Advertisement
Guest User

Untitled

a guest
Mar 13th, 2018
459
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.46 KB | None | 0 0
  1. # KRB5_TRACE=/dev/stderr /usr/local/samba/bin/net ads -P kerberos pac dump impersonate=davidu@abc -d3
  2. lp_load_ex: refreshing parameters
  3. Initialising global parameters
  4. rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
  5. Processing section "[global]"
  6. Registered MSG_REQ_POOL_USAGE
  7. Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
  8. lp_load_ex: refreshing parameters
  9. Initialising global parameters
  10. rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
  11. Processing section "[global]"
  12. added interface ens33 ip=192.168.47.101 bcast=192.168.47.255 netmask=255.255.255.0
  13. [27360] 1520981659.648366: Getting initial credentials for FDC$@ACME.COM
  14. [27360] 1520981659.648368: Sending unauthenticated request
  15. [27360] 1520981659.648369: Sending request (233 bytes) to ACME.COM
  16. [27360] 1520981659.648370: Sending DNS URI query for _kerberos.ACME.COM.
  17. [27360] 1520981659.648371: No URI records found
  18. [27360] 1520981659.648372: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  19. [27360] 1520981659.648373: SRV answer: 0 100 88 "wdc.acme.com."
  20. [27360] 1520981659.648374: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  21. [27360] 1520981659.648375: SRV answer: 0 100 88 "wdc.acme.com."
  22. [27360] 1520981659.648376: Resolving hostname wdc.acme.com.
  23. [27360] 1520981659.648377: Sending initial UDP request to dgram 192.168.47.120:88
  24. [27360] 1520981659.648378: Received answer (88 bytes) from dgram 192.168.47.120:88
  25. [27360] 1520981659.648379: Sending DNS URI query for _kerberos.ACME.COM.
  26. [27360] 1520981659.648380: No URI records found
  27. [27360] 1520981659.648381: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
  28. [27360] 1520981659.648382: No SRV records found
  29. [27360] 1520981659.648383: Response was not from master KDC
  30. [27360] 1520981659.648384: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP
  31. [27360] 1520981659.648385: Request or response is too big for UDP; retrying with TCP
  32. [27360] 1520981659.648386: Sending request (233 bytes) to ACME.COM (tcp only)
  33. [27360] 1520981659.648387: Sending DNS URI query for _kerberos.ACME.COM.
  34. [27360] 1520981659.648388: No URI records found
  35. [27360] 1520981659.648389: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  36. [27360] 1520981659.648390: SRV answer: 0 100 88 "wdc.acme.com."
  37. [27360] 1520981659.648391: Resolving hostname wdc.acme.com.
  38. [27360] 1520981659.648392: Initiating TCP connection to stream 192.168.47.120:88
  39. [27360] 1520981659.648393: Sending TCP request to stream 192.168.47.120:88
  40. [27360] 1520981659.648394: Received answer (184 bytes) from stream 192.168.47.120:88
  41. [27360] 1520981659.648395: Terminating TCP connection to stream 192.168.47.120:88
  42. [27360] 1520981659.648396: Sending DNS URI query for _kerberos.ACME.COM.
  43. [27360] 1520981659.648397: No URI records found
  44. [27360] 1520981659.648398: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  45. [27360] 1520981659.648399: No SRV records found
  46. [27360] 1520981659.648400: Response was not from master KDC
  47. [27360] 1520981659.648401: Received error from KDC: -1765328359/Additional pre-authentication required
  48. [27360] 1520981659.648404: Preauthenticating using KDC method data
  49. [27360] 1520981659.648405: Processing preauth types: 16, 15, 19, 2
  50. [27360] 1520981659.648406: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
  51. [27360] 1520981659.648407: AS key obtained for encrypted timestamp: aes256-cts/EEEE
  52. [27360] 1520981659.648409: Encrypted timestamp (for 1520981667.450453): plain 301AA011180F32303138303331333232353432375AA105020306DF95, encrypted B0111CA5602CDFC74C908151F3F32F93EDFFEC9DF2A689DBAEAAB984331F1E6D1869F237291B6C2CFCE3C70AE9E2B0E8412B224D278E4434
  53. [27360] 1520981659.648410: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
  54. [27360] 1520981659.648411: Produced preauth for next request: 2
  55. [27360] 1520981659.648412: Sending request (313 bytes) to ACME.COM (tcp only)
  56. [27360] 1520981659.648413: Sending DNS URI query for _kerberos.ACME.COM.
