winbindd problem with NT4 PDC: samba does not see all the groups
Daniel Deimert
d1dd at dtek.chalmers.se
Sun Nov 11 17:21:04 GMT 2001
Hi,
I would like to report a bug in winbindd that seems to be present in 2.2.2,
cvs 2.2.3-pre and cvs HEAD (cvs sources checked out Nov 9).
The problem is preventing us from using Samba in production with winbindd.
For all three samba versions, winbindd fails with the following symptoms:
Samba has successfully joined the NT4 domain (the PDC is running NT)
Domain users can access the samba server.
wbinfo -g FAILS by only listing 8 groups of 50+
wbinfo -t is OK
wbinfo -u is OK
wbinfo -s is OK and can lookup groups not listed by wbinfo -g
==================================================
Attempting to list all the groups with "wbinfo -g" or "getent group" does
not work.
$ wbinfo -g
FAIRFIELD+Domain Admins
FAIRFIELD+Domain Guests
FAIRFIELD+Domain Users
FAIRFIELD+MIS2
FAIRFIELD+MTS Trusted Impersonators
FAIRFIELD+Purchasing
FAIRFIELD+RAS
FAIRFIELD+SMSInternalCliGrp
Note that samba only finds 8 groups. getent group also only displays
these 8 groups. There are many more groups available at the PDC.
However, if I query wbinfo "in reverse" with wbinfo -G, I can find two
more groups, cadread and cadwrite. They can also be mapped from SID to
name using wbinfo. Why are they not included in the wbinfo -g (or
getent group) listings?
$ wbinfo -s S-1-5-21-1563037056-1694922919-879972363-1177
FAIRFIELD+cadread 4
$ wbinfo -s S-1-5-21-1563037056-1694922919-879972363-1176
FAIRFIELD+Cadcreate 4
==================================================
Output from from winbindd -d 100 -i
==================================================
codepage_initialise: client code page = 850
load_client_codepage: loading codepage 850.
Adding chars 0x85 0xb7 (l->u = True) (u->l = True)
Adding chars 0xa0 0xb5 (l->u = True) (u->l = True)
Adding chars 0x83 0xb6 (l->u = True) (u->l = True)
Adding chars 0xc6 0xc7 (l->u = True) (u->l = True)
Adding chars 0x84 0x8e (l->u = True) (u->l = True)
Adding chars 0x86 0x8f (l->u = True) (u->l = True)
Adding chars 0x91 0x92 (l->u = True) (u->l = True)
Adding chars 0x87 0x80 (l->u = True) (u->l = True)
Adding chars 0x8a 0xd4 (l->u = True) (u->l = True)
Adding chars 0x82 0x90 (l->u = True) (u->l = True)
Adding chars 0x88 0xd2 (l->u = True) (u->l = True)
Adding chars 0x89 0xd3 (l->u = True) (u->l = True)
Adding chars 0x8d 0xde (l->u = True) (u->l = True)
Adding chars 0xa1 0xd6 (l->u = True) (u->l = True)
Adding chars 0x8c 0xd7 (l->u = True) (u->l = True)
Adding chars 0x8b 0xd8 (l->u = True) (u->l = True)
Adding chars 0xd0 0xd1 (l->u = True) (u->l = True)
Adding chars 0xa4 0xa5 (l->u = True) (u->l = True)
Adding chars 0x95 0xe3 (l->u = True) (u->l = True)
Adding chars 0xa2 0xe0 (l->u = True) (u->l = True)
Adding chars 0x93 0xe2 (l->u = True) (u->l = True)
Adding chars 0xe4 0xe5 (l->u = True) (u->l = True)
Adding chars 0x94 0x99 (l->u = True) (u->l = True)
Adding chars 0x9b 0x9d (l->u = True) (u->l = True)
Adding chars 0x97 0xeb (l->u = True) (u->l = True)
Adding chars 0xa3 0xe9 (l->u = True) (u->l = True)
Adding chars 0x96 0xea (l->u = True) (u->l = True)
Adding chars 0x81 0x9a (l->u = True) (u->l = True)
Adding chars 0xec 0xed (l->u = True) (u->l = True)
Adding chars 0xe7 0xe8 (l->u = True) (u->l = True)
Adding chars 0x9c 0x0 (l->u = False) (u->l = False)
load_unicode_map: loading unicode map for codepage 850.
added interface ip=192.168.10.9 bcast=192.168.10.255 nmask=255.255.255.0
establishing connections
server: dc=, pwdb_init=0, lsa_hnd=0
resolve_lmhosts: Attempting lmhosts lookup for name FAIRFIELD<0x1c>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_wins: Attempting wins lookup for name FAIRFIELD<0x1c>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name FAIRFIELD<0x1c>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 16103
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=16103 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
answers 0 char ...... hex E000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.27 lastport 137 read: 62
parse_nmb: packet id = 16103
Received a packet of len 62 from (192.168.10.27) port 137
nmb packet from 192.168.10.27(137) header: id=16103 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
answers 0 char ...... hex E000C0A80A1B
Got a positive name query response from 192.168.10.27 ( 192.168.10.27 )
read_udp_socket: lastip 192.168.10.21 lastport 137 read: 62
parse_nmb: packet id = 16103
Received a packet of len 62 from (192.168.10.21) port 137
nmb packet from 192.168.10.21(137) header: id=16103 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
answers 0 char ...... hex E000C0A80A15
Got a positive name query response from 192.168.10.21 ( 192.168.10.21 )
read_udp_socket: lastip 192.168.10.11 lastport 13485 read: 58
parse_nmb: packet id = 16103
Received a packet of len 58 from (192.168.10.11) port 13485
nmb packet from 192.168.10.11(13485) header: id=16103 opcode=WACK(7) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=10
answers 0 char .. hex 0100
bind succeeded on port 0
Sending a packet of len 50 to (192.168.10.28) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 283
parse_nmb: packet id = 22354
Received a packet of len 283 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=22354 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .IMT_BDC hex 09494D545F4244432020202020202020
answers 10 char .D.IMT_BDC hex 004400494D545F424443202020202020
answers 20 char D.FAIRFIELD hex 2020204400464149524649454C442020
answers 30 char ...FAIRFIELD hex 2020202000C400464149524649454C44
answers 40 char ...FAIRFIE hex 2020202020201CC40046414952464945
answers 50 char LD ...IMT_B hex 4C442020202020201EC400494D545F42
answers 60 char DC .D.ADM hex 4443202020202020202003440041444D
answers 70 char INISTRATOR .D.I hex 494E4953545241544F52202003440049
answers 80 char Net~Services .. hex 4E65747E536572766963657320201CC4
answers 90 char .IS~IMT_BDC..... hex 0049537E494D545F4244430000000000
answers a0 char .D......I....... hex 00440000A0C9ECD64900000000000000
answers b0 char ................ hex 00000000000000000000000000000000
answers c0 char ................ hex 00000000000000000000000000000000
answers d0 char . hex 00
cli_init_creds: user domain flgs: 0
ntlmssp_cli_flgs:0
resolve_srv_name: IMT_BDC
resolve_lmhosts: Attempting lmhosts lookup for name IMT_BDC<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_hosts: Attempting host lookup for name IMT_BDC<0x20>
resolve_wins: Attempting wins lookup for name IMT_BDC<0x20>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name IMT_BDC<0x20>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 21084
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=21084 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=300000
answers 0 char `..... hex 6000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.11 lastport 13488 read: 58
parse_nmb: packet id = 21084
Received a packet of len 58 from (192.168.10.11) port 13488
nmb packet from 192.168.10.11(13488) header: id=21084 opcode=WACK(7) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=10
answers 0 char .. hex 0100
cli_establish_connection: CADFILES<00> connecting to IMT_BDC<20> (192.168.10.28) - []
Connecting to 192.168.10.28 at port 139
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(7,76)
write_socket(7,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
write_socket(7,168)
write_socket(7,168) wrote 168
got smb length of 97
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=20480 (0x5000)
smb_vwv[12]=25538 (0x63C2)
smb_vwv[13]=30973 (0x78FD)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 2C 79 A6 1F D6 99 D6 2E 46 00 41 00 49 00 52 00 ,y...... F.A.I.R.
