DCERPC sign & seal

Stefan (metze) Metzmacher metze at samba.org
Fri Aug 20 16:37:32 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stefan (metze) Metzmacher schrieb:

| Hi Andrew,
|
| here'are some info's about what I need for doing more research on the
| DRSUAPI pipe,
|
| when you'll run the RCP-DRSUAPI test you'll allways got
| DCERPC_FAULT_LOGON_FAILURE (0x00000005)
|
| I have upload some captures to samba.org:/data/samba-team/captures/metze
| (w2k-103-become-dc.cap and native-2k-logon-ads.cap)
|
| there are a few binds to the DRSUAPI from windows to windows boxes,
|
| DCERPC_AUTH_TYPE_SPNEGO (9) (with krb5) works
| DCERPC_AUTH_TYPE_KRB5 (16! not 1) works
| DCERPC_AUTH_TYPE_NTLMSSP (10) with NULL username fails
|
| It would be very cool to have that working soon with the samba4 code:-)

some more info:

[18:34:45] <metze> bin/smbtorture ncacn_np:w2k3-101.w2k3.vmnet1.vm.base:sign -U administrator%test
- -W w2k3.vmnet1.vm.base RPC-DRSUAPI
[18:34:45] <metze> Running RPC-DRSUAPI
[18:34:45] <metze> Connecting to SAMR
[18:34:45] <metze> Opening domain W2K3.VMNET1.VM.BASE
[18:34:45] <metze> Creating machine account torturetest
[18:34:45] <metze> Setting machine account password 'r2U+JZwt'
[18:34:45] <metze> SetUserInfo failed - NT_STATUS_WRONG_PASSWORD
[18:34:51] irc.eu.freenode.net [412] :No text to send
[18:35:16] <metze> with ncacn_np::sign we do a auth bind over the named pipe
[18:35:54] <metze> so it seems that the session key cames from the auth bind
[18:36:08] <metze> as for rpc over tcp
[18:36:34] <metze> bin/smbtorture ncacn_ip_tcp:w2k3-101.w2k3.vmnet1.vm.base:sign -U
administrator%test -W w2k3.vmnet1.vm.base RPC-DRSUAPI
[18:36:34] <metze> Running RPC-DRSUAPI
[18:36:34] <metze> Connecting to SAMR
[18:36:34] <metze> Opening domain W2K3.VMNET1.VM.BASE
[18:36:34] <metze> Creating machine account torturetest
[18:36:34] <metze> Setting machine account password 'cU_JF2Es'
[18:36:34] <metze> SetUserInfo failed - NT_STATUS_WRONG_PASSWORD

- --
metze

Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBJijMm70gjA5TCD8RAlt5AJ4w4aGgUNkFuLLmgB06tn0vjH1/ngCg0H/K
D85mbJVqagK3Ba2d32OgMu8=
=zRy8
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list