  57. [27360] 1520981659.648414: No URI records found
  58. [27360] 1520981659.648415: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  59. [27360] 1520981659.648416: SRV answer: 0 100 88 "wdc.acme.com."
  60. [27360] 1520981659.648417: Resolving hostname wdc.acme.com.
  61. [27360] 1520981659.648418: Initiating TCP connection to stream 192.168.47.120:88
  62. [27360] 1520981659.648419: Sending TCP request to stream 192.168.47.120:88
  63. [27360] 1520981659.648420: Received answer (1411 bytes) from stream 192.168.47.120:88
  64. [27360] 1520981659.648421: Terminating TCP connection to stream 192.168.47.120:88
  65. [27360] 1520981659.648422: Sending DNS URI query for _kerberos.ACME.COM.
  66. [27360] 1520981659.648423: No URI records found
  67. [27360] 1520981659.648424: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  68. [27360] 1520981659.648425: No SRV records found
  69. [27360] 1520981659.648426: Response was not from master KDC
  70. [27360] 1520981659.648427: Processing preauth types: 19
  71. [27360] 1520981659.648428: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
  72. [27360] 1520981659.648429: Produced preauth for next request: (empty)
  73. [27360] 1520981659.648430: AS key determined by preauth: aes256-cts/EEEE
  74. [27360] 1520981659.648431: Decrypted AS reply; session key is: aes256-cts/4B52
  75. [27360] 1520981659.648432: FAST negotiation: unavailable
  76. [27360] 1520981659.648433: Initializing MEMORY:kerberos_return_pac with default princ FDC$@ACME.COM
  77. [27360] 1520981659.648434: Storing FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
  78. [27360] 1520981659.648436: Getting credentials davidu\@abc@ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
  79. [27360] 1520981659.648437: Retrieving davidu\@abc@ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
  80. [27360] 1520981659.648438: Getting initial credentials for davidu\@abc@ACME.COM
  81. [27360] 1520981659.648440: Attempting optimistic preauth
  82. [27360] 1520981659.648441: Processing preauth types: 130
  83. [27360] 1520981659.648442: Sending unauthenticated request
  84. [27360] 1520981659.648443: Sending request (170 bytes) to ACME.COM
  85. [27360] 1520981659.648444: Sending DNS URI query for _kerberos.ACME.COM.
  86. [27360] 1520981659.648445: No URI records found
  87. [27360] 1520981659.648446: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  88. [27360] 1520981659.648447: SRV answer: 0 100 88 "wdc.acme.com."
  89. [27360] 1520981659.648448: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  90. [27360] 1520981659.648449: SRV answer: 0 100 88 "wdc.acme.com."
  91. [27360] 1520981659.648450: Resolving hostname wdc.acme.com.
  92. [27360] 1520981659.648451: Sending initial UDP request to dgram 192.168.47.120:88
  93. [27360] 1520981659.648452: Received answer (105 bytes) from dgram 192.168.47.120:88
  94. [27360] 1520981659.648453: Sending DNS URI query for _kerberos.ACME.COM.
