Win2003 'no passwords' vamprire problem solution

Andrew Bartlett abartlet at
Sat Nov 13 06:35:54 GMT 2004

While working on tests for Samba4's smbtorture, I have a constructed an
apparently correct parser for the 'sensitive data' field, located in the
samsync user deltas.

This provides the user's NT and LM passwords, where these were
unavailable since since Win2k3.  The (cludge) IDL is in Samba4, and the
RPC-SAMSYNC test.  (The encryption of the 'sensitive data' is simply RC4
with the session key, so nothing too special there).

This should allow vampire to become operable for those sites again.

I'm currently working to validate Samba4' IDL for this entire area,
which may lead us to a Samba4 based vampire utility in the near future.

Andrew Bartlett
Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list