coding binge coming on.
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Mon Mar 8 17:06:32 GMT 1999
On Mon, 8 Mar 1999, Todd Sabin wrote:
> Luke wrote:
> >
> > that requires info from microsoft on how they obfuscate an area of the rpc
> > code that contains six buffers (four unicode strings: two passwords).
> >
>
> Which call is this? I did this while sniffing. The calls made were
>
> SamrOpenDomain(0x7)
> SamrCreateUser2InDomain(0x32)
maybe this one.
> SamrQueryInformationUser(0x24)
> SamrGetUserDomainPasswordInformation(0x2c)
> SamrSetInformationUser2(0x3a)
or this one.
> a couple of SamrCloseHandle(0x1)
>
> The SamrSetInformationUser2 call looks to have some ugly stuff in it. Is
> this the one you're referring to? I have the sniff if you want it.
it's going to be full, in the middle, of total garbage, probably
surrounded by mostly null chars.
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
=====================================================================
Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183
Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000
Internet Security Systems, Inc. | ISS Fax : (678) 443-6477
http://www.iss.net/ *Adaptive Network Security for the Enterprise*
ISS Connect - International User Conference - May '99
=====================================================================
More information about the samba-technical
mailing list