[010] 46 00 49 00 45 00 4C 00 44 00 00 00 F.I.E.L. D...
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=20480 (0x5000)
smb_vwv[12]=25538 (0x63C2)
smb_vwv[13]=30973 (0x78FD)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 2C 79 A6 1F D6 99 D6 2E 46 00 41 00 49 00 52 00 ,y...... F.A.I.R.
[010] 46 00 49 00 45 00 4C 00 44 00 00 00 F.I.E.L. D...
write_socket(7,92)
write_socket(7,92) wrote 92
got smb length of 130
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 00 .E.L.D.. .
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 00 .E.L.D.. .
write_socket(7,82)
write_socket(7,82) wrote 82
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00 IPC....
write_socket(7,104)
write_socket(7,104) wrote 104
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=34
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=103 (0x67)
smb_vwv[2]=5632 (0x1600)
smb_vwv[3]=264 (0x108)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=0 (0x0)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=0 (0x0)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_vwv[24]=16 (0x10)
smb_vwv[25]=0 (0x0)
smb_vwv[26]=0 (0x0)
smb_vwv[27]=0 (0x0)
smb_vwv[28]=0 (0x0)
smb_vwv[29]=0 (0x0)
smb_vwv[30]=0 (0x0)
smb_vwv[31]=512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=5 (0x5)
smb_bcc=0
Bind RPC Pipe[816]: \PIPE\lsarpc
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
[010] 00 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 00
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000001
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 1630
0012 max_rsize: 1630
0014 assoc_gid: 00000000
0018 num_elements: 00000001
001c context_id : 0000
001e num_syntaxes: 01
00001f smb_io_rpc_iface
0020 data : 12345778
0024 data : 1234
0026 data : abcd
0028 data : ef 00 01 23 45 67 89 ab
0030 version: 00000000
000034 smb_io_rpc_iface
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8 08 00 2b 10 48 60
0044 version: 00000002
rpc_api_pipe: cmd:26 fnum:816
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=72 (0x48)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=72 (0x48)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=72 (0x48)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 00 30 .......H .......0
[020] 16 30 16 00 00 00 00 01 00 00 00 00 00 01 00 78 .0...... .......x
[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 .H`....
write_socket(7,158)
write_socket(7,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D......
[010] 00 30 16 30 16 CA 9D 00 00 0C 00 5C 50 49 50 45 .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 14 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D......
[010] 00 30 16 30 16 CA 9D 00 00 0C 00 5C 50 49 50 45 .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 14 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000001
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 1630
0012 max_rsize: 1630
0014 assoc_gid: 00009dca
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8 08 00 2b 10 48 60
0040 version: 00000002
bind_rpc_pipe: server pipe_name found: \PIPE\lsass
bind_rpc_pipe: accepted!
init_open_pol: attr:0 da:33554432
init_lsa_obj_attr
000000 lsa_io_q_open_pol
0000 ptr : 00000001
0004 system_name: 005c
000008 lsa_io_obj_attr
0008 len : 00000018
000c ptr_root_dir: 00000000
0010 ptr_obj_name: 00000000
0014 attributes : 00000000
0018 ptr_sec_desc: 00000000
001c ptr_sec_qos : 00000000
0020 des_access: 02000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x6 data_len: 0x3c
create_rpc_request: data_len: 3c auth_len: 0 alloc_hint: 2c
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 003c
000a auth_len : 0000
000c call_id : 00000002
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000002c
0014 context_id: 0000
0016 opnum : 0006
data_len: 3c data_calc_len: 3c
rpc_api_pipe: cmd:26 fnum:816
size=142
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=60 (0x3C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=60 (0x3C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=60 (0x3C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=75
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 2C .......< .......,
[020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\....
[030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[040] 00 00 00 00 00 00 00 00 00 00 02 ........ ...
write_socket(7,146)
write_socket(7,146) wrote 146
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 <....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 42 88 78 ........ .....B.x
[020] FE 56 E6 2C 4F A3 DB B6 20 4E FC E2 08 00 00 00 .V.,O... N......
[030] 00 .
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 <....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 42 88 78 ........ .....B.x
[020] FE 56 E6 2C 4F A3 DB B6 20 4E FC E2 08 00 00 00 .V.,O... N......
[030] 00 .
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000002
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_open_pol
000018 smb_io_pol_hnd
0018 data1: 00000000
001c data2: fe788842
0020 data3: e656
0022 data4: 4f2c
0024 data5: a3 db b6 20 4e fc e2 08
002c status: 00000000
getting trusted domain list
adding trusted domain FAIRFIELD
init_q_enum_trust_dom
000000 lsa_io_q_enum_trust_dom
000000 smb_io_pol_hnd
0000 data1: 00000000
0004 data2: fe788842
0008 data3: e656
000a data4: 4f2c
000c data5: a3 db b6 20 4e fc e2 08
0014 enum_context : 00000000
0018 preferred_len: ffffffff
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xd data_len: 0x34
create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0034
000a auth_len : 0000
000c call_id : 00000003
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000024
0014 context_id: 0000
0016 opnum : 000d
data_len: 34 data_calc_len: 34
rpc_api_pipe: cmd:26 fnum:816
size=134
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=52 (0x34)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=52 (0x34)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=67
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 34 00 00 00 03 00 00 00 24 .......4 .......$
[020] 00 00 00 00 00 0D 00 00 00 00 00 42 88 78 FE 56 ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E FC E2 08 00 00 00 00 FF .,O... N ........
