Hello.
I'm installing new FreeBSD 6.2-RELEASE, based on intel machine. Firewall
type is OPEN.
I have Windows Server 2000 with Active Directory on it, working in Native
mode.
I've installed samba-3.0.23c_2,1 from /usr/ports/net/samba3
prefix=/usr/local
without krb-1.5.1 being installed.
Added:
nmbd_enable="NO"
smbd_enable="NO"
winbindd_enable="YES"
to /etc/rc.conf
filled /etc/nsswitch.conf with:
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
filled /usr/local/etc/smb.conf with:
#
#======================= Global Settings
====================================[global]
workgroup = DEP2
realm = DEP2.CITY-XXI.INT
netbios name = SZRouter
server string = Secondary Router
security = ADS
hosts allow = 10.1.9., 127.
log file = /var/log/samba/log.%m
max log size = 5000
password server = City2.dep2.city-xxi.int
dns proxy = no
preferred master = no
local master = no
domain master = no
os level = 0
# My Properties
auth methods = winbind
winbind use default domain = yes
allow trusted domains = no
client NTLMv2 auth = yes
winbind separator = +
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
and checked syntax with:
testparm -s
I've modified /etc/krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 2400
default_realm = DEP2.CITY-XXI.INT
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5 rc4-hmac
default_etypes_des = des-cbc-crc des-cbc-md5 rc4-hmac
[realms]
DEP2.CITY-XXI.INT = {
kdc = 10.1.9.200:88
admin_server = 10.1.9.200:749
}
[domain_realm]
.dep2.city-xxi.int = DEP2.CITY-XXI.INT
and checked it with verify_krb5_conf
I've created new computer account in AD with "Allow pre-Windows 2000
computers to use this account" checked box.
Then I've successfuly authenticated with login mitroko (member of Domain
Admins) and entered joined domain with
net ads join -U mitroko
Computer account in AD achieved proper DNS-name field, but didn't achieve
any of OS type fileds.
I've restarted winbindd (with /usr/local/etc/rc.d/samba restart) - OK
I've pinged winbindd with
wbinfo -p - Success
wbinfo -t returns "checking the trust secret via RPC calls succeeded"
wbinfo -a testme%testme returns
plaintext password authentication succeeded
challenge/response password authentication succeeded
however, wbinfo -u and wbinfo -g returns lists only after 20-30 seconds.
wbinfo -r testme doesn't work, hanging up, so squid's wbinfo_group.pl
script
doesn't work also.
I have in my /var/log/samba/log.winbindd error's:
nsswitch/winbindd_ads.c:query_user_list(218)
Not a user account? atype=0x30000000
and
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x8returned critical
error. Error was Call timed out: server did not respond after 10000
milliseconds
libads/dns.c:ads_dns_lookup_srv(260)
I've read samba mail-list
In advice http://lists.samba.org/archive/samba/2006-July/122912.html, I've
installed krb-1.5.1 from /usr/ports/security/krb5
with prefix /usr/local, moved old vesions to *.old filenames and added
simlinks to /usr/local/* kerberos files
but it doesn't help me.
I've attached verbose output of
winbindd -i -d 50 >output.txt command
Any suggestions will be appreciated.
Thank you.
Dzmitry Stremkouski.
e-mail: mitroko@gmail.com
-------------- next part --------------
winbindd version 3.0.23c started.
Copyright The Samba Team 2000-2004
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/usr/local/etc/smb.conf"
Processing section "[global]"
doing parameter workgroup = DEP2
doing parameter realm = DEP2.CITY-XXI.INT
doing parameter netbios name = SZRouter
handle_netbios_name: set global_myname to: SZROUTER
doing parameter server string = Secondary Router
doing parameter security = ADS
doing parameter hosts allow = 10.1.9., 127.
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 5000
doing parameter password server = City2.dep2.city-xxi.int
doing parameter dns proxy = no
doing parameter preferred master = no
doing parameter local master = no
doing parameter domain master = no
doing parameter os level = 0
doing parameter auth methods = winbind
doing parameter winbind use default domain = yes
doing parameter allow trusted domains = no
doing parameter client NTLMv2 auth = yes
doing parameter winbind separator = +
doing parameter winbind cache time = 10
doing parameter idmap uid = 10000-20000
doing parameter idmap gid = 10000-20000
pm_process() returned Yes
lp_servicenumber: couldn't find homes
add_a_service: Creating snum = 0 for IPC$
hash_a_service: creating tdb servicehash
hash_a_service: hashing index 0 for service name IPC$
adding IPC service
set_server_role: role = ROLE_DOMAIN_MEMBER
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
Substituting charset 'US-ASCII' for LOCALE
added interface ip=62.118.218.91 bcast=62.118.218.95 nmask=255.255.255.248
added interface ip=10.1.9.15 bcast=10.1.9.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="SZROUTER"
added interface ip=62.118.218.91 bcast=62.118.218.95 nmask=255.255.255.248
added interface ip=10.1.9.15 bcast=10.1.9.255 nmask=255.255.255.0
Opening cache file at /var/db/samba/gencache.tdb
namecache_enable: enabling netbios namecache, timeout 660 seconds
smb_register_idmap: Successfully added idmap backend 'ldap'
smb_register_idmap: Successfully added idmap backend 'tdb'
db_idmap_init: Opening tdbfile /var/db/samba/winbindd_idmap.tdb
fcntl_lock fd=7 op=8 offset=0 count=1 type=3
fcntl_lock: Lock call successful
TimeInit: Serverzone is -14400
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain DEP2 DEP2.CITY-XXI.INT S-1-5-21-565845737-2136282515-3787168119
Added domain SZROUTER S-1-5-21-2599794117-3340421651-2065939854
Added domain BUILTIN S-1-5-32
open_winbindd_socket: opened socket fd 10
open_winbindd_priv_socket: opened socket fd 12
run_events: No events
child daemon request 41
process_request: request fn INIT_CONNECTION
Connection to for domain DEP2 has NULL cli!
Returning valid cache entry: key = SAF/DOMAIN/DEP2, value = 10.1.9.200, timeout
= Wed Apr 23 16:20:10 2008
saf_fetch: Returning "10.1.9.200" for "DEP2" domain
No nmbd found
name_status_find: looking up DEP2#1c at 10.1.9.200
Cache entry with key = NBT/DEP2#1C.20.10.1.9.200 couldn't be found
namecache_status_fetch: no entry for NBT/DEP2#1C.20.10.1.9.200 found.
Deleting cache entry (key = NBT/DEP2#1C.20.10.1.9.200)
bind succeeded on port 0
Sending a packet of len 50 to (10.1.9.200) on port 137
read_udp_socket: lastip 10.1.9.200 lastport 137 read: 301
parse_nmb: packet id = 4990
Received a packet of len 301 from (10.1.9.200) port 137
nmb packet from 10.1.9.200(137) header: id=4990 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=DEP2<1c> rr_type=33 rr_class=1 ttl=0
answers 0 char .CITY2 hex 0A434954593220202020202020202020
answers 10 char .D.CITY2 hex 00440043495459322020202020202020
answers 20 char D.DEP2 hex 20202044004445503220202020202020
answers 30 char ...DEP2 hex 2020202000C400444550322020202020
answers 40 char ...DEP2 hex 2020202020201CC40044455032202020
answers 50 char .D.DEP2 hex 20202020202020201B44004445503220
answers 60 char ...DEP hex 202020202020202020201EC400444550
answers 70 char 2 .D.. hex 3220202020202020202020201D440001
answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F0201C4
answers 90 char .INet~Services hex 00494E65747E53657276696365732020
answers a0 char ...IS~CITY2..... hex 1CC40049537E43495459320000000000
answers b0 char ...D....u....... hex 000000440000D0B775EBC30000000000
answers c0 char ................ hex 00000000000000000000000000000000
answers d0 char ................ hex 00000000000000000000000000000000
answers e0 char ... hex 000000
CITY2#00: flags = 0x44
CITY2#20: flags = 0x44
DEP2#00: flags = 0xc4
DEP2#1c: flags = 0xc4
DEP2#1b: flags = 0x44
DEP2#1e: flags = 0xc4
DEP2#1d: flags = 0x44
__MSBROWSE__#01: flags = 0xc4
INet~Services#1c: flags = 0xc4
IS~CITY2#00: flags = 0x44
name_status_find: name found, name CITY2 ip address is 10.1.9.200
namecache_store: storing 1 address for CITY2#20: 10.1.9.200:0
Adding cache entry with key = NBT/CITY2#20; value = 10.1.9.200:0 and timeout =
Wed Apr 23 16:16:56 2008
(660 seconds ahead)
internal_resolve_name: looking up CITY2#20
Returning valid cache entry: key = NBT/CITY2#20, value = 10.1.9.200:0, timeout =
Wed Apr 23 16:16:56 2008
name CITY2#20 found.
cm_get_ipc_userpass: No auth-user defined
secrets_named_mutex: got mutex for CITY2
write_socket(13,183)
write_socket(13,183) wrote 183
got smb length of 181
size=181
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=1175
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12807 (0x3207)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 243 (0xF3)
smb_vwv[11]=20608 (0x5080)
smb_vwv[12]=36637 (0x8F1D)
smb_vwv[13]=14942 (0x3A5E)
smb_vwv[14]=51365 (0xC8A5)
smb_vwv[15]= 4097 (0x1001)
smb_vwv[16]= 255 (0xFF)
smb_bcc=112
[000] F0 F4 4B 4D 72 3B B6 49 8A BD F0 04 1D 59 02 80 ..KMr;.I .....Y..
