[cifs-protocol] Windows Server 2025 regression with KPASSWD protocol response
Alexander Bokovoy
ab at samba.org
Sat Dec 14 09:07:04 UTC 2024
Hello Dochelp!
It was brought to our attention that Windows Server 2025-based Active
Directory domain controllers appear to regress in handling KPASSWD
protocol. Namely, a password change request is being processed and a
password of an Active Directory account has been changed but the
response produced by the domain controller is Kerberos error with code
0, explicitly not allowed by the RFC3244 describing Microsoft KPASSWD
protocol.
There is an issue reported upstream to adcli utility which performs
Linux system domain join. As a part of the join process, we set a new
credential to the machine account. The machine account credential is
updated in AD but the response contains this KPASSWD error response with
result code 0
103 3.624528 192.168.122.48 192.168.122.109 KPASSWD 1742 Request
(attached file)
106 3.709703 192.168.122.109 192.168.122.48 KPASSWD 165
Kerberos
krb-error
pvno: 5
msg-type: krb-error (30)
stime: Dec 13, 2024 02:55:10.000000000 EET
susec: 213134
error-code: eRR-NONE (0)
realm: FOREST.MY
sname
name-type: kRB5-NT-SRV-INST (2)
sname-string: 2 items
SNameString: kadmin
SNameString: changepw
e-data: 0000
This issue was also reported by Windows Insiders in June 2024:
https://techcommunity.microsoft.com/discussions/windowsserverinsiders/problems-to-join-debianubuntu-machines-to-a-domain/4158051
The message they reported is the same. The issue 'Message stream
modified' is due to MIT Kerberos processing the returned Kerberos error
with result code 0 and rejecting it according to the RFC 3244.
Since Kerberos errors aren't protected from mid-stream modifications,
RFC 3244 explicitly states in the section 2, describing the protocol,
that:
----------------------------------------------
The user-data component of the KRB-PRIV message, or e-data component
of the KRB-ERROR message, consists of the following data.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| result code | result string /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
result code (16 bits) (result codes 0-4 are from the original change
password protocol):
The result code must have one of the following values
(big-endian integer):
KRB5_KPASSWD_SUCCESS 0 request succeeds (This value
is not allowed in a KRB-ERROR
message)
----------------------------------------------
I can provide a network trace and a keytab that shows the whole
communication during the domain join operation, including this kpasswd
exchange. However, I've been told the same situation happens with a
normal user account password change against Windows Server 2025 AD DC as
well.
If this is an implementation regression, would you please consult with
the engineering team on Windows Server side. However, if this is a
protocol change, can we see the changes documented?
--
/ Alexander Bokovoy
-------------- next part --------------
MS Kpasswd
Record Mark: 1672 bytes
0... .... .... .... .... .... .... .... = Reserved: Not set
.000 0000 0000 0000 0000 0110 1000 1000 = Record Length: 1672
Message Length: 1672
Version: Request (0xff80)
AP_REQ Length: 1411
AP_REQ
Kerberos
ap-req
pvno: 5
msg-type: krb-ap-req (14)
Padding: 0
ap-options: 00000000
0... .... = reserved: False
.0.. .... = use-session-key: False
..0. .... = mutual-required: False
ticket
tkt-vno: 5
realm: FOREST.MY
sname
name-type: kRB5-NT-PRINCIPAL (1)
sname-string: 2 items
SNameString: kadmin
SNameString: changepw
enc-part
etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
kvno: 2
cipher [?]: 25222195658650c8c14e1eac23a50ab6f8fe7296fd1f2f86a66c58d554960fabb3c1a2093dba37b85576e467c4a452d3649c3eea0118fc2981f46f1790a2d71a94e07477a80d86d1abe863b365a5488495acdeb6f89ad8b2ebc1406a7a4b1cfc62c9c767bdd8cb1b1e519c9fb48c9ca57
Decrypted keytype 18 usage 2 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)
[Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)]
[Decrypted keytype 18 usage 2 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used keymap=all_keys num_keys=46 num_tries=12)]
[Used keymap=all_keys num_keys=46 num_tries=12)]
[Severity level: Chat]
[Group: Security]
encTicketPart
Padding: 0
flags: 40a10000
0... .... = reserved: False
.1.. .... = forwardable: True
..0. .... = forwarded: False
...0 .... = proxiable: False
.... 0... = proxy: False
.... .0.. = may-postdate: False
.... ..0. = postdated: False
.... ...0 = invalid: False
1... .... = renewable: True
.0.. .... = initial: False
..1. .... = pre-authent: True
...0 .... = hw-authent: False
.... 0... = transited-policy-checked: False
.... .0.. = ok-as-delegate: False
.... ..0. = unused: False
.... ...1 = enc-pa-rep: True
0... .... = anonymous: False
key
Learnt encTicketPart_key keytype 18 (id=103.1) (268fc3fa...)
[Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=103.1) (268fc3fa...)]
[Learnt encTicketPart_key keytype 18 (id=103.1) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
keytype: 18
keyvalue: 268fc3fa0c9ffed70445b36488e8df2ee88b7db0f3bdf8c212cbad007c142a74
crealm: FOREST.MY
cname
name-type: kRB5-NT-PRINCIPAL (1)
cname-string: 1 item
CNameString: Administrator
transited
tr-type: 1
contents: <MISSING>
authtime: Dec 13, 2024 02:55:09.000000000 EET
starttime: Dec 13, 2024 02:55:09.000000000 EET
endtime: Dec 13, 2024 02:57:09.000000000 EET
renew-till: Dec 13, 2024 02:57:09.000000000 EET
authorization-data: 1 item
AuthorizationData item
ad-type: aD-IF-RELEVANT (1)
ad-data [?]: 308203723082036ea00402020080a18203640482036005000000000000000100000020020000580000000000000006000000100000007802000000000000070000001000000088020000000000000a0000002400000098020000000000000c000000a0000000c0020000000000000110
AuthorizationData item
ad-type: aD-WIN2K-PAC (128)
ad-data [?]: 05000000000000000100000020020000580000000000000006000000100000007802000000000000070000001000000088020000000000000a0000002400000098020000000000000c000000a0000000c00200000000000001100800cccccccc1002000000000000000002006a96bda8
Verified Server checksum 16 keytype 18 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)
[Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)]
[Verified Server checksum 16 keytype 18 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used keymap=all_keys num_keys=46 num_tries=12)]
[Used keymap=all_keys num_keys=46 num_tries=12)]
[Severity level: Chat]
[Group: Security]
Verified KDC checksum 16 keytype 18 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)
[Expert Info (Chat/Security): Verified KDC checksum 16 keytype 18 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)]
[Verified KDC checksum 16 keytype 18 using keytab principal krbtgt at FOREST.MY (id=keytab.13 same=0) (f062e2a4...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=32 num_tries=5)]
[Used keymap=longterm_keys num_keys=32 num_tries=5)]
[Severity level: Chat]
[Group: Security]
Num Entries: 5
Version: 0
Type: Logon Info (1)
Size: 544
Offset: 88
PAC_LOGON_INFO [?]: 01100800cccccccc1002000000000000000002006a96bda8f94cdb01ffffffffffffff7fffffffffffffff7f9bb9b6c88a4cdb019b7920f3534ddb01ffffffffffffff7f1a001a00040002000000000008000200000000000c000200000000001000020000000000140002000
MES header
Version: 1
DREP
Byte order: Little-endian (1)
HDR Length: 8
Fill bytes: 0xcccccccc
Blob Length: 528
PAC_LOGON_INFO:
Referent ID: 0x00020000
Logon Time: Dec 13, 2024 02:55:09.912637800 EET
Logoff Time: Infinity (absolute time)
Kickoff Time: Infinity (absolute time)
PWD Last Set: Dec 12, 2024 13:41:29.417769100 EET
PWD Can Change: Dec 13, 2024 13:41:29.417769100 EET
PWD Must Change: Infinity (absolute time)
Acct Name: Administrator
Length: 26
Size: 26
Character Array: Administrator
Referent ID: 0x00020004
Max Count: 13
Offset: 0
Actual Count: 13
Acct Name: Administrator
Full Name
Length: 0
Size: 0
Character Array
Referent ID: 0x00020008
Max Count: 0
Offset: 0
Actual Count: 0
Logon Script
Length: 0
Size: 0
Character Array
Referent ID: 0x0002000c
Max Count: 0
Offset: 0
Actual Count: 0
Profile Path
Length: 0
Size: 0
Character Array
Referent ID: 0x00020010
Max Count: 0
Offset: 0
Actual Count: 0
Home Dir
Length: 0
Size: 0
Character Array
Referent ID: 0x00020014
Max Count: 0
Offset: 0
Actual Count: 0
Dir Drive
Length: 0
Size: 0
Character Array
Referent ID: 0x00020018
Max Count: 0
Offset: 0
Actual Count: 0
Logon Count: 20
Bad PW Count: 0
