 80 92 F1 16 ........ >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(22,45) >write_socket(22,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=7 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 11 mid = 7 >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] FB 73 41 2E 21 AE 8A B6 .sA.!... >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] 3D 55 99 CC 89 0F 65 AF =U....e. >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(22,104) >write_socket(22,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 768 (0x300) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] 1E 2E 51 B5 13 9A 60 BA ..Q...`. >Bind RPC Pipe[4003]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000021 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_elements: 00000001 > 001c context_id : 0000 > 001e num_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:4003 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16387 (0x4003) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 21 00 00 00 B8 .......H ...!.... >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] 06 03 D0 6C 07 00 85 35 ...l...5 >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(22,158) >write_socket(22,158) wrote 158 >cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 21 00 00 ........ .D...!.. >[010] 00 B8 10 B8 10 35 5F 13 00 0C 00 5C 50 49 50 45 .....5_. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] 98 64 9E DD EE 34 69 6A .d...4ij >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 21 00 00 ........ .D...!.. >[010] 00 B8 10 B8 10 35 5F 13 00 0C 00 5C 50 49 50 45 .....5_. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000021 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00135f35 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >init_lsa_sec_qos >init_q_open_pol2: attr:0 da:33554432 >init_lsa_obj_attr >000000 lsa_io_q_open_pol2 > 0000 ptr : 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.E.P.-.N.A.-.D.C.2... > 00002a lsa_io_obj_attr > 002c len : 00000018 > 0030 ptr_root_dir: 00000000 > 0034 ptr_obj_name: 00000000 > 0038 attributes : 00000000 > 003c ptr_sec_desc: 00000000 > 0040 ptr_sec_qos : 00000001 > 000044 lsa_io_obj_qos sec_qos > 0044 len : 0000000c > 0048 sec_imp_level : 0002 > 004a sec_ctxt_mode : 01 > 004b effective_only: 00 >lsa_io_sec_qos: length c does not match size 8 > 004c des_access: 02000000 >create_rpc_request: opnum: 0x2c data_len: 0x68 >create_rpc_request: data_len: 68 auth_len: 0 alloc_hint: 58 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0068 > 000a auth_len : 0000 > 000c call_id : 00000022 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000058 > 0014 context_id: 0000 > 0016 opnum : 002c >rpc_api_pipe: fnum:4003 >size=186 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 104 (0x68) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 104 (0x68) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16387 (0x4003) >smb_bcc=119 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 68 00 00 00 22 00 00 00 58 .......h ..."...X >[020] 00 00 00 00 00 2C 00 01 00 00 00 0D 00 00 00 00 .....,.. ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 45 00 50 .......\ .\.W.E.P >[040] 00 2D 00 4E 00 41 00 2D 00 44 00 43 00 32 00 00 .-.N.A.- .D.C.2.. >[050] 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[060] 00 00 00 00 00 00 00 01 00 00 00 0C 00 00 00 02 ........ ........ >[070] 00 01 00 00 00 00 02 ....... >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] 24 AC 38 E0 F5 FF 05 E3 $.8..... >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(22,190) >write_socket(22,190) wrote 190 >cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 22 00 00 ........ .0...".. >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 2C B1 42 ........ .....,.B >[020] 4A 43 CF 1A 4D A0 9F A9 75 56 C3 4B 14 00 00 00 JC..M... uV.K.... >[030] 00 . >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] FA 8B D1 6E F0 A4 56 09 ...n..V. >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 22 00 00 ........ .0...".. >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 2C B1 42 ........ .....,.B >[020] 4A 43 CF 1A 4D A0 9F A9 75 56 C3 4B 14 00 00 00 JC..M... uV.K.... >[030] 00 . >cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >rpc_check_hdr: rdata->data_size = 48 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000022 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 48 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_open_pol2 > 000018 smb_io_pol_hnd > 0018 data1: 00000000 > 001c data2: 4a42b12c > 0020 data3: cf43 > 0022 data4: 4d1a > 0024 data5: a0 9f a9 75 56 c3 4b 14 > 002c status: NT_STATUS_OK >init_q_query2 >000000 lsa_io_q_query_info2 > 000000 smb_io_pol_hnd pol > 0000 data1: 00000000 > 0004 data2: 4a42b12c > 0008 data3: cf43 > 000a data4: 4d1a > 000c data5: a0 9f a9 75 56 c3 4b 14 > 0014 info_class: 000c >create_rpc_request: opnum: 0x2e data_len: 0x2e >create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000023 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000001e > 0014 context_id: 0000 > 0016 opnum : 002e >rpc_api_pipe: fnum:4003 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16387 (0x4003) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 2E 00 00 00 23 00 00 00 1E ........ ...#.... >[020] 00 00 00 00 00 2E 00 00 00 00 00 2C B1 42 4A 43 ........ ...,.BJC >[030] CF 1A 4D A0 9F A9 75 56 C3 4B 14 0C 00 ..M...uV .K... >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] D6 FB CF 01 29 29 E1 34 ....)).4 >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(22,132) >write_socket(22,132) wrote 132 >cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >got smb length of 272 >size=272 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 216 (0xD8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 216 (0xD8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=217 >[000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 23 00 00 ........ .....#.. >[010] 00 C0 00 00 00 00 00 00 00 30 AD 2C 0D 0C 00 00 ........ .0.,.... >[020] 00 04 00 06 00 38 BD 0F 00 24 00 26 00 F8 50 36 .....8.. .$.&..P6 >[030] 02 1E 00 20 00 80 F2 35 02 4D B9 58 7C 17 8E 5A ... ...5 .M.X|..Z >[040] 48 8C 2A 72 87 47 25 FD 4D 78 71 12 00 03 00 00 H.*r.G%. Mxq..... >[050] 00 00 00 00 00 02 00 00 00 4E 00 41 00 13 00 00 ........ .N.A.... >[060] 00 00 00 00 00 12 00 00 00 6E 00 61 00 2E 00 61 ........ .n.a...a >[070] 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 00 63 .d...c.o .l.o.r.c >[080] 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 10 00 00 .o.n...c .o.m.... >[090] 00 00 00 00 00 0F 00 00 00 61 00 64 00 2E 00 63 ........ .a.d...c >[0A0] 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E 00 2E .o.l.o.r .c.o.n.. >[0B0] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ >[0C0] 00 00 00 00 05 15 00 00 00 81 77 D9 74 92 E0 3C ........ ..w.t..< >[0D0] 77 23 5F 63 6B 00 00 00 00 w#_ck... . >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] 86 CC 14 3D 94 FB B3 E7 ...=.... >size=272 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 216 (0xD8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 216 (0xD8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=217 >[000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 23 00 00 ........ .....#.. >[010] 00 C0 00 00 00 00 00 00 00 30 AD 2C 0D 0C 00 00 ........ .0.,.... >[020] 00 04 00 06 00 38 BD 0F 00 24 00 26 00 F8 50 36 .....8.. .$.