[010] 60 5E 06 06 2B 06 01 05 05 02 A0 54 30 52 A0 30 `^..+... ...T0R.0
[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7...
[050] A3 1E 30 1C A0 1A 1B 18 63 69 74 79 32 24 40 44 ..0..... city2$@D
[060] 45 50 32 2E 43 49 54 59 2D 58 58 49 2E 49 4E 54 EP2.CITY -XXI.INT
size=181
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=1175
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12807 (0x3207)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 243 (0xF3)
smb_vwv[11]=20608 (0x5080)
smb_vwv[12]=36637 (0x8F1D)
smb_vwv[13]=14942 (0x3A5E)
smb_vwv[14]=51365 (0xC8A5)
smb_vwv[15]= 4097 (0x1001)
smb_vwv[16]= 255 (0xFF)
smb_bcc=112
[000] F0 F4 4B 4D 72 3B B6 49 8A BD F0 04 1D 59 02 80 ..KMr;.I .....Y..
[010] 60 5E 06 06 2B 06 01 05 05 02 A0 54 30 52 A0 30 `^..+... ...T0R.0
[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7...
[050] A3 1E 30 1C A0 1A 1B 18 63 69 74 79 32 24 40 44 ..0..... city2$@D
[060] 45 50 32 2E 43 49 54 59 2D 58 58 49 2E 49 4E 54 EP2.CITY -XXI.INT
connecting to CITY2 from SZROUTER with kerberos principal
[SZROUTER$@DEP2.CITY-XXI.INT]
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=city2$@DEP2.CITY-XXI.INT
kerberos_kinit_password: using MEMORY:cliconnect as ccache
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu,
24 Apr 2008 02:05:49 MSD
ads_krb5_mk_req: Ticket (city2$@DEP2.CITY-XXI.INT) in ccache (MEMORY:cliconnect)
is valid until: (Thu, 24 Apr 2008 02:05:49 MSD - 1208988349)
Got KRB5 session key of length 16
SMB signing enabled!
cli_simple_set_signing: user_session_key
[000] C4 29 D1 54 F5 BB 85 84 6D C3 D6 D7 EE 1C A3 68 .).T.... m......h
cli_simple_set_signing: NULL response_data
simple_packet_signature: sequence number 0
client_sign_outgoing_message: sent SMB signature of
[000] 6B CE 18 18 6F D6 84 B7 k...o...
store_sequence_for_reply: stored seq = 1 mid = 2
write_socket(13,1246)
write_socket(13,1246) wrote 1246
got smb length of 143
size=143
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=1175
smb_uid=2049
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 143 (0x8F)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 26 (0x1A)
smb_bcc=100
[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02 04 00 F0 57 00 69 00 6E ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0
[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s
[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A
[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e
[060] 00 72 00 00 .r..
get_sequence_for_reply: found seq = 1 mid = 2
simple_packet_signature: sequence number 1
client_check_incoming_message: seq 1: got good SMB signature of
[000] ED 25 C0 F0 9E 91 F9 2F .%...../
size=143
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=1175
smb_uid=2049
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 143 (0x8F)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 26 (0x1A)
smb_bcc=100
[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02 04 00 F0 57 00 69 00 6E ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0
[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s
[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A
[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e
[060] 00 72 00 00 .r..
cli_init_creds: user SZROUTER$ domain DEP2
saf_store: domain = [DEP2], server = [CITY2], expire = [1208953256]
Adding cache entry with key = SAF/DOMAIN/DEP2; value = CITY2 and timeout = Wed
Apr 23 16:20:56 2008
(900 seconds ahead)
simple_packet_signature: sequence number 2
client_sign_outgoing_message: sent SMB signature of
[000] 2D 44 AC 55 04 0B CB 47 -D.U...G
store_sequence_for_reply: stored seq = 3 mid = 3
write_socket(13,78)
write_socket(13,78) wrote 78
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=3
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00 IPC....
get_sequence_for_reply: found seq = 3 mid = 3
simple_packet_signature: sequence number 3
client_check_incoming_message: seq 3: got good SMB signature of
[000] 2F AF 04 CF 61 74 D3 B6 /...at..
secrets_named_mutex: released mutex for CITY2
set_global_winbindd_state_online: online requested.
set_global_winbindd_state_online: rejecting.
simple_packet_signature: sequence number 4
client_sign_outgoing_message: sent SMB signature of
[000] 15 84 44 0A AF 50 0E 28 ..D..P.(
store_sequence_for_reply: stored seq = 5 mid = 4
write_socket(13,104)
write_socket(13,104) wrote 104
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=4
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 103 (0x67)
smb_vwv[ 2]= 512 (0x200)
smb_vwv[ 3]= 320 (0x140)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 16 (0x10)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 5 mid = 4
simple_packet_signature: sequence number 5
client_check_incoming_message: seq 5: got good SMB signature of
[000] 9B 37 27 A8 EB 00 BF 16 .7'.....
Bind RPC Pipe[4002]: \lsarpc auth_type 0, auth_level 0
Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5
j(.9.... ....O...
[010] 00 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60
.]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000001
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_contexts: 01
001c context_id : 0000
001e num_transfer_syntaxes: 01
00001f smb_io_rpc_iface
000020 smb_io_uuid uuid
0020 data : 3919286a
0024 data : b10c
0026 data : 11d0
0028 data : 9b a8
002a data : 00 c0 4f d9 2e f5
0030 version: 00000000
000034 smb_io_rpc_iface
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4002
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=5
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 72 (0x48)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16386 (0x4002)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........
[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j
[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O....
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 .H`....
simple_packet_signature: sequence number 6
client_sign_outgoing_message: sent SMB signature of
[000] 2A A8 72 51 A8 09 7B 5A *.rQ..{Z
store_sequence_for_reply: stored seq = 7 mid = 5
write_socket(13,158)
write_socket(13,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=5
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D......
[010] 00 B8 10 B8 10 B2 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
get_sequence_for_reply: found seq = 7 mid = 5
simple_packet_signature: sequence number 7
client_check_incoming_message: seq 7: got good SMB signature of
[000] BE DC 1E D8 57 0A B5 EF ....W...
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=5
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D......
[010] 00 B8 10 B8 10 B2 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
get_sequence_for_reply: found seq = 7 mid = 5
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000001
rpc_api_pipe: got PDU len of 68 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4002 returned 68 bytes.
rpc_pipe_bind: Remote machine CITY2 pipe \lsarpc fnum 0x4002 bind request
returned ok.
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000001
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 0006a7b2
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine CITY2 and bound
anonymously.
000000 ds_io_q_getprimdominfo
0000 level: 0001
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 001a
000a auth_len : 0000
000c call_id : 00000002
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000002
0014 context_id: 0000
0016 opnum : 0000
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4002
size=108
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=6
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 26 (0x1A)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 26 (0x1A)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16386 (0x4002)
smb_bcc=41
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........
[020] 00 00 00 00 00 00 00 01 00 ........ .
simple_packet_signature: sequence number 8
client_sign_outgoing_message: sent SMB signature of
[000] 92 7C C0 6F 69 08 98 06 .|.oi...
store_sequence_for_reply: stored seq = 9 mid = 6
write_socket(13,112)
write_socket(13,112) wrote 112
got smb length of 248
size=248
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=6
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 192 (0xC0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 192 (0xC0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=193
[000] 00 05 00 02 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........
[010] 00 A8 00 00 00 00 00 00 00 F0 85 B9 0C 01 00 00 ........ ........
[020] 00 05 00 00 00 01 00 00 01 B8 57 15 00 08 DD BC ........ ..W.....
[030] 0C 38 0D BE 0C 39 21 48 EB EF 06 CE 4E B2 A6 69 .8...9!H ....N..i
[040] 7B D4 30 87 9E 05 00 00 00 00 00 00 00 05 00 00 {.0..... ........
[050] 00 44 00 45 00 50 00 32 00 00 00 00 00 12 00 00 .D.E.P.2 ........
[060] 00 00 00 00 00 12 00 00 00 64 00 65 00 70 00 32 ........ .d.e.p.2
[070] 00 2E 00 63 00 69 00 74 00 79 00 2D 00 78 00 78 ...c.i.t .y.-.x.x
[080] 00 69 00 2E 00 69 00 6E 00 74 00 00 00 12 00 00 .i...i.n .t......