User RID: 500
Group RID: 513
Num RIDs: 5
GroupIDs
Referent ID: 0x0002001c
Max Count: 5
GROUP_MEMBERSHIP:
Group RID: 520
Group Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group bit is NOT set
GROUP_MEMBERSHIP:
Group RID: 512
Group Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group bit is NOT set
GROUP_MEMBERSHIP:
Group RID: 513
Group Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group bit is NOT set
GROUP_MEMBERSHIP:
Group RID: 518
Group Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group bit is NOT set
GROUP_MEMBERSHIP:
Group RID: 519
Group Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group bit is NOT set
User Flags: 0x00000220
.... .... .... .... .... ..1. .... .... = Resource Groups: The RESOURCE_GROUPS bit is SET
.... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET
User Session Key: 00000000000000000000000000000000
Server: WIN-720P3J7PAP3
Length: 30
Size: 32
Character Array: WIN-720P3J7PAP3
Referent ID: 0x00020020
Max Count: 16
Offset: 0
Actual Count: 15
Server: WIN-720P3J7PAP3
Domain: FOREST
Length: 12
Size: 14
Character Array: FOREST
Referent ID: 0x00020024
Max Count: 7
Offset: 0
Actual Count: 6
Domain: FOREST
SID pointer: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
SID pointer: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Referent ID: 0x00020028
Count: 4
Domain SID: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Revision: 1
Num Auth: 4
Authority: 5
Subauthorities: 21-1191110912-437985896-597071733
Dummy1 Long: 0x00000000
Dummy2 Long: 0x00000000
User Account Control: 0x00000210
.... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication
.... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only
.... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated
.... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation
.... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate
.... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password
.... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked
.... .... .... .... .... ..1. .... .... = Don't Expire Password: This account DOESN'T_EXPIRE_PASSWORDs
.... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account
.... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account
.... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account
.... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account
.... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT
.... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account
.... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password
.... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory
.... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled
Dummy4 Long: 0x00000000
Dummy5 Long: 0x00000000
Dummy6 Long: 0x00000000
Dummy7 Long: 0x00000000
Dummy8 Long: 0x00000000
Dummy9 Long: 0x00000000
Dummy10 Long: 0x00000000
Num Extra SID: 1
SID_AND_ATTRIBUTES_ARRAY:
Referent ID: 0x0002002c
SID_AND_ATTRIBUTES array:
Max Count: 1
SID_AND_ATTRIBUTES:
SID pointer: S-1-18-1 (Authentication Authority Asserted Identity)
SID pointer: S-1-18-1 (Authentication Authority Asserted Identity)
Referent ID: 0x00020030
Count: 1
Domain SID: S-1-18-1 (Authentication Authority Asserted Identity)
Revision: 1
Num Auth: 1
Authority: 18
Subauthorities: 1
Group Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group bit is NOT set
ResourceGroupIDs
SID pointer: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
SID pointer: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Referent ID: 0x00020034
Count: 4