  95. [27360] 1520981659.648454: No URI records found
  96. [27360] 1520981659.648455: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
  97. [27360] 1520981659.648456: No SRV records found
  98. [27360] 1520981659.648457: Response was not from master KDC
  99. [27360] 1520981659.648458: Received error from KDC: -1765328316/Realm not local to KDC
  100. [27360] 1520981659.648459: Following referral to realm CDOM.ACME.COM
  101. [27360] 1520981659.648461: Attempting optimistic preauth
  102. [27360] 1520981659.648462: Processing preauth types: 130
  103. [27360] 1520981659.648463: Sending unauthenticated request
  104. [27360] 1520981659.648464: Sending request (180 bytes) to CDOM.ACME.COM
  105. [27360] 1520981659.648465: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  106. [27360] 1520981659.648466: No URI records found
  107. [27360] 1520981659.648467: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
  108. [27360] 1520981659.648468: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  109. [27360] 1520981659.648469: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
  110. [27360] 1520981659.648470: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  111. [27360] 1520981659.648471: Resolving hostname wsub.cdom.acme.com.
  112. [27360] 1520981659.648472: Sending initial UDP request to dgram 192.168.47.110:88
  113. [27360] 1520981659.648473: Received answer (188 bytes) from dgram 192.168.47.110:88
  114. [27360] 1520981659.648474: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  115. [27360] 1520981659.648475: No URI records found
  116. [27360] 1520981659.648476: Sending DNS SRV query for _kerberos-master._udp.CDOM.ACME.COM.
  117. [27360] 1520981659.648477: No SRV records found
  118. [27360] 1520981659.648478: Response was not from master KDC
  119. [27360] 1520981659.648479: Received error from KDC: -1765328359/Additional pre-authentication required
  120. [27360] 1520981659.648482: Preauthenticating using KDC method data
  121. [27360] 1520981659.648483: Processing preauth types: 16, 15, 19, 2
  122. [27360] 1520981659.648484: Selected etype info: etype aes256-cts, salt "CDOM.ACME.COMdavid", params ""
  123. [27360] 1520981659.648485: Preauth module encrypted_timestamp (2) (real) returned: -1765328174/Generic preauthentication failure
  124. [27360] 1520981659.648486: Getting credentials davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
  125. [27360] 1520981659.648487: Retrieving davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
  126. [27360] 1520981659.648488: Getting credentials FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM using ccache MEMORY:kerberos_return_pac
  127. [27360] 1520981659.648489: Retrieving FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
  128. [27360] 1520981659.648490: Retrieving FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: 0/Success
  129. [27360] 1520981659.648491: Starting with TGT for client realm: FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM
  130. [27360] 1520981659.648492: Requesting tickets for krbtgt/CDOM.ACME.COM@ACME.COM, referrals on
  131. [27360] 1520981659.648493: Generated subkey for TGS request: aes256-cts/3D30
  132. [27360] 1520981659.648494: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
  133. [27360] 1520981659.648496: Encoding request body and padata into FAST request
  134. [27360] 1520981659.648497: Sending request (1625 bytes) to ACME.COM
  135. [27360] 1520981659.648498: Sending DNS URI query for _kerberos.ACME.COM.
  136. [27360] 1520981659.648499: No URI records found
  137. [27360] 1520981659.648500: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  138. [27360] 1520981659.648501: SRV answer: 0 100 88 "wdc.acme.com."
  139. [27360] 1520981659.648502: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  140. [27360] 1520981659.648503: SRV answer: 0 100 88 "wdc.acme.com."
  141. [27360] 1520981659.648504: Resolving hostname wdc.acme.com.
  142. [27360] 1520981659.648505: Resolving hostname wdc.acme.com.
  143. [27360] 1520981659.648506: Initiating TCP connection to stream 192.168.47.120:88
  144. [27360] 1520981659.648507: Sending TCP request to stream 192.168.47.120:88
  145. [27360] 1520981659.648508: Received answer (1278 bytes) from stream 192.168.47.120:88
  146. [27360] 1520981659.648509: Terminating TCP connection to stream 192.168.47.120:88
  147. [27360] 1520981659.648510: Sending DNS URI query for _kerberos.ACME.COM.