[090] 00 00 00 00 00 12 00 00 00 64 00 65 00 70 00 32 ........ .d.e.p.2
[0A0] 00 2E 00 63 00 69 00 74 00 79 00 2D 00 78 00 78 ...c.i.t .y.-.x.x
[0B0] 00 69 00 2E 00 69 00 6E 00 74 00 00 00 00 00 00 .i...i.n .t......
[0C0] 00 .
get_sequence_for_reply: found seq = 9 mid = 6
simple_packet_signature: sequence number 9
client_check_incoming_message: seq 9: got good SMB signature of
[000] 3D 42 A1 FC 64 0C 2F F2 =B..d./.
size=248
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=6
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 192 (0xC0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 192 (0xC0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=193
[000] 00 05 00 02 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........
[010] 00 A8 00 00 00 00 00 00 00 F0 85 B9 0C 01 00 00 ........ ........
[020] 00 05 00 00 00 01 00 00 01 B8 57 15 00 08 DD BC ........ ..W.....
[030] 0C 38 0D BE 0C 39 21 48 EB EF 06 CE 4E B2 A6 69 .8...9!H ....N..i
[040] 7B D4 30 87 9E 05 00 00 00 00 00 00 00 05 00 00 {.0..... ........
[050] 00 44 00 45 00 50 00 32 00 00 00 00 00 12 00 00 .D.E.P.2 ........
[060] 00 00 00 00 00 12 00 00 00 64 00 65 00 70 00 32 ........ .d.e.p.2
[070] 00 2E 00 63 00 69 00 74 00 79 00 2D 00 78 00 78 ...c.i.t .y.-.x.x
[080] 00 69 00 2E 00 69 00 6E 00 74 00 00 00 12 00 00 .i...i.n .t......
[090] 00 00 00 00 00 12 00 00 00 64 00 65 00 70 00 32 ........ .d.e.p.2
[0A0] 00 2E 00 63 00 69 00 74 00 79 00 2D 00 78 00 78 ...c.i.t .y.-.x.x
[0B0] 00 69 00 2E 00 69 00 6E 00 74 00 00 00 00 00 00 .i...i.n .t......
[0C0] 00 .
get_sequence_for_reply: found seq = 9 mid = 6
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00c0
000a auth_len : 0000
000c call_id : 00000002
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 000000a8
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
cli_pipe_validate_current_pdu: got pdu len 192, data_len 168, ss_len 0
rpc_api_pipe: got PDU len of 192 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4002 returned 336 bytes.
000000 ds_io_r_getprimdominfo
0000 ptr: 0cb985f0
0004 level: 0001
0006 unknown0: 0000
0008 machine_role: 0005
000a unknown: 0000
000c flags: 01000001
0010 netbios_ptr: 001557b8
0014 dnsname_ptr: 0cbcdd08
0018 forestname_ptr: 0cbe0d38
00001c smb_io_uuid domain_guid
001c data : eb482139
0020 data : 06ef
0022 data : 4ece
0024 data : b2 a6
0026 data : 69 7b d4 30 87 9e
00002c smb_io_unistr2 netbios_domain
002c uni_max_len: 00000005
0030 offset : 00000000
0034 uni_str_len: 00000005
0038 buffer : D.E.P.2...
000044 smb_io_unistr2 dns_domain
0044 uni_max_len: 00000012
0048 offset : 00000000
004c uni_str_len: 00000012
0050 buffer : d.e.p.2...c.i.t.y.-.x.x.i...i.n.t...
000074 smb_io_unistr2 forest_domain
0074 uni_max_len: 00000012
0078 offset : 00000000
007c uni_str_len: 00000012
0080 buffer : d.e.p.2...c.i.t.y.-.x.x.i...i.n.t...
00a4 status: NT_STATUS_OK
simple_packet_signature: sequence number 10
client_sign_outgoing_message: sent SMB signature of
[000] D2 A1 81 30 DB 66 E7 8A ...0.f..
store_sequence_for_reply: stored seq = 11 mid = 7
write_socket(13,45)
write_socket(13,45) wrote 45
got smb length of 35
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=7
smt_wct=0
smb_bcc=0
get_sequence_for_reply: found seq = 11 mid = 7
simple_packet_signature: sequence number 11
client_check_incoming_message: seq 11: got good SMB signature of
[000] 8B 1B 96 1C 6C D8 AB FC ....l...
cli_rpc_pipe_close: closed pipe \lsarpc to machine CITY2
simple_packet_signature: sequence number 12
client_sign_outgoing_message: sent SMB signature of
[000] A9 D5 01 90 AA 5E F4 04 .....^..
store_sequence_for_reply: stored seq = 13 mid = 8
write_socket(13,104)
write_socket(13,104) wrote 104
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=8
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 103 (0x67)
smb_vwv[ 2]= 768 (0x300)
smb_vwv[ 3]= 320 (0x140)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 16 (0x10)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 13 mid = 8
simple_packet_signature: sequence number 13
client_check_incoming_message: seq 13: got good SMB signature of
[000] 36 65 27 9A 09 2B 9F FD 6e'..+..
Bind RPC Pipe[4003]: \lsarpc auth_type 0, auth_level 0
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB
xW4.4... ...#Eg..
[010] 00 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60
.]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000003
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_contexts: 01
001c context_id : 0000
001e num_transfer_syntaxes: 01
00001f smb_io_rpc_iface
000020 smb_io_uuid uuid
0020 data : 12345778
0024 data : 1234
0026 data : abcd
0028 data : ef 00
002a data : 01 23 45 67 89 ab
0030 version: 00000000
000034 smb_io_rpc_iface
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4003
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=9
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 72 (0x48)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16387 (0x4003)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........
[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x
[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 .H`....
simple_packet_signature: sequence number 14
client_sign_outgoing_message: sent SMB signature of
[000] E1 5E FF 33 EA 73 CF 93 .^.3.s..
store_sequence_for_reply: stored seq = 15 mid = 9
write_socket(13,158)
write_socket(13,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=9
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D......
[010] 00 B8 10 B8 10 B3 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
get_sequence_for_reply: found seq = 15 mid = 9
simple_packet_signature: sequence number 15
client_check_incoming_message: seq 15: got good SMB signature of
[000] 67 C1 36 1A 09 D3 DB 7A g.6....z
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=9
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D......
[010] 00 B8 10 B8 10 B3 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
get_sequence_for_reply: found seq = 15 mid = 9
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000003
rpc_api_pipe: got PDU len of 68 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4003 returned 68 bytes.
rpc_pipe_bind: Remote machine CITY2 pipe \lsarpc fnum 0x4003 bind request
returned ok.
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000003
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 0006a7b3
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine CITY2 and bound
anonymously.
init_lsa_sec_qos
init_q_open_pol2: attr:0 da:33554432
init_lsa_obj_attr
000000 lsa_io_q_open_pol2
0000 ptr : 00000001
000004 smb_io_unistr2
0004 uni_max_len: 00000008
0008 offset : 00000000
000c uni_str_len: 00000008
0010 buffer : \.\.C.I.T.Y.2...
000020 lsa_io_obj_attr
0020 len : 00000018
0024 ptr_root_dir: 00000000
0028 ptr_obj_name: 00000000
002c attributes : 00000000
0030 ptr_sec_desc: 00000000
0034 ptr_sec_qos : 00000001
000038 lsa_io_obj_qos sec_qos
0038 len : 0000000c
003c sec_imp_level : 0002
003e sec_ctxt_mode : 01
003f effective_only: 00
lsa_io_sec_qos: length c does not match size 8
0040 des_access: 02000000
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 005c
000a auth_len : 0000
000c call_id : 00000004
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000044
0014 context_id: 0000
0016 opnum : 002c
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4003
size=174
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=10
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 92 (0x5C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 92 (0x5C)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16387 (0x4003)
smb_bcc=107
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 5C 00 00 00 04 00 00 00 44 .......\ .......D
[020] 00 00 00 00 00 2C 00 01 00 00 00 08 00 00 00 00 .....,.. ........
[030] 00 00 00 08 00 00 00 5C 00 5C 00 43 00 49 00 54 .......\ .\.C.I.T
[040] 00 59 00 32 00 00 00 18 00 00 00 00 00 00 00 00 .Y.2.... ........
[050] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........
[060] 00 00 00 02 00 01 00 00 00 00 02 ........ ...
simple_packet_signature: sequence number 16
client_sign_outgoing_message: sent SMB signature of
[000] AF 25 B4 CC EF 7D 71 D8 .%...}q.
store_sequence_for_reply: stored seq = 17 mid = 10
write_socket(13,178)
write_socket(13,178) wrote 178
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=10
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BB 92 37 ........ .......7
[020] E4 B1 4A 67 46 90 EF 5E F1 98 4C 5C 80 00 00 00 ..JgF..^ ..L\....