Domain SID: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Revision: 1
Num Auth: 4
Authority: 5
Subauthorities: 21-1191110912-437985896-597071733
ResourceGroup count: 1
GroupIDs
Referent ID: 0x00020038
Max Count: 1
GROUP_MEMBERSHIP:
Group RID: 572
Group Attributes: 0x20000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..1. .... .... .... .... .... .... .... = Resource Group: The RESOURCE GROUP bit is SET
Type: Server Checksum (6)
Size: 16
Offset: 632
PAC_SERVER_CHECKSUM: 100000008e288bfb8354a76d5b95dcda
Type: 16
Signature: 8e288bfb8354a76d5b95dcda
Type: Privsvr Checksum (7)
Size: 16
Offset: 648
PAC_PRIVSVR_CHECKSUM: 10000000d559491be8012254716dbc0b
Type: 16
Signature: d559491be8012254716dbc0b
Type: Client Info Type (10)
Size: 36
Offset: 664
PAC_CLIENT_INFO_TYPE: 805432a8f94cdb011a00410064006d0069006e006900730074007200610074006f007200
ClientID: Dec 13, 2024 02:55:09.000000000 EET
Name Length: 26
Name: Administrator
Type: UPN DNS Info (12)
Size: 160
Offset: 704
UPN_DNS_INFO [?]: 2e00180012004800030000001a0060001c00800000000000410064006d0069006e006900730074007200610074006f007200400066006f0072006500730074002e006d007900000046004f0052004500530054002e004d005900000000000000410064006d0069006e006900730
UPN Len: 46
UPN Offset: 24
DNS Len: 18
DNS Offset: 72
Flags: 0x00000003, UPN Name Constructed, SAM_NAME and SID Included
.... .... .... .... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed
.... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included
sAMAccountName Len: 26
sAMAccountName Offset: 96
objectSid Len: 28
objectSid Offset: 128
UPN Name: Administrator at forest.my
DNS Name: FOREST.MY
sAMAccountName: Administrator
objectSid: S-1-5-21-1191110912-437985896-597071733-500 (Domain SID-Administrator)
Revision: 1
Num Auth: 5
Authority: 5
Subauthorities: 21-1191110912-437985896-597071733-500
RID: 500 (Administrator)
authenticator
etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
cipher [?]: b94aed41c599abc5894ffb70a6c751071210ea134f0e8f57ef11c3126f7a16cc43a8bc300ef7b5685707ff198598b17a421a28e4f4f96a3f9c2b6f24626c7123b533d17f05f8bd2d7ec0c018c2a792aa12d48ac28169d6a65c366d8f284b6c0e311ebe78911a3d76ebc7961a5f4e2c8d1
Decrypted keytype 18 usage 11 using learnt encTicketPart_key in frame 91 (id=91.2 same=2) (268fc3fa...)
[Expert Info (Chat/Security): Decrypted keytype 18 usage 11 using learnt encTicketPart_key in frame 91 (id=91.2 same=2) (268fc3fa...)]
[Decrypted keytype 18 usage 11 using learnt encTicketPart_key in frame 91 (id=91.2 same=2) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used keymap=all_keys num_keys=46 num_tries=11)]
[Used keymap=all_keys num_keys=46 num_tries=11)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Decrypted keytype 18 usage 11 using learnt encTGSRepPart_key in frame 91 (id=91.4 same=1) (268fc3fa...)]
[Decrypted keytype 18 usage 11 using learnt encTGSRepPart_key in frame 91 (id=91.4 same=1) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Decrypted keytype 18 usage 11 using learnt encTicketPart_key in frame 103 (id=103.1 same=0) (268fc3fa...)]
[Decrypted keytype 18 usage 11 using learnt encTicketPart_key in frame 103 (id=103.1 same=0) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
authenticator
authenticator-vno: 5
crealm: FOREST.MY
cname
name-type: kRB5-NT-PRINCIPAL (1)
cname-string: 1 item
CNameString: Administrator
cusec: 143833
ctime: Dec 13, 2024 02:55:09.000000000 EET
subkey
Learnt authenticator_subkey keytype 18 (id=103.2) (8b4caf1b...)
[Expert Info (Chat/Security): Learnt authenticator_subkey keytype 18 (id=103.2) (8b4caf1b...)]