  148. [27360] 1520981659.648511: No URI records found
  149. [27360] 1520981659.648512: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  150. [27360] 1520981659.648513: No SRV records found
  151. [27360] 1520981659.648514: Response was not from master KDC
  152. [27360] 1520981659.648515: Decoding FAST response
  153. [27360] 1520981659.648516: TGS reply is for FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM with session key rc4-hmac/B495
  154. [27360] 1520981659.648517: TGS request result: 0/Success
  155. [27360] 1520981659.648518: Received creds for desired service krbtgt/CDOM.ACME.COM@ACME.COM
  156. [27360] 1520981659.648519: Storing FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
  157. [27360] 1520981659.648520: Get cred via TGT krbtgt/CDOM.ACME.COM@ACME.COM after requesting FDC$\@ACME.COM@CDOM.ACME.COM (canonicalize on)
  158. [27360] 1520981659.648521: Generated subkey for TGS request: rc4-hmac/04AA
  159. [27360] 1520981659.648522: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
  160. [27360] 1520981659.648524: Encoding request body and padata into FAST request
  161. [27360] 1520981659.648525: Sending request (1976 bytes) to CDOM.ACME.COM
  162. [27360] 1520981659.648526: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  163. [27360] 1520981659.648527: No URI records found
  164. [27360] 1520981659.648528: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
  165. [27360] 1520981659.648529: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  166. [27360] 1520981659.648530: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
  167. [27360] 1520981659.648531: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  168. [27360] 1520981659.648532: Resolving hostname wsub.cdom.acme.com.
  169. [27360] 1520981659.648533: Resolving hostname wsub.cdom.acme.com.
  170. [27360] 1520981659.648534: Initiating TCP connection to stream 192.168.47.110:88
  171. [27360] 1520981659.648535: Sending TCP request to stream 192.168.47.110:88
  172. [27360] 1520981659.648536: Received answer (1457 bytes) from stream 192.168.47.110:88
  173. [27360] 1520981659.648537: Terminating TCP connection to stream 192.168.47.110:88
  174. [27360] 1520981659.648538: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  175. [27360] 1520981659.648539: No URI records found
  176. [27360] 1520981659.648540: Sending DNS SRV query for _kerberos-master._tcp.CDOM.ACME.COM.
  177. [27360] 1520981659.648541: No SRV records found
  178. [27360] 1520981659.648542: Response was not from master KDC
  179. [27360] 1520981659.648543: Decoding FAST response
  180. [27360] 1520981659.648544: Reply server krbtgt/ACME.COM@CDOM.ACME.COM differs from requested FDC$\@ACME.COM@CDOM.ACME.COM
  181. [27360] 1520981659.648545: TGS reply is for FDC$@ACME.COM -> krbtgt/ACME.COM@CDOM.ACME.COM with session key rc4-hmac/9F92
  182. [27360] 1520981659.648546: Got cred; 0/Success
  183. [27360] 1520981659.648547: Get cred via TGT krbtgt/ACME.COM@CDOM.ACME.COM after requesting FDC$@ACME.COM (canonicalize on)
  184. [27360] 1520981659.648548: Generated subkey for TGS request: rc4-hmac/6A95
  185. [27360] 1520981659.648549: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
  186. [27360] 1520981659.648551: Encoding request body and padata into FAST request
  187. [27360] 1520981659.648552: Sending request (2004 bytes) to ACME.COM
  188. [27360] 1520981659.648553: Sending DNS URI query for _kerberos.ACME.COM.
  189. [27360] 1520981659.648554: No URI records found
  190. [27360] 1520981659.648555: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  191. [27360] 1520981659.648556: SRV answer: 0 100 88 "wdc.acme.com."
  192. [27360] 1520981659.648557: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  193. [27360] 1520981659.648558: SRV answer: 0 100 88 "wdc.acme.com."