[030] 00 .
get_sequence_for_reply: found seq = 17 mid = 10
simple_packet_signature: sequence number 17
client_check_incoming_message: seq 17: got good SMB signature of
[000] BA 15 92 2D D9 73 23 E4 ...-.s#.
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=10
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BB 92 37 ........ .......7
[020] E4 B1 4A 67 46 90 EF 5E F1 98 4C 5C 80 00 00 00 ..JgF..^ ..L\....
[030] 00 .
get_sequence_for_reply: found seq = 17 mid = 10
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000004
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
rpc_api_pipe: got PDU len of 48 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4003 returned 48 bytes.
000000 lsa_io_r_open_pol2
000000 smb_io_pol_hnd
0000 data1: 00000000
0004 data2: e43792bb
0008 data3: 4ab1
000a data4: 4667
000c data5: 90 ef 5e f1 98 4c 5c 80
0014 status: NT_STATUS_OK
init_q_query2
000000 lsa_io_q_query_info2
000000 smb_io_pol_hnd pol
0000 data1: 00000000
0004 data2: e43792bb
0008 data3: 4ab1
000a data4: 4667
000c data5: 90 ef 5e f1 98 4c 5c 80
0014 info_class: 000c
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002e
000a auth_len : 0000
000c call_id : 00000005
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000016
0014 context_id: 0000
0016 opnum : 002e
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4003
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=11
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 46 (0x2E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 46 (0x2E)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16387 (0x4003)
smb_bcc=61
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........
[020] 00 00 00 00 00 2E 00 00 00 00 00 BB 92 37 E4 B1 ........ .....7..
[030] 4A 67 46 90 EF 5E F1 98 4C 5C 80 0C 00 JgF..^.. L\...
simple_packet_signature: sequence number 18
client_sign_outgoing_message: sent SMB signature of
[000] 01 3F 16 C6 2A 3C 95 1E .?..*<..
store_sequence_for_reply: stored seq = 19 mid = 11
write_socket(13,132)
write_socket(13,132) wrote 132
got smb length of 280
size=280
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=11
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 224 (0xE0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 224 (0xE0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=225
[000] 00 05 00 02 03 10 00 00 00 E0 00 00 00 05 00 00 ........ ........
[010] 00 C8 00 00 00 00 00 00 00 58 CF BD 0C 0C 00 00 ........ .X......
[020] 00 08 00 0A 00 70 F7 B9 0C 22 00 24 00 F0 85 B9 .....p.. .".$....
[030] 0C 22 00 24 00 38 0D BE 0C 39 21 48 EB EF 06 CE .".$.8.. .9!H....
[040] 4E B2 A6 69 7B D4 30 87 9E 60 EF 47 31 05 00 00 N..i{.0. .`.G1...
[050] 00 00 00 00 00 04 00 00 00 44 00 45 00 50 00 32 ........ .D.E.P.2
[060] 00 12 00 00 00 00 00 00 00 11 00 00 00 64 00 65 ........ .....d.e
[070] 00 70 00 32 00 2E 00 63 00 69 00 74 00 79 00 2D .p.2...c .i.t.y.-
[080] 00 78 00 78 00 69 00 2E 00 69 00 6E 00 74 00 00 .x.x.i.. .i.n.t..
[090] 00 12 00 00 00 00 00 00 00 11 00 00 00 64 00 65 ........ .....d.e
[0A0] 00 70 00 32 00 2E 00 63 00 69 00 74 00 79 00 2D .p.2...c .i.t.y.-
[0B0] 00 78 00 78 00 69 00 2E 00 69 00 6E 00 74 00 00 .x.x.i.. .i.n.t..
[0C0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........
[0D0] 00 E9 1E BA 21 93 15 55 7F 77 99 BB E1 00 00 00 ....!..U .w......
[0E0] 00 .
get_sequence_for_reply: found seq = 19 mid = 11
simple_packet_signature: sequence number 19
client_check_incoming_message: seq 19: got good SMB signature of
[000] 9D 20 72 4F 01 4F 06 87 . rO.O..
size=280
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=11
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 224 (0xE0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 224 (0xE0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=225
[000] 00 05 00 02 03 10 00 00 00 E0 00 00 00 05 00 00 ........ ........
[010] 00 C8 00 00 00 00 00 00 00 58 CF BD 0C 0C 00 00 ........ .X......
[020] 00 08 00 0A 00 70 F7 B9 0C 22 00 24 00 F0 85 B9 .....p.. .".$....
[030] 0C 22 00 24 00 38 0D BE 0C 39 21 48 EB EF 06 CE .".$.8.. .9!H....
[040] 4E B2 A6 69 7B D4 30 87 9E 60 EF 47 31 05 00 00 N..i{.0. .`.G1...
[050] 00 00 00 00 00 04 00 00 00 44 00 45 00 50 00 32 ........ .D.E.P.2
[060] 00 12 00 00 00 00 00 00 00 11 00 00 00 64 00 65 ........ .....d.e
[070] 00 70 00 32 00 2E 00 63 00 69 00 74 00 79 00 2D .p.2...c .i.t.y.-
[080] 00 78 00 78 00 69 00 2E 00 69 00 6E 00 74 00 00 .x.x.i.. .i.n.t..
[090] 00 12 00 00 00 00 00 00 00 11 00 00 00 64 00 65 ........ .....d.e
[0A0] 00 70 00 32 00 2E 00 63 00 69 00 74 00 79 00 2D .p.2...c .i.t.y.-
[0B0] 00 78 00 78 00 69 00 2E 00 69 00 6E 00 74 00 00 .x.x.i.. .i.n.t..
[0C0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........
[0D0] 00 E9 1E BA 21 93 15 55 7F 77 99 BB E1 00 00 00 ....!..U .w......
[0E0] 00 .
get_sequence_for_reply: found seq = 19 mid = 11
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00e0
000a auth_len : 0000
000c call_id : 00000005
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 000000c8
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
cli_pipe_validate_current_pdu: got pdu len 224, data_len 200, ss_len 0
rpc_api_pipe: got PDU len of 224 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \lsarpc fnum 0x4003 returned 400 bytes.
000000 lsa_io_r_query_info2
0000 dom_ptr: 0cbdcf58
000004 lsa_io_query_info_ctr2
0004 info_class: 000c
000006 lsa_io_dom_query_12
000008 smb_io_unihdr nb_name
0008 uni_str_len: 0008
000a uni_max_len: 000a
000c buffer : 0cb9f770
000010 smb_io_unihdr dns_name
0010 uni_str_len: 0022
0012 uni_max_len: 0024
0014 buffer : 0cb985f0
000018 smb_io_unihdr forest
0018 uni_str_len: 0022
001a uni_max_len: 0024
001c buffer : 0cbe0d38
000020 smb_io_uuid dom_guid
0020 data : eb482139
0024 data : 06ef
0026 data : 4ece
0028 data : b2 a6
002a data : 69 7b d4 30 87 9e
0030 dom_sid: 3147ef60
000034 smb_io_unistr2 nb_name
0034 uni_max_len: 00000005
0038 offset : 00000000
003c uni_str_len: 00000004
0040 buffer : D.E.P.2.
000048 smb_io_unistr2 dns_name
0048 uni_max_len: 00000012
004c offset : 00000000
0050 uni_str_len: 00000011
0054 buffer : d.e.p.2...c.i.t.y.-.x.x.i...i.n.t.
000076 smb_io_unistr2 forest
0078 uni_max_len: 00000012
007c offset : 00000000
0080 uni_str_len: 00000011
0084 buffer : d.e.p.2...c.i.t.y.-.x.x.i...i.n.t.