&..P6 >[030] 02 1E 00 20 00 80 F2 35 02 4D B9 58 7C 17 8E 5A ... ...5 .M.X|..Z >[040] 48 8C 2A 72 87 47 25 FD 4D 78 71 12 00 03 00 00 H.*r.G%. Mxq..... >[050] 00 00 00 00 00 02 00 00 00 4E 00 41 00 13 00 00 ........ .N.A.... >[060] 00 00 00 00 00 12 00 00 00 6E 00 61 00 2E 00 61 ........ .n.a...a >[070] 00 64 00 2E 00 63 00 6F 00 6C 00 6F 00 72 00 63 .d...c.o .l.o.r.c >[080] 00 6F 00 6E 00 2E 00 63 00 6F 00 6D 00 10 00 00 .o.n...c .o.m.... >[090] 00 00 00 00 00 0F 00 00 00 61 00 64 00 2E 00 63 ........ .a.d...c >[0A0] 00 6F 00 6C 00 6F 00 72 00 63 00 6F 00 6E 00 2E .o.l.o.r .c.o.n.. >[0B0] 00 63 00 6F 00 6D 00 00 00 04 00 00 00 01 04 00 .c.o.m.. ........ >[0C0] 00 00 00 00 05 15 00 00 00 81 77 D9 74 92 E0 3C ........ ..w.t..< >[0D0] 77 23 5F 63 6B 00 00 00 00 w#_ck... . >cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >rpc_check_hdr: rdata->data_size = 216 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00d8 > 000a auth_len : 0000 > 000c call_id : 00000023 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000c0 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 216 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_query_info2 > 0018 ptr: 0d2cad30 > 001c info_class: 000c > 00001e lsa_io_dns_dom_info info12 > 000020 smb_io_unihdr nb_name > 0020 uni_str_len: 0004 > 0022 uni_max_len: 0006 > 0024 buffer : 000fbd38 > 000028 smb_io_unihdr dns_name > 0028 uni_str_len: 0024 > 002a uni_max_len: 0026 > 002c buffer : 023650f8 > 000030 smb_io_unihdr forest > 0030 uni_str_len: 001e > 0032 uni_max_len: 0020 > 0034 buffer : 0235f280 > 000038 smb_io_uuid dom_guid > 0038 data : 7c58b94d > 003c data : 8e17 > 003e data : 485a > 0040 data : 8c 2a > 0042 data : 72 87 47 25 fd 4d > 0048 dom_sid: 00127178 > 00004c smb_io_unistr2 nb_name > 004c uni_max_len: 00000003 > 0050 offset : 00000000 > 0054 uni_str_len: 00000002 > 0058 buffer : N.A. > 00005c smb_io_unistr2 dns_name > 005c uni_max_len: 00000013 > 0060 offset : 00000000 > 0064 uni_str_len: 00000012 > 0068 buffer : n.a...a.d...c.o.l.o.r.c.o.n...c.o.m. > 00008c smb_io_unistr2 forest > 008c uni_max_len: 00000010 > 0090 offset : 00000000 > 0094 uni_str_len: 0000000f > 0098 buffer : a.d...c.o.l.o.r.c.o.n...c.o.m. > 0000b6 smb_io_dom_sid2 dom_sid > 00b8 num_auths: 00000004 > 0000bc smb_io_dom_sid sid > 00bc sid_rev_num: 01 > 00bd num_auths : 04 > 00be id_auth[0] : 00 > 00bf id_auth[1] : 00 > 00c0 id_auth[2] : 00 > 00c1 id_auth[3] : 00 > 00c2 id_auth[4] : 00 > 00c3 id_auth[5] : 05 > 00c4 sub_auths : 00000015 74d97781 773ce092 6b635f23 > 00d4 status: NT_STATUS_OK >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] AB C2 2B 72 8E 62 CC 53 ..+r.b.S >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(22,45) >write_socket(22,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 12 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] CF 86 BF B6 CC 58 01 D6 .....X.. >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] 51 87 50 BB 36 1F 99 89 Q.P.6... >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(22,39) >write_socket(22,39) wrote 39 >got smb length of 35 >size=35 >smb_com=0x71 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=2230 >smb_uid=4097 >smb_mid=13 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] 89 9A 45 D3 44 62 3C 58 ..E.Db<X >get_cache: Setting ADS methods for domain NA >netsamlogon_clear_cached_user: clearing U/NA/2207 >netsamlogon_clear_cached_user: clearing UG/NA/2207 >=============================================================== >INTERNAL ERROR: Signal 11 in pid 2230 (3.0.4-2.3E) >Please read the appendix Bugs of the Samba HOWTO collection >=============================================================== >PANIC: internal error
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=519">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1364
: 519