[040] FF FF FF ...
write_socket(7,138)
write_socket(7,138) wrote 138
got smb length of 108
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00 00 70 00 00 00 03 00 00 4....... .p......
[010] 00 58 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .X...... ........
[020] 00 F0 CF 42 0F 01 00 00 00 10 00 10 00 B8 AB 45 ...B.... .......E
[030] 0F C8 F5 19 00 .....
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00 00 70 00 00 00 03 00 00 4....... .p......
[010] 00 58 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .X...... ........
[020] 00 F0 CF 42 0F 01 00 00 00 10 00 10 00 B8 AB 45 ...B.... .......E
[030] 0F C8 F5 19 00 .....
rpc_check_hdr: rdata->data_size = 52
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0070
000a auth_len : 0000
000c call_id : 00000003
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000058
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 60 smbtrans read: 52
rpc_read: data_to_read: 60 rdata offset: 52 extra_data_size: 60
rpc_read: grew buffer by 60 bytes to 112
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 120
size=120
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=60 (0x3C)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=61
[000] 03 08 00 00 00 00 00 00 00 08 00 00 00 49 00 4E ........ .....I.N
[010] 00 54 00 45 00 52 00 4D 00 45 00 43 00 04 00 00 .T.E.R.M .E.C....
[020] 00 01 04 00 00 00 00 00 05 15 00 00 00 1D 66 1A ........ ......f.
[030] 05 F8 19 A0 50 AB 15 05 2D 00 00 00 00 ....P... -....
rpc_read: num_read = 60, read offset: 0, to read: 60
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_enum_trust_dom
0018 enum_context : 00000001
001c num_domains : 00000001
0020 ptr_enum_domains: 0f42cff0
0024 num_domains2: 00000001
000028 smb_io_unihdr2
000028 smb_io_unihdr hdr
0028 uni_str_len: 0010
002a uni_max_len: 0010
002c buffer : 0f45abb8
0030 buffer: 0019f5c8
000034 smb_io_unistr2
0034 uni_max_len: 00000008
0038 undoc : 00000000
003c uni_str_len: 00000008
0040 buffer : I.N.T.E.R.M.E.C.
000050 smb_io_dom_sid2
0050 num_auths: 00000004
000054 smb_io_dom_sid sid
0054 sid_rev_num: 01
0055 num_auths : 04
0056 id_auth[0] : 00
0057 id_auth[1] : 00
0058 id_auth[2] : 00
0059 id_auth[3] : 00
005a id_auth[4] : 00
005b id_auth[5] : 05
005c sub_auths : 00000015 051a661d 50a019f8 2d0515ab
006c status: 00000000
adding trusted domain INTERMEC
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
accepted socket 10
[17006]: list groups
checking domain handles for domain INTERMEC
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
opening sam handles
Getting domain info for domain INTERMEC
looking up sid for domain INTERMEC
resolve_lmhosts: Attempting lmhosts lookup for name INTERMEC<0x1c>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_wins: Attempting wins lookup for name INTERMEC<0x1c>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name INTERMEC<0x1c>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.12 lastport 137 read: 62
parse_nmb: packet id = 3242
Received a packet of len 62 from (192.168.10.12) port 137
nmb packet from 192.168.10.12(137) header: id=3242 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=INTERMEC<1c> rr_type=32 rr_class=1 ttl=300000
answers 0 char ...... hex E000C0A80A0C
Got a positive name query response from 192.168.10.12 ( 192.168.10.12 )
read_udp_socket: lastip 192.168.10.11 lastport 13501 read: 58
parse_nmb: packet id = 3242
Received a packet of len 58 from (192.168.10.11) port 13501
nmb packet from 192.168.10.11(13501) header: id=3242 opcode=WACK(7) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=INTERMEC<1c> rr_type=32 rr_class=1 ttl=10
answers 0 char .. hex 0100
bind succeeded on port 0
Sending a packet of len 50 to (192.168.10.12) on port 137
read_udp_socket: lastip 192.168.10.11 lastport 13508 read: 56
parse_nmb: packet id = 3242
Received a packet of len 56 from (192.168.10.11) port 13508
Sending a packet of len 50 to (192.168.10.12) on port 137
Could not resolve domain controller for domain INTERMEC
could not find sid for domain INTERMEC
checking domain handles for domain FAIRFIELD
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
opening sam handles
Getting domain info for domain FAIRFIELD
looking up sid for domain FAIRFIELD
resolve_lmhosts: Attempting lmhosts lookup for name FAIRFIELD<0x1c>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_wins: Attempting wins lookup for name FAIRFIELD<0x1c>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name FAIRFIELD<0x1c>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 8567
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=8567 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
answers 0 char ...... hex E000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.27 lastport 137 read: 62
parse_nmb: packet id = 8567
Received a packet of len 62 from (192.168.10.27) port 137
nmb packet from 192.168.10.27(137) header: id=8567 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
answers 0 char ...... hex E000C0A80A1B
Got a positive name query response from 192.168.10.27 ( 192.168.10.27 )
read_udp_socket: lastip 192.168.10.21 lastport 137 read: 62
parse_nmb: packet id = 8567
Received a packet of len 62 from (192.168.10.21) port 137
nmb packet from 192.168.10.21(137) header: id=8567 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
answers 0 char ...... hex E000C0A80A15
Got a positive name query response from 192.168.10.21 ( 192.168.10.21 )
read_udp_socket: lastip 192.168.10.11 lastport 13509 read: 58
parse_nmb: packet id = 8567
Received a packet of len 58 from (192.168.10.11) port 13509
nmb packet from 192.168.10.11(13509) header: id=8567 opcode=WACK(7) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=10
answers 0 char .. hex 0100
bind succeeded on port 0
Sending a packet of len 50 to (192.168.10.28) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 283
parse_nmb: packet id = 10272
Received a packet of len 283 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=10272 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .IMT_BDC hex 09494D545F4244432020202020202020
answers 10 char .D.IMT_BDC hex 004400494D545F424443202020202020
answers 20 char D.FAIRFIELD hex 2020204400464149524649454C442020
answers 30 char ...FAIRFIELD hex 2020202000C400464149524649454C44
answers 40 char ...FAIRFIE hex 2020202020201CC40046414952464945
answers 50 char LD ...IMT_B hex 4C442020202020201EC400494D545F42
answers 60 char DC .D.ADM hex 4443202020202020202003440041444D
answers 70 char INISTRATOR .D.I hex 494E4953545241544F52202003440049
answers 80 char Net~Services .. hex 4E65747E536572766963657320201CC4
answers 90 char .IS~IMT_BDC..... hex 0049537E494D545F4244430000000000
answers a0 char .D......I....... hex 00440000A0C9ECD64900000000000000
answers b0 char ................ hex 00000000000000000000000000000000
answers c0 char ................ hex 00000000000000000000000000000000
answers d0 char . hex 00
init_q_query
000000 lsa_io_q_query
000000 smb_io_pol_hnd
0000 data1: 00000000
0004 data2: fe788842
0008 data3: e656
000a data4: 4f2c
000c data5: a3 db b6 20 4e fc e2 08
0014 info_class: 0005
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x7 data_len: 0x2e
create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002e
000a auth_len : 0000
000c call_id : 00000004
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000001e
0014 context_id: 0000
0016 opnum : 0007
data_len: 2e data_calc_len: 2e
rpc_api_pipe: cmd:26 fnum:816
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=46 (0x2E)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=46 (0x2E)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=61
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 2E 00 00 00 04 00 00 00 1E ........ ........