0000a6 smb_io_dom_sid2 dom_sid
00a8 num_auths: 00000004
0000ac smb_io_dom_sid sid
00ac sid_rev_num: 01
00ad num_auths : 04
00ae id_auth[0] : 00
00af id_auth[1] : 00
00b0 id_auth[2] : 00
00b1 id_auth[3] : 00
00b2 id_auth[4] : 00
00b3 id_auth[5] : 05
00b4 sub_auths : 00000015 21ba1ee9 7f551593 e1bb9977
00c4 status: NT_STATUS_OK
simple_packet_signature: sequence number 20
client_sign_outgoing_message: sent SMB signature of
[000] 10 78 95 30 38 48 AC 0B .x.08H..
store_sequence_for_reply: stored seq = 21 mid = 12
write_socket(13,45)
write_socket(13,45) wrote 45
got smb length of 35
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=12
smt_wct=0
smb_bcc=0
get_sequence_for_reply: found seq = 21 mid = 12
simple_packet_signature: sequence number 21
client_check_incoming_message: seq 21: got good SMB signature of
[000] FF A8 51 D4 BC A7 97 06 ..Q.....
cli_rpc_pipe_close: closed pipe \lsarpc to machine CITY2
Storing response for pid 1175, len 3240
run_events: No events
Retrieving response for pid 1175
Received child initialization response for domain DEP2
child daemon request 18
process_request: request fn LIST_TRUSTDOM
[ 1174]: list trusted domains
get_cache: Setting ADS methods for domain DEP2
fetch_cache_seqnum: invalid data size key [SEQNUM/DEP2]
ads: fetch sequence_number for DEP2
ads_cached_connection
ads_find_dc: looking for realm 'dep2.city-xxi.int'
get_sorted_dc_list: attempting lookup using [ads]
Cache entry with key = SAF/DOMAIN/DEP2.CITY-XXI.INT couldn't be found
saf_fetch: failed to find server for "dep2.city-xxi.int" domain
get_dc_list: preferred server list: ", City2.dep2.city-xxi.int"
internal_resolve_name: looking up City2.dep2.city-xxi.int#20
Returning valid cache entry: key = NBT/CITY2.DEP2.CITY-XXI.INT#20, value =
10.1.9.200:0, timeout = Wed Apr 23 16:16:10 2008
name City2.dep2.city-xxi.int#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 10.1.9.200:389
ads_try_connect: sending CLDAP request to 10.1.9.200 (realm: dep2.city-xxi.int)
saf_store: domain = [DEP2], server = [10.1.9.200], expire = [1208953256]
Adding cache entry with key = SAF/DOMAIN/DEP2; value = 10.1.9.200 and timeout =
Wed Apr 23 16:20:56 2008
(900 seconds ahead)
Connected to LDAP server 10.1.9.200
time offset is -7 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
ads_sasl_spnego_bind: got server principal name =city2$@DEP2.CITY-XXI.INT
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
kerberos_kinit_password: using MEMORY:winbind_ccache as ccache
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration
Thu, 24 Apr 2008 02:05:49 MSD
ads_krb5_mk_req: Ticket (city2$@DEP2.CITY-XXI.INT) in ccache
(MEMORY:winbind_ccache) is valid until: (Thu, 24 Apr 2008 02:05:49 MSD -
1208988349)
Got KRB5 session key of length 16
get_nss_info for DEP2
get_nss_info: using "template" by default
Search for (objectclass=*) gave 1 replies
store_cache_seqnum: success [DEP2][600745 @ 1208952356]
refresh_sequence_number: DEP2 seq number is now 600745
trusted_domains: [Cached] - doing backend query for info for domain DEP2
ads: trusted_domains
Using cleartext machine password
simple_packet_signature: sequence number 22
client_sign_outgoing_message: sent SMB signature of
[000] 6E F0 75 69 AD C4 EB 4B n.ui...K
store_sequence_for_reply: stored seq = 23 mid = 13
write_socket(13,108)
write_socket(13,108) wrote 108
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=13
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 103 (0x67)
smb_vwv[ 2]= 1024 (0x400)
smb_vwv[ 3]= 320 (0x140)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 16 (0x10)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 23 mid = 13
simple_packet_signature: sequence number 23
client_check_incoming_message: seq 23: got good SMB signature of
[000] 3D 11 22 D8 14 43 E1 C4 =."..C..
Bind RPC Pipe[4004]: \NETLOGON auth_type 0, auth_level 0
Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB
xV4.4... ...#Eg..
[010] 01 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60
.]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000006
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_contexts: 01
001c context_id : 0000
001e num_transfer_syntaxes: 01
00001f smb_io_rpc_iface
000020 smb_io_uuid uuid
0020 data : 12345678
0024 data : 1234
0026 data : abcd
0028 data : ef 00
002a data : 01 23 45 67 cf fb
0030 version: 00000001
000034 smb_io_rpc_iface
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4004
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=14
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 72 (0x48)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16388 (0x4004)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........
[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x
[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 .H`....
simple_packet_signature: sequence number 24
client_sign_outgoing_message: sent SMB signature of
[000] CF D0 90 0E BE 02 25 4F ......%O
store_sequence_for_reply: stored seq = 25 mid = 14
write_socket(13,158)
write_socket(13,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=14
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D......
[010] 00 B8 10 B8 10 B4 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 B9 0C 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
get_sequence_for_reply: found seq = 25 mid = 14
simple_packet_signature: sequence number 25
client_check_incoming_message: seq 25: got good SMB signature of
[000] F2 2A 85 C7 74 28 7A 92 .*..t(z.
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=14
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D......
[010] 00 B8 10 B8 10 B4 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 B9 0C 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
get_sequence_for_reply: found seq = 25 mid = 14
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000006
rpc_api_pipe: got PDU len of 68 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4004 returned 68 bytes.
rpc_pipe_bind: Remote machine CITY2 pipe \NETLOGON fnum 0x4004 bind request
returned ok.
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000006
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 0006a7b4
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine CITY2 and bound
anonymously.
cli_net_req_chal: LSA Request Challenge from SZROUTER to \\CITY2
init_q_req_chal: 679
init_q_req_chal: 688
000000 net_io_q_req_chal
0000 undoc_buffer: 00000001
000004 smb_io_unistr2
0004 uni_max_len: 00000008
0008 offset : 00000000
000c uni_str_len: 00000008
0010 buffer : \.\.C.I.T.Y.2...
000020 smb_io_unistr2
0020 uni_max_len: 00000009
0024 offset : 00000000
0028 uni_str_len: 00000009
002c buffer : S.Z.R.O.U.T.E.R...
00003e smb_io_chal
003e data: 1f 02 5c cc 41 11 32 57
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 005e
000a auth_len : 0000
000c call_id : 00000007
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000046
0014 context_id: 0000
0016 opnum : 0004
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4004
size=176
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=15
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 94 (0x5E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 94 (0x5E)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16388 (0x4004)
smb_bcc=109
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 5E 00 00 00 07 00 00 00 46 .......^ .......F
[020] 00 00 00 00 00 04 00 01 00 00 00 08 00 00 00 00 ........ ........
[030] 00 00 00 08 00 00 00 5C 00 5C 00 43 00 49 00 54 .......\ .\.C.I.T
[040] 00 59 00 32 00 00 00 09 00 00 00 00 00 00 00 09 .Y.2.... ........
[050] 00 00 00 53 00 5A 00 52 00 4F 00 55 00 54 00 45 ...S.Z.R .O.U.T.E
[060] 00 52 00 00 00 1F 02 5C CC 41 11 32 57 .R.....\ .A.2W
simple_packet_signature: sequence number 26
client_sign_outgoing_message: sent SMB signature of
[000] 24 A3 E4 37 E7 BA BD 02 $..7....
store_sequence_for_reply: stored seq = 27 mid = 15
write_socket(13,180)
write_socket(13,180) wrote 180
got smb length of 92
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=15
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 36 (0x24)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=37
[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$......
[010] 00 0C 00 00 00 00 00 00 00 3D B4 15 2A 6A F2 69 ........ .=..*j.i
[020] 08 00 00 00 00 .....
get_sequence_for_reply: found seq = 27 mid = 15
simple_packet_signature: sequence number 27
client_check_incoming_message: seq 27: got good SMB signature of
[000] 67 4E 0D 8B 39 43 0A 4C gN..9C.L
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=15
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 36 (0x24)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=37
[000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$......
[010] 00 0C 00 00 00 00 00 00 00 3D B4 15 2A 6A F2 69 ........ .=..*j.i
[020] 08 00 00 00 00 .....
get_sequence_for_reply: found seq = 27 mid = 15
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0024
000a auth_len : 0000
000c call_id : 00000007
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 0000000c
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0
rpc_api_pipe: got PDU len of 36 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4004 returned 24 bytes.
000000 net_io_r_req_chal
000000 smb_io_chal
0000 data: 3d b4 15 2a 6a f2 69 08
0008 status: NT_STATUS_OK
creds_client_init: neg_flags : 400701ff
creds_client_init: client chal : 1F025CCC41113257
creds_client_init: server chal : 3DB4152A6AF26908
creds_init_64
clnt_chal_in: 1F025CCC41113257
srv_chal_in : 3DB4152A6AF26908
clnt+srv : 5CB671F6AB039C5F
sess_key_out : 0E5F86CBEE94CBD7
creds_client_init: clnt : 5BB80CB1390C2040
creds_client_init: server : 4E5212586AC636A5
creds_client_init: seed : 5BB80CB1390C2040
cli_net_auth2: srv:\\CITY2 acct:SZROUTER$ sc:2 mc: SZROUTER neg: 400701ff
init_q_auth_2: 800
make_log_info 1409
init_q_auth_2: 806
000000 net_io_q_auth_2
000000 smb_io_log_info
0000 undoc_buffer: 00000001
000004 smb_io_unistr2 unistr2
0004 uni_max_len: 00000008
0008 offset : 00000000
000c uni_str_len: 00000008
0010 buffer : \.\.C.I.T.Y.2...