  194. [27360] 1520981659.648559: Resolving hostname wdc.acme.com.
  195. [27360] 1520981659.648560: Resolving hostname wdc.acme.com.
  196. [27360] 1520981659.648561: Initiating TCP connection to stream 192.168.47.120:88
  197. [27360] 1520981659.648562: Sending TCP request to stream 192.168.47.120:88
  198. [27360] 1520981659.648563: Received answer (1419 bytes) from stream 192.168.47.120:88
  199. [27360] 1520981659.648564: Terminating TCP connection to stream 192.168.47.120:88
  200. [27360] 1520981659.648565: Sending DNS URI query for _kerberos.ACME.COM.
  201. [27360] 1520981659.648566: No URI records found
  202. [27360] 1520981659.648567: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  203. [27360] 1520981659.648568: No SRV records found
  204. [27360] 1520981659.648569: Response was not from master KDC
  205. [27360] 1520981659.648570: Decoding FAST response
  206. [27360] 1520981659.648571: TGS reply is for davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM with session key aes256-cts/31FA
  207. [27360] 1520981659.648572: Got cred; 0/Success
  208. [27360] 1520981659.648573: Storing davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM in MEMORY:kerberos_return_pac
  209. ads_cleanup_expired_creds: Ticket in ccache[MEMORY:kerberos_return_pac] expiration Wed, 14 Mar 2018 10:54:27 IST
  210. [27360] 1520981659.648576: Creating authenticator for davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, seqnum 0, subkey aes256-cts/62B1, session key aes256-cts/31FA
  211. GENSEC backend 'gssapi_spnego' registered
  212. GENSEC backend 'gssapi_krb5' registered
  213. GENSEC backend 'gssapi_krb5_sasl' registered
  214. GENSEC backend 'spnego' registered
  215. GENSEC backend 'schannel' registered
  216. GENSEC backend 'naclrpc_as_system' registered
  217. GENSEC backend 'sasl-EXTERNAL' registered
  218. GENSEC backend 'ntlmssp' registered
  219. GENSEC backend 'ntlmssp_resume_ccache' registered
  220. GENSEC backend 'http_basic' registered
  221. GENSEC backend 'http_ntlm' registered
  222. GENSEC backend 'http_negotiate' registered
  223. [27360] 1520981659.648582: Decrypted AP-REQ with server principal FDC$@ACME.COM: aes256-cts/EEEE
  224. [27360] 1520981659.648583: AP-REQ ticket: davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, session key aes256-cts/31FA
  225. [27360] 1520981659.648584: Negotiated enctype based on authenticator: aes256-cts
  226. [27360] 1520981659.648585: Authenticator contains subkey: aes256-cts/62B1
  227. Found account name from PAC: samd [disn_david]
  228. [27360] 1520981659.648593: Destroying ccache MEMORY:kerberos_return_pac
  229. The Pac: pac_data_ctr->pac_data: struct PAC_DATA
  230. num_buffers : 0x00000005 (5)
  231. version : 0x00000000 (0)
  232. buffers: ARRAY(5)
  233. buffers: struct PAC_BUFFER
  234. type : PAC_TYPE_LOGON_INFO (1)