[020] 00 00 00 00 00 07 00 00 00 00 00 42 88 78 FE 56 ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E FC E2 08 05 00 .,O... N .....
write_socket(7,132)
write_socket(7,132) wrote 132
got smb length of 102
size=102
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=46 (0x2E)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=47
[000] 2E 05 00 02 03 10 00 00 00 6C 00 00 00 04 00 00 ........ .l......
[010] 00 54 00 00 00 00 00 00 00 20 CA 15 00 05 00 00 .T...... . ......
[020] 00 12 00 14 00 C8 F5 19 00 10 45 1D 00 0A 00 ........ ..E....
size=102
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=46 (0x2E)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=47
[000] 2E 05 00 02 03 10 00 00 00 6C 00 00 00 04 00 00 ........ .l......
[010] 00 54 00 00 00 00 00 00 00 20 CA 15 00 05 00 00 .T...... . ......
[020] 00 12 00 14 00 C8 F5 19 00 10 45 1D 00 0A 00 ........ ..E....
rpc_check_hdr: rdata->data_size = 46
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 006c
000a auth_len : 0000
000c call_id : 00000004
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000054
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 62 smbtrans read: 46
rpc_read: data_to_read: 62 rdata offset: 46 extra_data_size: 62
rpc_read: grew buffer by 62 bytes to 108
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 122
size=122
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=62 (0x3E)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=63
[000] 03 00 00 00 00 00 00 09 00 00 00 46 00 41 00 49 ........ ...F.A.I
[010] 00 52 00 46 00 49 00 45 00 4C 00 44 00 4D 00 04 .R.F.I.E .L.D.M..
[020] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 80 ........ ........
[030] 0D 2A 5D A7 78 06 65 0B 50 73 34 00 00 00 00 .*].x.e. Ps4....
rpc_read: num_read = 62, read offset: 0, to read: 62
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_query
0018 undoc_buffer: 0015ca20
001c info_class: 0005
000020 lsa_io_dom_query
0020 uni_dom_max_len: 0012
0022 uni_dom_str_len: 0014
0024 buffer_dom_name: 0019f5c8
0028 buffer_dom_sid : 001d4510
00002c smb_io_unistr2 unistr2
002c uni_max_len: 0000000a
0030 undoc : 00000000
0034 uni_str_len: 00000009
0038 buffer : F.A.I.R.F.I.E.L.D.
00004c smb_io_dom_sid2
004c num_auths: 00000004
000050 smb_io_dom_sid sid
0050 sid_rev_num: 01
0051 num_auths : 04
0052 id_auth[0] : 00
0053 id_auth[1] : 00
0054 id_auth[2] : 00
0055 id_auth[3] : 00
0056 id_auth[4] : 00
0057 id_auth[5] : 05
0058 sub_auths : 00000015 5d2a0d80 650678a7 3473500b
0068 status: 00000000
found sid S-1-5-21-1563037056-1694922919-879972363 for domain FAIRFIELD
cli_init_creds: user domain flgs: 0
ntlmssp_cli_flgs:0
resolve_srv_name: IMT_BDC
resolve_lmhosts: Attempting lmhosts lookup for name IMT_BDC<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_hosts: Attempting host lookup for name IMT_BDC<0x20>
resolve_wins: Attempting wins lookup for name IMT_BDC<0x20>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name IMT_BDC<0x20>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 16379
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=16379 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=300000
answers 0 char `..... hex 6000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.11 lastport 13512 read: 58
parse_nmb: packet id = 16379
Received a packet of len 58 from (192.168.10.11) port 13512
nmb packet from 192.168.10.11(13512) header: id=16379 opcode=WACK(7) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=10
answers 0 char .. hex 0100
cli_establish_connection: CADFILES<00> connecting to IMT_BDC<20> (192.168.10.28) - []
Connecting to 192.168.10.28 at port 139
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(11,76)
write_socket(11,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
write_socket(11,168)
write_socket(11,168) wrote 168
got smb length of 97
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=15872 (0x3E00)
smb_vwv[12]=13717 (0x3595)
smb_vwv[13]=30982 (0x7906)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 0B 2D E3 79 20 8E 2C 10 46 00 41 00 49 00 52 00 .-.y .,. F.A.I.R.
[010] 46 00 49 00 45 00 4C 00 44 00 00 00 F.I.E.L. D...
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=15872 (0x3E00)
smb_vwv[12]=13717 (0x3595)
smb_vwv[13]=30982 (0x7906)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 0B 2D E3 79 20 8E 2C 10 46 00 41 00 49 00 52 00 .-.y .,. F.A.I.R.
[010] 46 00 49 00 45 00 4C 00 44 00 00 00 F.I.E.L. D...
write_socket(11,92)
write_socket(11,92) wrote 92
got smb length of 130
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 00 .E.L.D.. .
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 00 .E.L.D.. .
write_socket(11,82)
write_socket(11,82) wrote 82
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00 IPC....
write_socket(11,100)
write_socket(11,100) wrote 100
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=34
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=103 (0x67)
smb_vwv[2]=2560 (0xA00)
smb_vwv[3]=264 (0x108)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=0 (0x0)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=0 (0x0)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_vwv[24]=16 (0x10)
smb_vwv[25]=0 (0x0)
smb_vwv[26]=0 (0x0)
smb_vwv[27]=0 (0x0)
smb_vwv[28]=0 (0x0)
smb_vwv[29]=0 (0x0)
smb_vwv[30]=0 (0x0)
smb_vwv[31]=512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=5 (0x5)
smb_bcc=0
Bind RPC Pipe[80a]: \PIPE\samr
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4... ...#Eg..
[010] 01 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 00
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000005
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 1630
0012 max_rsize: 1630
0014 assoc_gid: 00000000
0018 num_elements: 00000001
001c context_id : 0000
001e num_syntaxes: 01
00001f smb_io_rpc_iface
0020 data : 12345778
0024 data : 1234
0026 data : abcd
0028 data : ef 00 01 23 45 67 89 ac
0030 version: 00000001
000034 smb_io_rpc_iface
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8 08 00 2b 10 48 60
0044 version: 00000002
rpc_api_pipe: cmd:26 fnum:80a
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=72 (0x48)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=72 (0x48)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=72 (0x48)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 00 10 00 00 00 48 00 00 00 05 00 00 00 30 .......H .......0
[020] 16 30 16 00 00 00 00 01 00 00 00 00 00 01 00 78 .0...... .......x
[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 .H`....
write_socket(11,158)
write_socket(11,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 H....... .D......