000020 smb_io_unistr2 unistr2
0020 uni_max_len: 0000000a
0024 offset : 00000000
0028 uni_str_len: 0000000a
002c buffer : S.Z.R.O.U.T.E.R.$...
0040 sec_chan: 0002
000042 smb_io_unistr2 unistr2
0044 uni_max_len: 00000009
0048 offset : 00000000
004c uni_str_len: 00000009
0050 buffer : S.Z.R.O.U.T.E.R...
000062 smb_io_chal
0062 data: 5b b8 0c b1 39 0c 20 40
00006a net_io_neg_flags
006c neg_flags: 400701ff
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0088
000a auth_len : 0000
000c call_id : 00000008
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000070
0014 context_id: 0000
0016 opnum : 000f
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4004
size=218
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=16
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 136 (0x88)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 136 (0x88)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16388 (0x4004)
smb_bcc=151
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 88 00 00 00 08 00 00 00 70 ........ .......p
[020] 00 00 00 00 00 0F 00 01 00 00 00 08 00 00 00 00 ........ ........
[030] 00 00 00 08 00 00 00 5C 00 5C 00 43 00 49 00 54 .......\ .\.C.I.T
[040] 00 59 00 32 00 00 00 0A 00 00 00 00 00 00 00 0A .Y.2.... ........
[050] 00 00 00 53 00 5A 00 52 00 4F 00 55 00 54 00 45 ...S.Z.R .O.U.T.E
[060] 00 52 00 24 00 00 00 02 00 00 00 09 00 00 00 00 .R.$.... ........
[070] 00 00 00 09 00 00 00 53 00 5A 00 52 00 4F 00 55 .......S .Z.R.O.U
[080] 00 54 00 45 00 52 00 00 00 5B B8 0C B1 39 0C 20 .T.E.R.. .[...9.
[090] 40 00 00 FF 01 07 40 @.....@
simple_packet_signature: sequence number 28
client_sign_outgoing_message: sent SMB signature of
[000] FA 97 5F 6B D7 51 2A 6D .._k.Q*m
store_sequence_for_reply: stored seq = 29 mid = 16
write_socket(13,222)
write_socket(13,222) wrote 222
got smb length of 96
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=16
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 40 (0x28)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 40 (0x28)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=41
[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(......
[010] 00 10 00 00 00 00 00 00 00 4E 52 12 58 6A C6 36 ........ .NR.Xj.6
[020] A5 FF 01 07 40 00 00 00 00 ....@... .
get_sequence_for_reply: found seq = 29 mid = 16
simple_packet_signature: sequence number 29
client_check_incoming_message: seq 29: got good SMB signature of
[000] 1D CB 23 E3 EA 5E 15 89 ..#..^..
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=16
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 40 (0x28)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 40 (0x28)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=41
[000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(......
[010] 00 10 00 00 00 00 00 00 00 4E 52 12 58 6A C6 36 ........ .NR.Xj.6
[020] A5 FF 01 07 40 00 00 00 00 ....@... .
get_sequence_for_reply: found seq = 29 mid = 16
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0028
000a auth_len : 0000
000c call_id : 00000008
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000010
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0
rpc_api_pipe: got PDU len of 40 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4004 returned 32 bytes.
000000 net_io_r_auth_2
000000 smb_io_chal
0000 data: 4e 52 12 58 6a c6 36 a5
000008 net_io_neg_flags
0008 neg_flags: 400701ff
000c status: NT_STATUS_OK
creds_client_check: credentials check OK.
rpccli_netlogon_setup_creds: server CITY2 credential chain established.
simple_packet_signature: sequence number 30
client_sign_outgoing_message: sent SMB signature of
[000] 5E 88 C4 89 89 D5 D7 D3 ^.......
store_sequence_for_reply: stored seq = 31 mid = 17
write_socket(13,108)
write_socket(13,108) wrote 108
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=17
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 103 (0x67)
smb_vwv[ 2]= 1280 (0x500)
smb_vwv[ 3]= 320 (0x140)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 16 (0x10)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 31 mid = 17
simple_packet_signature: sequence number 31
client_check_incoming_message: seq 31: got good SMB signature of
[000] 68 F9 18 5B 0A 51 4C 50 h..[.QLP
Bind RPC Pipe[4005]: \NETLOGON auth_type 2, auth_level 6
Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB
xV4.4... ...#Eg..
[010] 01 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60
.]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_auth_schannel_neg schannel_neg
0000 type1: 00000000
0004 type2: 00000003
[000] 44 45 50 32 DEP2
[000] 53 5A 52 4F 55 54 45 52 SZROUTER
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0066
000a auth_len : 0016
000c call_id : 00000009
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_contexts: 01
001c context_id : 0000
001e num_transfer_syntaxes: 01
00001f smb_io_rpc_iface
000020 smb_io_uuid uuid
0020 data : 12345678
0024 data : 1234
0026 data : abcd
0028 data : ef 00
002a data : 01 23 45 67 cf fb
0030 version: 00000001
000034 smb_io_rpc_iface
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
000048 smb_io_rpc_hdr_auth hdr_auth
0048 auth_type : 44
0049 auth_level : 06
004a auth_pad_len : 00
004b auth_reserved: 00
004c auth_context_id: 00000001
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4005
size=184
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=18
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 102 (0x66)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 102 (0x66)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16389 (0x4005)
smb_bcc=117
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 66 00 16 00 09 00 00 00 B8 .......f ........
[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x
[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........
[060] 00 00 00 03 00 00 00 44 45 50 32 00 53 5A 52 4F .......D EP2.SZRO
[070] 55 54 45 52 00 UTER.
simple_packet_signature: sequence number 32
client_sign_outgoing_message: sent SMB signature of
[000] C9 AB 10 62 0D 78 21 DA ...b.x!.
store_sequence_for_reply: stored seq = 33 mid = 18
write_socket(13,188)
write_socket(13,188) wrote 188
got smb length of 144
size=144
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=18
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 88 (0x58)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 88 (0x58)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=89
[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X......
[010] 00 B8 10 B8 10 B5 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........
[050] 00 00 00 00 00 00 AC 98 92 ........ .
get_sequence_for_reply: found seq = 33 mid = 18
simple_packet_signature: sequence number 33
client_check_incoming_message: seq 33: got good SMB signature of
[000] 25 54 F6 6D EF 8A D3 FD %T.m....
size=144
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=18
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 88 (0x58)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 88 (0x58)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=89
[000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X......
[010] 00 B8 10 B8 10 B5 A7 06 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........
[050] 00 00 00 00 00 00 AC 98 92 ........ .
get_sequence_for_reply: found seq = 33 mid = 18
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0058
000a auth_len : 000c
000c call_id : 00000009
rpc_api_pipe: got PDU len of 88 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4005 returned 88 bytes.
rpc_pipe_bind: Remote machine CITY2 pipe \NETLOGON fnum 0x4005 bind request
returned ok.
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0058
000a auth_len : 000c
000c call_id : 00000009
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 0006a7b5
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
check_bind_response: accepted!
cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine CITY2 for
domain DEP2 and bound using schannel.
simple_packet_signature: sequence number 34
client_sign_outgoing_message: sent SMB signature of
[000] 84 50 93 F6 61 04 D6 25 .P..a..%
store_sequence_for_reply: stored seq = 35 mid = 19
write_socket(13,45)
write_socket(13,45) wrote 45
got smb length of 35
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=19
smt_wct=0
smb_bcc=0
get_sequence_for_reply: found seq = 35 mid = 19
simple_packet_signature: sequence number 35
client_check_incoming_message: seq 35: got good SMB signature of
[000] 6E 3F 1C AD 4B F2 72 40 n?..K.r@
cli_rpc_pipe_close: closed pipe \NETLOGON to machine CITY2
000000 ds_io_q_enum_domain_trusts
0000 server_ptr: 00000001
000004 smb_io_unistr2 server
0004 uni_max_len: 00000006
0008 offset : 00000000
000c uni_str_len: 00000006
0010 buffer : C.I.T.Y.2...
001c flags: 00000003
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0060
000a auth_len : 0020
000c call_id : 0000000a
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000020
0014 context_id: 0000
0016 opnum : 0028
000038 smb_io_rpc_hdr_auth hdr_auth
0038 auth_type : 44
0039 auth_level : 06
003a auth_pad_len : 00
003b auth_reserved: 00
003c auth_context_id: 00000001
add_schannel_auth_footer: SCHANNEL seq_num=0
SCHANNEL: schannel_encode seq_num=0 data_len=32
000040 smb_io_rpc_auth_schannel_chk
0040 sig : 77 00 7a 00 ff ff 00 00
0048 seq_num: bf 12 41 32 32 8e 04 b0
0050 packet_digest: 75 79 ef 41 be 4c aa 8b
0058 confounder: 8d a4 3d 37 c8 23 86 57
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4005
size=178
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=20
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 96 (0x60)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 96 (0x60)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16389 (0x4005)
smb_bcc=111
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 60 00 20 00 0A 00 00 00 20 .......` . .....