[Learnt authenticator_subkey keytype 18 (id=103.2) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
keytype: 18
keyvalue: 8b4caf1ba85cad7aefcb1f18e47fcf6c8df6753147c6fb5ed786b62f019eb339
Provides learnt encTicketPart_key in frame 103 keytype 18 (id=103.1 same=0) (268fc3fa...)
[Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 103 keytype 18 (id=103.1 same=0) (268fc3fa...)]
[Provides learnt encTicketPart_key in frame 103 keytype 18 (id=103.1 same=0) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
Provides learnt authenticator_subkey in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)
[Expert Info (Chat/Security): Provides learnt authenticator_subkey in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)]
[Provides learnt authenticator_subkey in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
Used keytab principal krbtgt at FOREST.MY keytype 18 (id=keytab.13 same=0) (f062e2a4...)
[Expert Info (Chat/Security): Used keytab principal krbtgt at FOREST.MY keytype 18 (id=keytab.13 same=0) (f062e2a4...)]
[Used keytab principal krbtgt at FOREST.MY keytype 18 (id=keytab.13 same=0) (f062e2a4...)]
[Severity level: Chat]
[Group: Security]
Used learnt encTicketPart_key in frame 91 keytype 18 (id=91.2 same=2) (268fc3fa...)
[Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 91 keytype 18 (id=91.2 same=2) (268fc3fa...)]
[Used learnt encTicketPart_key in frame 91 keytype 18 (id=91.2 same=2) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used learnt encTGSRepPart_key in frame 91 keytype 18 (id=91.4 same=1) (268fc3fa...)]
[Used learnt encTGSRepPart_key in frame 91 keytype 18 (id=91.4 same=1) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 103 keytype 18 (id=103.1 same=0) (268fc3fa...)]
[Used learnt encTicketPart_key in frame 103 keytype 18 (id=103.1 same=0) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
KRB-PRIV
Kerberos
krb-priv
pvno: 5
msg-type: krb-priv (21)
enc-part
etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
cipher [?]: 3ee1c1ae0c798097d5dd88e15e1884d4ab75b8e39d0b65dfe528d7a444e2baeba0a0b9a5273f3c232259cfac162b67e82b85b71b1e980f8119be19874e67753cfd38395cb56501c3900d33945c8f6ee58274ab04b11cd986dda6f744f828e822b1368f3630066030b07deded4d5365d1d
Decrypted keytype 18 usage 13 using learnt authenticator_subkey in frame 103 (id=103.2 same=0) (8b4caf1b...)
[Expert Info (Chat/Security): Decrypted keytype 18 usage 13 using learnt authenticator_subkey in frame 103 (id=103.2 same=0) (8b4caf1b...)]
[Decrypted keytype 18 usage 13 using learnt authenticator_subkey in frame 103 (id=103.2 same=0) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used keymap=all_keys num_keys=46 num_tries=14)]
[Used keymap=all_keys num_keys=46 num_tries=14)]
[Severity level: Chat]
[Group: Security]
encKrbPrivPart 192.168.122.48
user-data [?]: 3081a2a07a0478256f734650754231303e333f787a5671233b635367303a7378365f497537735d29503969237177763e4867634a557a5b3740716f28356376332d484265793d34233476585f475d41433826256654284a702d4278366d465f4a3074624b4f5a4d3850695e72685044
ChangePasswdData
newpasswd [?]: 256f734650754231303e333f787a5671233b635367303a7378365f497537735d29503969237177763e4867634a557a5b3740716f28356376332d484265793d34233476585f475d41433826256654284a702d4278366d465f4a3074624b4f5a4d3850695e726850446149714f344f25
targname
name-type: kRB5-NT-PRINCIPAL (1)
name-string: 1 item
KerberosString: LOCALHOST$
targrealm: FOREST.MY
s-address 192.168.122.48
addr-type: iPv4 (2)
IP Address: 192.168.122.48
Used learnt authenticator_subkey in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)
[Expert Info (Chat/Security): Used learnt authenticator_subkey in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)]
[Used learnt authenticator_subkey in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
More information about the cifs-protocol
mailing list