[010] 00 30 16 30 16 CE 9D 00 00 0C 00 5C 50 49 50 45 .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 H....... .D......
[010] 00 30 16 30 16 CE 9D 00 00 0C 00 5C 50 49 50 45 .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000005
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 1630
0012 max_rsize: 1630
0014 assoc_gid: 00009dce
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8 08 00 2b 10 48 60
0040 version: 00000002
bind_rpc_pipe: server pipe_name found: \PIPE\lsass
bind_rpc_pipe: accepted!
init_samr_q_connect
000000 samr_io_q_connect
0000 ptr_srv_name: 00000001
000004 smb_io_unistr2
0004 uni_max_len: 00000008
0008 undoc : 00000000
000c uni_str_len: 00000008
0010 buffer : I.M.T._.B.D.C...
0020 access_mask: 02000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x39 data_len: 0x3c
create_rpc_request: data_len: 3c auth_len: 0 alloc_hint: 2c
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 003c
000a auth_len : 0000
000c call_id : 00000006
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000002c
0014 context_id: 0000
0016 opnum : 0039
data_len: 3c data_calc_len: 3c
rpc_api_pipe: cmd:26 fnum:80a
size=142
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=60 (0x3C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=60 (0x3C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=60 (0x3C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=75
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 2C .......< .......,
[020] 00 00 00 00 00 39 00 01 00 00 00 08 00 00 00 00 .....9.. ........
[030] 00 00 00 08 00 00 00 49 00 4D 00 54 00 5F 00 42 .......I .M.T._.B
[040] 00 44 00 43 00 00 00 00 00 00 02 .D.C.... ...
write_socket(11,146)
write_socket(11,146) wrote 146
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 <....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 21 9B B9 ........ .....!..
[020] D1 2E 43 CD 4D B2 22 94 E4 4F B2 71 C6 00 00 00 ..C.M.". .O.q....
[030] 00 .
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 <....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 21 9B B9 ........ .....!..
[020] D1 2E 43 CD 4D B2 22 94 E4 4F B2 71 C6 00 00 00 ..C.M.". .O.q....
[030] 00 .
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000006
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_connect
000018 smb_io_pol_hnd connect_pol
0018 data1: 00000000
001c data2: d1b99b21
0020 data3: 432e
0022 data4: 4dcd
0024 data5: b2 22 94 e4 4f b2 71 c6
002c status: 00000000
samr_init_samr_q_open_domain
000000 samr_io_q_open_domain
000000 smb_io_pol_hnd pol
0000 data1: 00000000
0004 data2: d1b99b21
0008 data3: 432e
000a data4: 4dcd
000c data5: b2 22 94 e4 4f b2 71 c6
0014 flags: 02000000
000018 smb_io_dom_sid2 sid
0018 num_auths: 00000004
00001c smb_io_dom_sid sid
001c sid_rev_num: 01
001d num_auths : 04
001e id_auth[0] : 00
001f id_auth[1] : 00
0020 id_auth[2] : 00
0021 id_auth[3] : 00
0022 id_auth[4] : 00
0023 id_auth[5] : 05
0024 sub_auths : 00000015 5d2a0d80 650678a7 3473500b
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x7 data_len: 0x4c
create_rpc_request: data_len: 4c auth_len: 0 alloc_hint: 3c
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 004c
000a auth_len : 0000
000c call_id : 00000007
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000003c
0014 context_id: 0000
0016 opnum : 0007
data_len: 4c data_calc_len: 4c
rpc_api_pipe: cmd:26 fnum:80a
size=158
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=76 (0x4C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=76 (0x4C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=76 (0x4C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=91
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 3C .......L .......<
[020] 00 00 00 00 00 07 00 00 00 00 00 21 9B B9 D1 2E ........ ...!....
[030] 43 CD 4D B2 22 94 E4 4F B2 71 C6 00 00 00 02 04 C.M."..O .q......
[040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 80 ........ ........
[050] 0D 2A 5D A7 78 06 65 0B 50 73 34 .*].x.e. Ps4
write_socket(11,162)
write_socket(11,162) wrote 162
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 4C 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 L....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 13 BC 15 ........ ........
[020] 22 4E 3D F4 4C 9F 0F 69 B7 26 98 D3 0F 00 00 00 "N=.L..i .&......
[030] 00 .
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 4C 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 L....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 13 BC 15 ........ ........
[020] 22 4E 3D F4 4C 9F 0F 69 B7 26 98 D3 0F 00 00 00 "N=.L..i .&......
[030] 00 .
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000007
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_open_domain
000018 smb_io_pol_hnd domain_pol
0018 data1: 00000000
001c data2: 2215bc13
0020 data3: 3d4e
0022 data4: 4cf4
0024 data5: 9f 0f 69 b7 26 98 d3 0f
002c status: 00000000
init_samr_q_enum_dom_groups
000000 samr_io_q_enum_dom_groups
000000 smb_io_pol_hnd pol
0000 data1: 00000000
0004 data2: 2215bc13
0008 data3: 3d4e
000a data4: 4cf4
000c data5: 9f 0f 69 b7 26 98 d3 0f
0014 start_idx: 00000000
0018 max_size : 00008000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xb data_len: 0x34
create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0034
000a auth_len : 0000
000c call_id : 00000008
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000024
0014 context_id: 0000
0016 opnum : 000b
data_len: 34 data_calc_len: 34
rpc_api_pipe: cmd:26 fnum:80a
size=134
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=52 (0x34)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=52 (0x34)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=67
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 34 00 00 00 08 00 00 00 24 .......4 .......$
[020] 00 00 00 00 00 0B 00 00 00 00 00 13 BC 15 22 4E ........ ......"N
[030] 3D F4 4C 9F 0F 69 B7 26 98 D3 0F 00 00 00 00 00 =.L..i.& ........
[040] 80 00 00 ...
write_socket(11,138)
write_socket(11,138) wrote 138
got smb length of 108
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00 00 C0 01 00 00 08 00 00 4....... ........
[010] 00 A8 01 00 00 00 00 00 00 08 00 00 00 18 2A 17 ........ ......*.
[020] 00 08 00 00 00 78 A5 14 00 08 00 00 00 00 02 00 .....x.. ........
[030] 00 1A 00 20 00 ... .
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00 00 C0 01 00 00 08 00 00 4....... ........
[010] 00 A8 01 00 00 00 00 00 00 08 00 00 00 18 2A 17 ........ ......*.