  235. _ndr_size : 0x000001a0 (416)
  236. info : *
  237. info : union PAC_INFO(case 1)
  238. logon_info: struct PAC_LOGON_INFO_CTR
  239. info : *
  240. info: struct PAC_LOGON_INFO
  241. info3: struct netr_SamInfo3
  242. base: struct netr_SamBaseInfo
  243. logon_time : Fri Mar 9 08:52:28 PM 2018 IST
  244. logoff_time : Thu Sep 14 04:48:05 AM 30828 IST
  245. kickoff_time : Thu Sep 14 04:48:05 AM 30828 IST
  246. last_password_change : Fri Mar 9 06:19:54 PM 2018 IST
  247. allow_password_change : Fri Mar 9 06:19:54 PM 2018 IST
  248. force_password_change : Thu Sep 14 04:48:05 AM 30828 IST
  249. account_name: struct lsa_String
  250. length : 0x0008 (8)
  251. size : 0x0008 (8)
  252. string : *
  253. string : 'samd'
  254. full_name: struct lsa_String
  255. length : 0x0014 (20)
  256. size : 0x0014 (20)
  257. string : *
  258. string : 'disn_david'
  259. logon_script: struct lsa_String
  260. length : 0x0000 (0)
  261. size : 0x0000 (0)
  262. string : *
  263. string : ''
  264. profile_path: struct lsa_String
  265. length : 0x0000 (0)
  266. size : 0x0000 (0)
  267. string : *
  268. string : ''
  269. home_directory: struct lsa_String
  270. length : 0x0000 (0)
  271. size : 0x0000 (0)
  272. string : *
  273. string : ''
  274. home_drive: struct lsa_String
  275. length : 0x0000 (0)
  276. size : 0x0000 (0)
  277. string : *
  278. string : ''
  279. logon_count : 0x0006 (6)
  280. bad_password_count : 0x0000 (0)
  281. rid : 0x00000451 (1105)
  282. primary_gid : 0x00000201 (513)
  283. groups: struct samr_RidWithAttributeArray
  284. count : 0x00000001 (1)
  285. rids : *
  286. rids: ARRAY(1)
  287. rids: struct samr_RidWithAttribute
  288. rid : 0x00000201 (513)
  289. attributes : 0x00000007 (7)
  290. 1: SE_GROUP_MANDATORY
  291. 1: SE_GROUP_ENABLED_BY_DEFAULT
  292. 1: SE_GROUP_ENABLED
  293. 0: SE_GROUP_OWNER
  294. 0: SE_GROUP_USE_FOR_DENY_ONLY
  295. 0: SE_GROUP_RESOURCE
  296. 0x00: SE_GROUP_LOGON_ID (0)
  297. user_flags : 0x00000020 (32)
  298. 0: NETLOGON_GUEST
  299. 0: NETLOGON_NOENCRYPTION
  300. 0: NETLOGON_CACHED_ACCOUNT
  301. 0: NETLOGON_USED_LM_PASSWORD
  302. 1: NETLOGON_EXTRA_SIDS
  303. 0: NETLOGON_SUBAUTH_SESSION_KEY
  304. 0: NETLOGON_SERVER_TRUST_ACCOUNT
  305. 0: NETLOGON_NTLMV2_ENABLED
  306. 0: NETLOGON_RESOURCE_GROUPS
  307. 0: NETLOGON_PROFILE_PATH_RETURNED
  308. 0: NETLOGON_GRACE_LOGON
  309. key: struct netr_UserSessionKey
  310. key: ARRAY(16): <REDACTED SECRET VALUES>
  311. logon_server: struct lsa_StringLarge
  312. length : 0x0008 (8)
  313. size : 0x000a (10)
  314. string : *
  315. string : 'WSUB'
  316. logon_domain: struct lsa_StringLarge
  317. length : 0x0008 (8)
  318. size : 0x000a (10)
  319. string : *
  320. string : 'CDOM'
  321. domain_sid : *
  322. domain_sid : S-1-5-21-3495176760-3063979438-1681964479
  323. LMSessKey: struct netr_LMSessionKey