[020] 00 00 00 00 00 28 00 31 0F 2A A8 E2 5C 0E 5A 9A .....(.1 .*..\.Z.
[030] 5B 86 AF D9 0A AC 2D 57 26 98 F4 45 3A AA 49 C7 [.....-W &..E:.I.
[040] 33 C6 52 55 76 C5 0E 44 06 00 00 01 00 00 00 77 3.RUv..D .......w
[050] 00 7A 00 FF FF 00 00 BF 12 41 32 32 8E 04 B0 75 .z...... .A22...u
[060] 79 EF 41 BE 4C AA 8B 8D A4 3D 37 C8 23 86 57 y.A.L... .=7.#.W
simple_packet_signature: sequence number 36
client_sign_outgoing_message: sent SMB signature of
[000] B2 1A FB 9E E7 06 DC 0F ........
store_sequence_for_reply: stored seq = 37 mid = 20
write_socket(13,182)
write_socket(13,182) wrote 182
got smb length of 552
size=552
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=20
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 496 (0x1F0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 496 (0x1F0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=497
[000] 00 05 00 02 03 10 00 00 00 F0 01 20 00 0A 00 00 ........ ... ....
[010] 00 A8 01 00 00 00 00 00 00 EF 5D 77 08 C0 BA 9B ........ ..]w....
[020] CE 43 42 E6 D6 DB 5D 21 B6 53 AD 4B 64 9A 85 79 .CB...]! .S.Kd..y
[030] BA 68 50 A0 F1 9A 35 3C 8E 65 5E 63 3B 2A 43 9A .hP...5< .e^c;*C.
[040] 8D 70 DD AA 96 22 19 19 68 63 BC C3 2D 45 01 9E .p...".. hc..-E..
[050] 41 80 6C C4 06 02 F3 9B 79 F5 5A 6F E3 FF DE 99 A.l..... y.Zo....
[060] 68 D9 AB 84 6B 15 7F 0A CC 67 BB 06 DF 5F 28 46 h...k... .g..._(F
[070] 69 50 A3 52 87 2B 8D CC 5F A6 13 8D 08 F7 45 0E iP.R.+.. _.....E.
[080] 5F 24 03 0C 0C 74 2B 5D 8B 2D 1A A2 6C 5E EA 9F _$...t+] .-..l^..
[090] C6 C2 F7 8E C2 22 57 E3 C5 A8 7D E4 33 8C 58 38 ....."W. ..}.3.X8
[0A0] 4D 1B 4B AE 32 D2 10 38 5F 46 D8 00 29 48 53 0F M.K.2..8 _F..)HS.
[0B0] 12 3B 83 19 D2 E7 53 5E DB 8E A0 D7 A8 7A B2 73 .;....S^ .....z.s
[0C0] 8B 9D 40 37 F4 CC FB A3 37 7D 49 BA FA F8 92 4C ..@7.... 7}I....L
[0D0] 28 DC EA F6 E5 7F DD 6C D3 A2 19 31 CF 29 31 5F (......l ...1.)1_
[0E0] 17 7C 01 79 C9 AD 6D 80 41 DB 8B 79 45 6E 01 F3 .|.y..m. A..yEn..
[0F0] FC 99 06 10 87 44 83 A6 56 88 4B 5D 8B 31 0D 0C .....D.. V.K].1..
[100] DB E3 2E B6 2F 0A 38 E0 A2 23 D1 D9 8F C0 7A 05 ..../.8. .#....z.
[110] 72 3F 61 80 59 70 5E 5B CE C8 D0 CE C6 B3 BF 3F r?a.Yp^[ .......?
[120] 1C E9 75 63 3A 4D BD FB B3 07 2D 39 76 91 D0 5A ..uc:M.. ..-9v..Z
[130] 9B 38 89 15 98 E3 AE CE 65 7C 4C E2 13 21 62 86 .8...... e|L..!b.
[140] F6 04 41 DC 07 24 7A 06 5B 1F 0A C1 69 C1 CA E5 ..A..$z. [...i...
[150] A7 BB AB A8 0C B3 7E 3B 58 78 C7 A3 D7 2A 54 87 ......~; Xx...*T.
[160] 88 64 41 BD 89 1F 35 1B B2 21 7D C1 6B 96 5E 86 .dA...5. .!}.k.^.
[170] 41 3D AF FD 6A 96 DE D7 8F 10 30 DC 48 B9 EE 64 A=..j... ..0.H..d
[180] 32 61 BF 20 72 72 68 58 2B BC FD 17 E7 79 7F C2 2a. rrhX +....y..
[190] 79 F4 6C 1E 78 A5 65 67 48 76 C1 41 31 EB 2C 3D y.l.x.eg Hv.A1.,[1A0] B5
13 5C EE 82 58 9B B8 A4 43 B4 6B 62 D5 3C 43 ..\..X.. .C.kb.<C
[1B0] 83 E0 30 5A 56 AB A5 B9 0A 10 86 EE 3A 7D A6 D0 ..0ZV... ....:}..
[1C0] 8C 1E 0E A7 6B 18 A8 B3 5D 44 06 08 00 01 00 00 ....k... ]D......
[1D0] 00 77 00 7A 00 FF FF 00 00 28 DC 56 4F 44 BD 95 .w.z.... .(.VOD..
[1E0] 3C 8E F6 EB D1 39 EA 0A D8 4F 65 1D C8 DC 02 67 <....9.. .Oe....g
[1F0] 86 .
get_sequence_for_reply: found seq = 37 mid = 20
simple_packet_signature: sequence number 37
client_check_incoming_message: seq 37: got good SMB signature of
[000] 01 2B 36 76 E8 D2 CB FB .+6v....
size=552
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2049
smb_pid=1175
smb_uid=2049
smb_mid=20
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 496 (0x1F0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 496 (0x1F0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=497
[000] 00 05 00 02 03 10 00 00 00 F0 01 20 00 0A 00 00 ........ ... ....
[010] 00 A8 01 00 00 00 00 00 00 EF 5D 77 08 C0 BA 9B ........ ..]w....
[020] CE 43 42 E6 D6 DB 5D 21 B6 53 AD 4B 64 9A 85 79 .CB...]! .S.Kd..y
[030] BA 68 50 A0 F1 9A 35 3C 8E 65 5E 63 3B 2A 43 9A .hP...5< .e^c;*C.
[040] 8D 70 DD AA 96 22 19 19 68 63 BC C3 2D 45 01 9E .p...".. hc..-E..
[050] 41 80 6C C4 06 02 F3 9B 79 F5 5A 6F E3 FF DE 99 A.l..... y.Zo....
[060] 68 D9 AB 84 6B 15 7F 0A CC 67 BB 06 DF 5F 28 46 h...k... .g..._(F
[070] 69 50 A3 52 87 2B 8D CC 5F A6 13 8D 08 F7 45 0E iP.R.+.. _.....E.
[080] 5F 24 03 0C 0C 74 2B 5D 8B 2D 1A A2 6C 5E EA 9F _$...t+] .-..l^..
[090] C6 C2 F7 8E C2 22 57 E3 C5 A8 7D E4 33 8C 58 38 ....."W. ..}.3.X8
[0A0] 4D 1B 4B AE 32 D2 10 38 5F 46 D8 00 29 48 53 0F M.K.2..8 _F..)HS.
[0B0] 12 3B 83 19 D2 E7 53 5E DB 8E A0 D7 A8 7A B2 73 .;....S^ .....z.s
[0C0] 8B 9D 40 37 F4 CC FB A3 37 7D 49 BA FA F8 92 4C ..@7.... 7}I....L
[0D0] 28 DC EA F6 E5 7F DD 6C D3 A2 19 31 CF 29 31 5F (......l ...1.)1_
[0E0] 17 7C 01 79 C9 AD 6D 80 41 DB 8B 79 45 6E 01 F3 .|.y..m. A..yEn..
[0F0] FC 99 06 10 87 44 83 A6 56 88 4B 5D 8B 31 0D 0C .....D.. V.K].1..
[100] DB E3 2E B6 2F 0A 38 E0 A2 23 D1 D9 8F C0 7A 05 ..../.8. .#....z.
[110] 72 3F 61 80 59 70 5E 5B CE C8 D0 CE C6 B3 BF 3F r?a.Yp^[ .......?
[120] 1C E9 75 63 3A 4D BD FB B3 07 2D 39 76 91 D0 5A ..uc:M.. ..-9v..Z
[130] 9B 38 89 15 98 E3 AE CE 65 7C 4C E2 13 21 62 86 .8...... e|L..!b.
[140] F6 04 41 DC 07 24 7A 06 5B 1F 0A C1 69 C1 CA E5 ..A..$z. [...i...
[150] A7 BB AB A8 0C B3 7E 3B 58 78 C7 A3 D7 2A 54 87 ......~; Xx...*T.
[160] 88 64 41 BD 89 1F 35 1B B2 21 7D C1 6B 96 5E 86 .dA...5. .!}.k.^.
[170] 41 3D AF FD 6A 96 DE D7 8F 10 30 DC 48 B9 EE 64 A=..j... ..0.H..d
[180] 32 61 BF 20 72 72 68 58 2B BC FD 17 E7 79 7F C2 2a. rrhX +....y..
[190] 79 F4 6C 1E 78 A5 65 67 48 76 C1 41 31 EB 2C 3D y.l.x.eg Hv.A1.,[1A0] B5
13 5C EE 82 58 9B B8 A4 43 B4 6B 62 D5 3C 43 ..\..X.. .C.kb.<C
[1B0] 83 E0 30 5A 56 AB A5 B9 0A 10 86 EE 3A 7D A6 D0 ..0ZV... ....:}..
[1C0] 8C 1E 0E A7 6B 18 A8 B3 5D 44 06 08 00 01 00 00 ....k... ]D......
[1D0] 00 77 00 7A 00 FF FF 00 00 28 DC 56 4F 44 BD 95 .w.z.... .(.VOD..
[1E0] 3C 8E F6 EB D1 39 EA 0A D8 4F 65 1D C8 DC 02 67 <....9.. .Oe....g
[1F0] 86 .
get_sequence_for_reply: found seq = 37 mid = 20
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 01f0
000a auth_len : 0020
000c call_id : 0000000a
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 000001a8
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
0001c8 smb_io_rpc_hdr_auth hdr_auth
01c8 auth_type : 44
01c9 auth_level : 06
01ca auth_pad_len : 08
01cb auth_reserved: 00
01cc auth_context_id: 00000001
0001d0 smb_io_rpc_auth_schannel_chk
01d0 sig : 77 00 7a 00 ff ff 00 00
01d8 seq_num: 28 dc 56 4f 44 bd 95 3c
01e0 packet_digest: 8e f6 eb d1 39 ea 0a d8
01e8 confounder: 4f 65 1d c8 dc 02 67 86
SCHANNEL: schannel_decode seq_num=1 data_len=432
SCHANNEL: schannel_decode seq_num=1 data_len=432
cli_pipe_validate_current_pdu: got pdu len 496, data_len 424, ss_len 8
rpc_api_pipe: got PDU len of 496 at offset 0
rpc_api_pipe: Remote machine CITY2 pipe \NETLOGON fnum 0x4005 returned 848
bytes.
000000 ds_io_r_enum_domain_trusts
0000 num_domains: 00000003
000004 ds_io_dom_trusts_ctr domains
0004 ptr: 000bb890
0008 max_count: 00000003
00000c ds_io_dom_trusts_ctr domain_trusts
000c netbios_ptr: 000bb92c
0010 dns_ptr: 000bb934
0014 flags: 00000022
0018 parent_index: 00000000
001c trust_type: 00000002
0020 trust_attributes: 00000004
0024 sid_ptr: 000bb914
000028 smb_io_uuid guid
0028 data : 00000000
002c data : 0000
002e data : 0000
0030 data : 00 00
0032 data : 00 00 00 00 00 00
000038 ds_io_dom_trusts_ctr domain_trusts
0038 netbios_ptr: 000bb95c
003c dns_ptr: 000bb96e
0040 flags: 00000022
0044 parent_index: 00000000
0048 trust_type: 00000002
004c trust_attributes: 00000004
0050 sid_ptr: 000bb944
000054 smb_io_uuid guid
0054 data : 00000000
0058 data : 0000
005a data : 0000
005c data : 00 00
005e data : 00 00 00 00 00 00
000064 ds_io_dom_trusts_ctr domain_trusts
0064 netbios_ptr: 000bb9a0
0068 dns_ptr: 000bb9aa
006c flags: 0000001d
0070 parent_index: 00000000
0074 trust_type: 00000002
0078 trust_attributes: 00000000
007c sid_ptr: 000bb988
000080 smb_io_uuid guid
0080 data : eb482139
0084 data : 06ef
0086 data : 4ece
0088 data : b2 a6
008a data : 69 7b d4 30 87 9e
000090 smb_io_unistr2 netbios_domain
0090 uni_max_len: 00000004
0094 offset : 00000000
0098 uni_str_len: 00000004
009c buffer : A.L.L...
0000a4 smb_io_unistr2 dns_domain
00a4 uni_max_len: 00000008
00a8 offset : 00000000
00ac uni_str_len: 00000008
00b0 buffer : a.l.l...i.n.t...
0000c0 smb_io_dom_sid2 sid
00c0 num_auths: 00000004
0000c4 smb_io_dom_sid sid
00c4 sid_rev_num: 01
00c5 num_auths : 04
00c6 id_auth[0] : 00
00c7 id_auth[1] : 00
00c8 id_auth[2] : 00
00c9 id_auth[3] : 00
00ca id_auth[4] : 00
00cb id_auth[5] : 05
00cc sub_auths : 00000015 38756a48 83683a16 76a26611
0000dc smb_io_unistr2 netbios_domain
00dc uni_max_len: 00000009
00e0 offset : 00000000
00e4 uni_str_len: 00000009
00e8 buffer : C.I.T.Y.-.X.X.I...
0000fc smb_io_unistr2 dns_domain
00fc uni_max_len: 0000000d
0100 offset : 00000000
0104 uni_str_len: 0000000d
0108 buffer : c.i.t.y.-.x.x.i...i.n.t...
000124 smb_io_dom_sid2 sid
0124 num_auths: 00000004
000128 smb_io_dom_sid sid
0128 sid_rev_num: 01
0129 num_auths : 04
012a id_auth[0] : 00
012b id_auth[1] : 00
012c id_auth[2] : 00
012d id_auth[3] : 00
012e id_auth[4] : 00
012f id_auth[5] : 05
0130 sub_auths : 00000015 585ccbd5 373927c1 28a68b82
000140 smb_io_unistr2 netbios_domain
0140 uni_max_len: 00000005
0144 offset : 00000000
0148 uni_str_len: 00000005
014c buffer : D.E.P.2...
000158 smb_io_unistr2 dns_domain
0158 uni_max_len: 00000012
015c offset : 00000000
0160 uni_str_len: 00000012
0164 buffer : d.e.p.2...c.i.t.y.-.x.x.i...i.n.t...
000188 smb_io_dom_sid2 sid
0188 num_auths: 00000004
00018c smb_io_dom_sid sid
018c sid_rev_num: 01
018d num_auths : 04
018e id_auth[0] : 00
018f id_auth[1] : 00
0190 id_auth[2] : 00
0191 id_auth[3] : 00
0192 id_auth[4] : 00
0193 id_auth[5] : 05
0194 sub_auths : 00000015 21ba1ee9 7f551593 e1bb9977
01a4 status: NT_STATUS_OK
refresh_sequence_number: DEP2 time ok
refresh_sequence_number: DEP2 seq number is now 600745
Storing response for pid 1175, len 3419
Storing extra data: len=179
run_events: No events
Retrieving response for pid 1175
Retrieving extra data length=179
[000] 41 4C 4C 5C 61 6C 6C 2E 69 6E 74 5C 53 2D 31 2D ALL\all. int\S-1-
[010] 35 2D 32 31 2D 39 34 37 32 31 39 30 31 36 2D 32 5-21-947 219016-2
[020] 32 30 34 36 34 35 39 31 30 2D 31 39 39 30 33 35 20464591 0-199035
[030] 34 34 34 39 0A 43 49 54 59 2D 58 58 49 5C 63 69 4449.CIT Y-XXI\ci
[040] 74 79 2D 78 78 69 2E 69 6E 74 5C 53 2D 31 2D 35 ty-xxi.i nt\S-1-5
[050] 2D 32 31 2D 31 34 38 32 34 37 36 35 30 31 2D 39 -21-1482 476501-9
[060] 32 36 34 39 32 36 30 39 2D 36 38 32 30 30 33 33 26492609 -6820033
[070] 33 30 0A 44 45 50 32 5C 64 65 70 32 2E 63 69 74 30.DEP2\ dep2.cit
[080] 79 2D 78 78 69 2E 69 6E 74 5C 53 2D 31 2D 35 2D y-xxi.in t\S-1-5-
[090] 32 31 2D 35 36 35 38 34 35 37 33 37 2D 32 31 33 21-56584 5737-213
[0A0] 36 32 38 32 35 31 35 2D 33 37 38 37 31 36 38 31 6282515- 37871681
[0B0] 31 39 00 19.
Added domain ALL all.int S-1-5-21-947219016-2204645910-1990354449
Added domain CITY-XXI city-xxi.int S-1-5-21-1482476501-926492609-682003330
run_events: No events
run_events: No events
read_data: read of 1848 returned 0. Error = Unknown error: 0
Got invalid request length: 0