[020] 00 08 00 00 00 78 A5 14 00 08 00 00 00 00 02 00 .....x.. ........
[030] 00 1A 00 20 00 ... .
rpc_check_hdr: rdata->data_size = 52
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 01c0
000a auth_len : 0000
000c call_id : 00000008
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 000001a8
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 396 smbtrans read: 52
rpc_read: data_to_read: 396 rdata offset: 52 extra_data_size: 396
rpc_read: grew buffer by 396 bytes to 448
write_socket(11,59)
write_socket(11,59) wrote 59
got smb length of 456
size=456
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=396 (0x18C)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=397
[000] 03 C0 64 1C 00 02 02 00 00 1A 00 20 00 28 66 1C ..d..... ... .(f.
[010] 00 01 02 00 00 18 00 20 00 20 64 1C 00 6B 04 00 ....... . d..k..
[020] 00 08 00 20 00 C8 63 1C 00 FA 03 00 00 32 00 32 ... ..c. .....2.2
[030] 00 A8 AF 1C 00 1A 05 00 00 14 00 20 00 70 63 1C ........ ... .pc.
[040] 00 F0 03 00 00 06 00 20 00 48 63 1C 00 AB 05 00 ....... .Hc.....
[050] 00 22 00 22 00 C0 62 1C 00 10 00 00 00 00 00 00 ."."..b. ........
[060] 00 0D 00 00 00 44 00 6F 00 6D 00 61 00 69 00 6E .....D.o .m.a.i.n
[070] 00 20 00 41 00 64 00 6D 00 69 00 6E 00 73 00 00 . .A.d.m .i.n.s..
[080] 00 10 00 00 00 00 00 00 00 0D 00 00 00 44 00 6F ........ .....D.o
[090] 00 6D 00 61 00 69 00 6E 00 20 00 47 00 75 00 65 .m.a.i.n . .G.u.e
[0A0] 00 73 00 74 00 73 00 9A BF 10 00 00 00 00 00 00 .s.t.s.. ........
[0B0] 00 0C 00 00 00 44 00 6F 00 6D 00 61 00 69 00 6E .....D.o .m.a.i.n
[0C0] 00 20 00 55 00 73 00 65 00 72 00 73 00 10 00 00 . .U.s.e .r.s....
[0D0] 00 00 00 00 00 04 00 00 00 4D 00 49 00 53 00 32 ........ .M.I.S.2
[0E0] 00 19 00 00 00 00 00 00 00 19 00 00 00 4D 00 54 ........ .....M.T
[0F0] 00 53 00 20 00 54 00 72 00 75 00 73 00 74 00 65 .S. .T.r .u.s.t.e
[100] 00 64 00 20 00 49 00 6D 00 70 00 65 00 72 00 73 .d. .I.m .p.e.r.s
[110] 00 6F 00 6E 00 61 00 74 00 6F 00 72 00 73 00 30 .o.n.a.t .o.r.s.0
[120] C6 10 00 00 00 00 00 00 00 0A 00 00 00 50 00 75 ........ .....P.u
[130] 00 72 00 63 00 68 00 61 00 73 00 69 00 6E 00 67 .r.c.h.a .s.i.n.g
[140] 00 10 00 00 00 00 00 00 00 03 00 00 00 52 00 41 ........ .....R.A
[150] 00 53 00 14 00 11 00 00 00 00 00 00 00 11 00 00 .S...... ........
[160] 00 53 00 4D 00 53 00 49 00 6E 00 74 00 65 00 72 .S.M.S.I .n.t.e.r
[170] 00 6E 00 61 00 6C 00 43 00 6C 00 69 00 47 00 72 .n.a.l.C .l.i.G.r
[180] 00 70 00 00 00 08 00 00 00 00 00 00 00 .p...... .....
rpc_read: num_read = 396, read offset: 0, to read: 396
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_enum_dom_groups
0018 next_idx : 00000008
001c ptr_entries1: 00172a18
0020 num_entries2: 00000008
0024 ptr_entries2: 0014a578
0028 num_entries3: 00000008
00002c sam_io_sam_entry
002c rid: 00000200
000030 smb_io_unihdr unihdr
0030 uni_str_len: 001a
0032 uni_max_len: 0020
0034 buffer : 001c64c0
000038 sam_io_sam_entry
0038 rid: 00000202
00003c smb_io_unihdr unihdr
003c uni_str_len: 001a
003e uni_max_len: 0020
0040 buffer : 001c6628
000044 sam_io_sam_entry
0044 rid: 00000201
000048 smb_io_unihdr unihdr
0048 uni_str_len: 0018
004a uni_max_len: 0020
004c buffer : 001c6420
000050 sam_io_sam_entry
0050 rid: 0000046b
000054 smb_io_unihdr unihdr
0054 uni_str_len: 0008
0056 uni_max_len: 0020
0058 buffer : 001c63c8
00005c sam_io_sam_entry
005c rid: 000003fa
000060 smb_io_unihdr unihdr
0060 uni_str_len: 0032
0062 uni_max_len: 0032
0064 buffer : 001cafa8
000068 sam_io_sam_entry
0068 rid: 0000051a
00006c smb_io_unihdr unihdr
006c uni_str_len: 0014
006e uni_max_len: 0020
0070 buffer : 001c6370
000074 sam_io_sam_entry
0074 rid: 000003f0
000078 smb_io_unihdr unihdr
0078 uni_str_len: 0006
007a uni_max_len: 0020
007c buffer : 001c6348
000080 sam_io_sam_entry
0080 rid: 000005ab
000084 smb_io_unihdr unihdr
0084 uni_str_len: 0022
0086 uni_max_len: 0022
0088 buffer : 001c62c0
00008c smb_io_unistr2
008c uni_max_len: 00000010
0090 undoc : 00000000
0094 uni_str_len: 0000000d
0098 buffer : D.o.m.a.i.n. .A.d.m.i.n.s.
0000b2 smb_io_unistr2
00b4 uni_max_len: 00000010
00b8 undoc : 00000000
00bc uni_str_len: 0000000d
00c0 buffer : D.o.m.a.i.n. .G.u.e.s.t.s.
0000da smb_io_unistr2
00dc uni_max_len: 00000010
00e0 undoc : 00000000
00e4 uni_str_len: 0000000c
00e8 buffer : D.o.m.a.i.n. .U.s.e.r.s.
000100 smb_io_unistr2
0100 uni_max_len: 00000010
0104 undoc : 00000000
0108 uni_str_len: 00000004
010c buffer : M.I.S.2.
000114 smb_io_unistr2
0114 uni_max_len: 00000019
0118 undoc : 00000000
011c uni_str_len: 00000019
0120 buffer : M.T.S. .T.r.u.s.t.e.d. .I.m.p.e.r.s.o.n.a.t.o.r.s.
000152 smb_io_unistr2
0154 uni_max_len: 00000010
0158 undoc : 00000000
015c uni_str_len: 0000000a
0160 buffer : P.u.r.c.h.a.s.i.n.g.
000174 smb_io_unistr2
0174 uni_max_len: 00000010
0178 undoc : 00000000
017c uni_str_len: 00000003
0180 buffer : R.A.S.
000186 smb_io_unistr2
0188 uni_max_len: 00000011
018c undoc : 00000000
0190 uni_str_len: 00000011
0194 buffer : S.M.S.I.n.t.e.r.n.a.l.C.l.i.G.r.p.
01b8 num_entries4: 00000008
01bc status: 00000000
read failed on sock 10, pid 17006: EOF
accepted socket 10
establishing connections
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
[17008]: lookupsid S-1-5-21-1563037056-1694922919-879972363-1177
string_to_sid: converted SID S-1-5-21-1563037056-1694922919-879972363-1177 ok
init_r_enum_trust_dom
init_lsa_sid_enum
000000 lsa_io_q_lookup_sids
000000 smb_io_pol_hnd pol_hnd
0000 data1: 00000000
0004 data2: fe788842
0008 data3: e656
000a data4: 4f2c
000c data5: a3 db b6 20 4e fc e2 08
000014 lsa_io_sid_enum sids
0014 num_entries : 00000001
0018 ptr_sid_enum: 00000001
001c num_entries2: 00000001
0020 ptr_sid[0]: 00000001
000024 smb_io_dom_sid2 sid[0]
0024 num_auths: 00000005
000028 smb_io_dom_sid sid
0028 sid_rev_num: 01
0029 num_auths : 05
002a id_auth[0] : 00
002b id_auth[1] : 00
002c id_auth[2] : 00
002d id_auth[3] : 00
002e id_auth[4] : 00
002f id_auth[5] : 05
0030 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 00000499
000044 lsa_io_trans_names names
0044 num_entries : 00000000
0048 ptr_trans_names: 00000000
00004c smb_io_lookup_level switch
004c value: 0001
0050 mapped_count: 00000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xf data_len: 0x6c
create_rpc_request: data_len: 6c auth_len: 0 alloc_hint: 5c
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 006c
000a auth_len : 0000
000c call_id : 00000009
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000005c
0014 context_id: 0000
0016 opnum : 000f
data_len: 6c data_calc_len: 6c
rpc_api_pipe: cmd:26 fnum:816
size=190
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=108 (0x6C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=108 (0x6C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=123
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 6C 00 00 00 09 00 00 00 5C .......l .......\
[020] 00 00 00 00 00 0F 00 00 00 00 00 42 88 78 FE 56 ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E FC E2 08 01 00 00 00 01 .,O... N ........
[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........
[050] 05 00 00 00 00 00 05 15 00 00 00 80 0D 2A 5D A7 ........ .....*].
[060] 78 06 65 0B 50 73 34 99 04 00 00 00 00 00 00 00 x.e.Ps4. ........
[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ...
write_socket(7,194)
write_socket(7,194) wrote 194
got smb length of 164
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00 00 B4 00 00 00 09 00 00 l....... ........
[010] 00 9C 00 00 00 00 00 00 00 50 0A 1B 00 01 00 00 ........ .P......
[020] 00 28 88 1A 00 20 00 00 00 01 00 00 00 12 00 14 .(... .. ........
[030] 00 B8 C0 15 00 10 00 1B 00 0A 00 00 00 00 00 00 ........ ........
[040] 00 09 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 05 04 00 00 00 01 04 00 .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00 00 80 0D 2A 5D ........ ...*]
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00 00 B4 00 00 00 09 00 00 l....... ........
[010] 00 9C 00 00 00 00 00 00 00 50 0A 1B 00 01 00 00 ........ .P......
[020] 00 28 88 1A 00 20 00 00 00 01 00 00 00 12 00 14 .(... .. ........
[030] 00 B8 C0 15 00 10 00 1B 00 0A 00 00 00 00 00 00 ........ ........
[040] 00 09 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 05 04 00 00 00 01 04 00 .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00 00 80 0D 2A 5D ........ ...*]
rpc_check_hdr: rdata->data_size = 108
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00b4
000a auth_len : 0000
000c call_id : 00000009
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 0000009c
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 72 smbtrans read: 108
rpc_read: data_to_read: 72 rdata offset: 108 extra_data_size: 72
rpc_read: grew buffer by 72 bytes to 180
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 132
size=132
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=72 (0x48)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=73
[000] 03 A7 78 06 65 0B 50 73 34 01 00 00 00 F0 62 1C ..x.e.Ps 4.....b.
[010] 00 01 00 00 00 04 00 00 00 0E 00 0E 00 28 21 1B ........ .....(!.
[020] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........
[030] 00 63 00 61 00 64 00 72 00 65 00 61 00 64 00 6D .c.a.d.r .e.a.d.m
[040] 00 01 00 00 00 00 00 00 00 ........ .
rpc_read: num_read = 72, read offset: 0, to read: 72
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_lookup_sids
0018 ptr_dom_ref: 001b0a50
00001c lsa_io_dom_r_ref dom_ref
001c num_ref_doms_1: 00000001
0020 ptr_ref_dom : 001a8828
0024 max_entries : 00000020
0028 num_ref_doms_2: 00000001
00002c smb_io_unihdr dom_ref[0]
002c uni_str_len: 0012
002e uni_max_len: 0014
0030 buffer : 0015c0b8
0034 sid_ptr[0] : 001b0010
000038 smb_io_unistr2 dom_ref[0]
0038 uni_max_len: 0000000a
003c undoc : 00000000
0040 uni_str_len: 00000009
0044 buffer : F.A.I.R.F.I.E.L.D.
000058 smb_io_dom_sid2 sid_ptr[0]
0058 num_auths: 00000004
00005c smb_io_dom_sid sid
005c sid_rev_num: 01
005d num_auths : 04
005e id_auth[0] : 00
005f id_auth[1] : 00
0060 id_auth[2] : 00
0061 id_auth[3] : 00
0062 id_auth[4] : 00
0063 id_auth[5] : 05
0064 sub_auths : 00000015 5d2a0d80 650678a7 3473500b
000074 lsa_io_trans_names names
0074 num_entries : 00000001
0078 ptr_trans_names: 001c62f0
007c num_entries2 : 00000001
000080 lsa_io_trans_name name[0]
0080 sid_name_use: 0004
000084 smb_io_unihdr hdr_name
0084 uni_str_len: 000e
0086 uni_max_len: 000e
0088 buffer : 001b2128
008c domain_idx : 00000000
000090 smb_io_unistr2 name[0]
0090 uni_max_len: 00000007
0094 undoc : 00000000
0098 uni_str_len: 00000007
009c buffer : c.a.d.r.e.a.d.
00ac mapped_count: 00000001
00b0 status : 00000000
read failed on sock 10, pid 17008: EOF
establishing connections
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
accepted socket 10
[17009]: lookupsid S-1-5-21-1563037056-1694922919-879972363-1176
string_to_sid: converted SID S-1-5-21-1563037056-1694922919-879972363-1176 ok
init_r_enum_trust_dom
init_lsa_sid_enum
000000 lsa_io_q_lookup_sids
000000 smb_io_pol_hnd pol_hnd
0000 data1: 00000000
0004 data2: fe788842
0008 data3: e656
000a data4: 4f2c
000c data5: a3 db b6 20 4e fc e2 08
000014 lsa_io_sid_enum sids
0014 num_entries : 00000001
0018 ptr_sid_enum: 00000001
001c num_entries2: 00000001
0020 ptr_sid[0]: 00000001
000024 smb_io_dom_sid2 sid[0]
0024 num_auths: 00000005
000028 smb_io_dom_sid sid
0028 sid_rev_num: 01
0029 num_auths : 05
002a id_auth[0] : 00
002b id_auth[1] : 00
002c id_auth[2] : 00
002d id_auth[3] : 00
002e id_auth[4] : 00
002f id_auth[5] : 05
0030 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 00000498
000044 lsa_io_trans_names names
0044 num_entries : 00000000
0048 ptr_trans_names: 00000000
00004c smb_io_lookup_level switch
004c value: 0001
0050 mapped_count: 00000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xf data_len: 0x6c
create_rpc_request: data_len: 6c auth_len: 0 alloc_hint: 5c
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 006c
000a auth_len : 0000
000c call_id : 0000000a
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000005c
0014 context_id: 0000
0016 opnum : 000f
data_len: 6c data_calc_len: 6c
rpc_api_pipe: cmd:26 fnum:816
size=190
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=108 (0x6C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=108 (0x6C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=123
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 6C 00 00 00 0A 00 00 00 5C .......l .......\
[020] 00 00 00 00 00 0F 00 00 00 00 00 42 88 78 FE 56 ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E FC E2 08 01 00 00 00 01 .,O... N ........
[040] 00 00 00 01 00 00 00 01 00 00 00 05 00 00 00 01 ........ ........
[050] 05 00 00 00 00 00 05 15 00 00 00 80 0D 2A 5D A7 ........ .....*].
[060] 78 06 65 0B 50 73 34 98 04 00 00 00 00 00 00 00 x.e.Ps4. ........
[070] 00 00 00 01 00 00 00 00 00 00 00 ........ ...
write_socket(7,194)
write_socket(7,194) wrote 194
got smb length of 164
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00 00 B8 00 00 00 0A 00 00 l....... ........
[010] 00 A0 00 00 00 00 00 00 00 C8 00 40 0F 01 00 00 ........ ... at ....
[020] 00 28 88 1A 00 20 00 00 00 01 00 00 00 12 00 14 .(... .. ........
[030] 00 10 45 1D 00 C8 F5 19 00 0A 00 00 00 00 00 00 ..E..... ........
[040] 00 09 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 05 04 00 00 00 01 04 00 .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00 00 80 0D 2A 5D ........ ...*]
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00 00 B8 00 00 00 0A 00 00 l....... ........
[010] 00 A0 00 00 00 00 00 00 00 C8 00 40 0F 01 00 00 ........ ... at ....
[020] 00 28 88 1A 00 20 00 00 00 01 00 00 00 12 00 14 .(... .. ........
[030] 00 10 45 1D 00 C8 F5 19 00 0A 00 00 00 00 00 00 ..E..... ........
[040] 00 09 00 00 00 46 00 41 00 49 00 52 00 46 00 49 .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00 05 04 00 00 00 01 04 00 .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00 00 80 0D 2A 5D ........ ...*]
rpc_check_hdr: rdata->data_size = 108
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00b8
000a auth_len : 0000
000c call_id : 0000000a
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 000000a0
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 76 smbtrans read: 108
rpc_read: data_to_read: 76 rdata offset: 108 extra_data_size: 76
rpc_read: grew buffer by 76 bytes to 184
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 136
size=136
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=76 (0x4C)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=77
[000] 03 A7 78 06 65 0B 50 73 34 01 00 00 00 F0 62 1C ..x.e.Ps 4.....b.
[010] 00 01 00 00 00 04 00 00 00 12 00 12 00 10 00 1B ........ ........
[020] 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........
[030] 00 43 00 61 00 64 00 63 00 72 00 65 00 61 00 74 .C.a.d.c .r.e.a.t
[040] 00 65 00 00 00 01 00 00 00 00 00 00 00 .e...... .....
rpc_read: num_read = 76, read offset: 0, to read: 76
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_lookup_sids
0018 ptr_dom_ref: 0f4000c8
00001c lsa_io_dom_r_ref dom_ref
001c num_ref_doms_1: 00000001
0020 ptr_ref_dom : 001a8828
0024 max_entries : 00000020
0028 num_ref_doms_2: 00000001
00002c smb_io_unihdr dom_ref[0]
002c uni_str_len: 0012
002e uni_max_len: 0014
0030 buffer : 001d4510
0034 sid_ptr[0] : 0019f5c8
000038 smb_io_unistr2 dom_ref[0]
0038 uni_max_len: 0000000a
003c undoc : 00000000
0040 uni_str_len: 00000009
0044 buffer : F.A.I.R.F.I.E.L.D.
000058 smb_io_dom_sid2 sid_ptr[0]
0058 num_auths: 00000004
00005c smb_io_dom_sid sid
005c sid_rev_num: 01
005d num_auths : 04
005e id_auth[0] : 00
005f id_auth[1] : 00
0060 id_auth[2] : 00
0061 id_auth[3] : 00
0062 id_auth[4] : 00
0063 id_auth[5] : 05
0064 sub_auths : 00000015 5d2a0d80 650678a7 3473500b
000074 lsa_io_trans_names names
0074 num_entries : 00000001
0078 ptr_trans_names: 001c62f0
007c num_entries2 : 00000001
000080 lsa_io_trans_name name[0]
0080 sid_name_use: 0004
000084 smb_io_unihdr hdr_name
0084 uni_str_len: 0012
0086 uni_max_len: 0012
0088 buffer : 001b0010
008c domain_idx : 00000000
000090 smb_io_unistr2 name[0]
0090 uni_max_len: 00000009
0094 undoc : 00000000
0098 uni_str_len: 00000009
009c buffer : C.a.d.c.r.e.a.t.e.
00b0 mapped_count: 00000001
00b4 status : 00000000
read failed on sock 10, pid 17009: EOF
--
Daniel Deimert (d1dd at dtek.chalmers.se) -*- http://www.dtek.chalmers.se/~d1dd/
More information about the samba
mailing list