  324. key: ARRAY(8): <REDACTED SECRET VALUES>
  325. acct_flags : 0x00000210 (528)
  326. 0: ACB_DISABLED
  327. 0: ACB_HOMDIRREQ
  328. 0: ACB_PWNOTREQ
  329. 0: ACB_TEMPDUP
  330. 1: ACB_NORMAL
  331. 0: ACB_MNS
  332. 0: ACB_DOMTRUST
  333. 0: ACB_WSTRUST
  334. 0: ACB_SVRTRUST
  335. 1: ACB_PWNOEXP
  336. 0: ACB_AUTOLOCK
  337. 0: ACB_ENC_TXT_PWD_ALLOWED
  338. 0: ACB_SMARTCARD_REQUIRED
  339. 0: ACB_TRUSTED_FOR_DELEGATION
  340. 0: ACB_NOT_DELEGATED
  341. 0: ACB_USE_DES_KEY_ONLY
  342. 0: ACB_DONT_REQUIRE_PREAUTH
  343. 0: ACB_PW_EXPIRED
  344. 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
  345. 0: ACB_NO_AUTH_DATA_REQD
  346. 0: ACB_PARTIAL_SECRETS_ACCOUNT
  347. 0: ACB_USE_AES_KEYS
  348. sub_auth_status : 0x00000000 (0)
  349. last_successful_logon : NTTIME(0)
  350. last_failed_logon : NTTIME(0)
  351. failed_logon_count : 0x00000000 (0)
  352. reserved : 0x00000000 (0)
  353. sidcount : 0x00000000 (0)
  354. sids : NULL
  355. resource_groups: struct PAC_DOMAIN_GROUP_MEMBERSHIP
  356. domain_sid : NULL
  357. groups: struct samr_RidWithAttributeArray
  358. count : 0x00000000 (0)
  359. rids : NULL
  360. _pad : 0x00000000 (0)
  361. buffers: struct PAC_BUFFER
  362. type : PAC_TYPE_UPN_DNS_INFO (12)
  363. _ndr_size : 0x00000048 (72)
  364. info : *
  365. info : union PAC_INFO(case 12)
  366. upn_dns_info: struct PAC_UPN_DNS_INFO
  367. upn_name_size : 0x0014 (20)
  368. upn_name : *
  369. upn_name : 'davidu@abc'
  370. dns_domain_name_size : 0x001a (26)
  371. dns_domain_name : *
  372. dns_domain_name : 'CDOM.ACME.COM'
  373. flags : 0x00000000 (0)
  374. 0: PAC_UPN_DNS_FLAG_CONSTRUCTED
  375. _pad : 0x00000000 (0)
  376. buffers: struct PAC_BUFFER
  377. type : PAC_TYPE_SRV_CHECKSUM (6)
  378. _ndr_size : 0x00000010 (16)
  379. info : *
  380. info : union PAC_INFO(case 6)
  381. srv_cksum: struct PAC_SIGNATURE_DATA
  382. type : 0x00000010 (16)
  383. signature : DATA_BLOB length=12
  384. [0000] 58 C7 D0 FB 8F 06 AF F0 48 5A 20 11 X....... HZ .
  385. _pad : 0x00000000 (0)
  386. buffers: struct PAC_BUFFER
  387. type : PAC_TYPE_KDC_CHECKSUM (7)
  388. _ndr_size : 0x00000014 (20)
  389. info : *
  390. info : union PAC_INFO(case 7)
  391. kdc_cksum: struct PAC_SIGNATURE_DATA
  392. type : 0xffffff76 (4294967158)
  393. signature : DATA_BLOB length=16
  394. [0000] 7B A7 51 6F E8 6A A5 96 D8 1B CF 26 FD 52 52 97 {.Qo.j.. ...&.RR.
  395. _pad : 0x00000000 (0)
  396. buffers: struct PAC_BUFFER
  397. type : PAC_TYPE_LOGON_NAME (10)
  398. _ndr_size : 0x0000001e (30)
  399. info : *
  400. info : union PAC_INFO(case 10)
  401. logon_name: struct PAC_LOGON_NAME
  402. logon_time : Wed Mar 14 12:54:27 AM 2018 IST
  403. size : 0x0014 (20)
  404. account_name : 'davidu@abc'
  405. _pad : 0x00000000 (0)
  406.  
  407. return code = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement