Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # KRB5_TRACE=/dev/stderr /usr/local/samba/bin/net ads -P kerberos pac dump impersonate=davidu@abc -d3
- lp_load_ex: refreshing parameters
- Initialising global parameters
- rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
- Processing section "[global]"
- Registered MSG_REQ_POOL_USAGE
- Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
- lp_load_ex: refreshing parameters
- Initialising global parameters
- rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
- Processing section "[global]"
- added interface ens33 ip=192.168.47.101 bcast=192.168.47.255 netmask=255.255.255.0
- [27360] 1520981659.648366: Getting initial credentials for FDC$@ACME.COM
- [27360] 1520981659.648368: Sending unauthenticated request
- [27360] 1520981659.648369: Sending request (233 bytes) to ACME.COM
- [27360] 1520981659.648370: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648371: No URI records found
- [27360] 1520981659.648372: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [27360] 1520981659.648373: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648374: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [27360] 1520981659.648375: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648376: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648377: Sending initial UDP request to dgram 192.168.47.120:88
- [27360] 1520981659.648378: Received answer (88 bytes) from dgram 192.168.47.120:88
- [27360] 1520981659.648379: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648380: No URI records found
- [27360] 1520981659.648381: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
- [27360] 1520981659.648382: No SRV records found
- [27360] 1520981659.648383: Response was not from master KDC
- [27360] 1520981659.648384: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP
- [27360] 1520981659.648385: Request or response is too big for UDP; retrying with TCP
- [27360] 1520981659.648386: Sending request (233 bytes) to ACME.COM (tcp only)
- [27360] 1520981659.648387: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648388: No URI records found
- [27360] 1520981659.648389: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [27360] 1520981659.648390: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648391: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648392: Initiating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648393: Sending TCP request to stream 192.168.47.120:88
- [27360] 1520981659.648394: Received answer (184 bytes) from stream 192.168.47.120:88
- [27360] 1520981659.648395: Terminating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648396: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648397: No URI records found
- [27360] 1520981659.648398: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [27360] 1520981659.648399: No SRV records found
- [27360] 1520981659.648400: Response was not from master KDC
- [27360] 1520981659.648401: Received error from KDC: -1765328359/Additional pre-authentication required
- [27360] 1520981659.648404: Preauthenticating using KDC method data
- [27360] 1520981659.648405: Processing preauth types: 16, 15, 19, 2
- [27360] 1520981659.648406: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
- [27360] 1520981659.648407: AS key obtained for encrypted timestamp: aes256-cts/EEEE
- [27360] 1520981659.648409: Encrypted timestamp (for 1520981667.450453): plain 301AA011180F32303138303331333232353432375AA105020306DF95, encrypted B0111CA5602CDFC74C908151F3F32F93EDFFEC9DF2A689DBAEAAB984331F1E6D1869F237291B6C2CFCE3C70AE9E2B0E8412B224D278E4434
- [27360] 1520981659.648410: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
- [27360] 1520981659.648411: Produced preauth for next request: 2
- [27360] 1520981659.648412: Sending request (313 bytes) to ACME.COM (tcp only)
- [27360] 1520981659.648413: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648414: No URI records found
- [27360] 1520981659.648415: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [27360] 1520981659.648416: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648417: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648418: Initiating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648419: Sending TCP request to stream 192.168.47.120:88
- [27360] 1520981659.648420: Received answer (1411 bytes) from stream 192.168.47.120:88
- [27360] 1520981659.648421: Terminating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648422: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648423: No URI records found
- [27360] 1520981659.648424: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [27360] 1520981659.648425: No SRV records found
- [27360] 1520981659.648426: Response was not from master KDC
- [27360] 1520981659.648427: Processing preauth types: 19
- [27360] 1520981659.648428: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
- [27360] 1520981659.648429: Produced preauth for next request: (empty)
- [27360] 1520981659.648430: AS key determined by preauth: aes256-cts/EEEE
- [27360] 1520981659.648431: Decrypted AS reply; session key is: aes256-cts/4B52
- [27360] 1520981659.648432: FAST negotiation: unavailable
- [27360] 1520981659.648433: Initializing MEMORY:kerberos_return_pac with default princ FDC$@ACME.COM
- [27360] 1520981659.648434: Storing FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
- [27360] 1520981659.648436: Getting credentials davidu\@abc@ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
- [27360] 1520981659.648437: Retrieving davidu\@abc@ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
- [27360] 1520981659.648438: Getting initial credentials for davidu\@abc@ACME.COM
- [27360] 1520981659.648440: Attempting optimistic preauth
- [27360] 1520981659.648441: Processing preauth types: 130
- [27360] 1520981659.648442: Sending unauthenticated request
- [27360] 1520981659.648443: Sending request (170 bytes) to ACME.COM
- [27360] 1520981659.648444: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648445: No URI records found
- [27360] 1520981659.648446: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [27360] 1520981659.648447: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648448: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [27360] 1520981659.648449: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648450: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648451: Sending initial UDP request to dgram 192.168.47.120:88
- [27360] 1520981659.648452: Received answer (105 bytes) from dgram 192.168.47.120:88
- [27360] 1520981659.648453: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648454: No URI records found
- [27360] 1520981659.648455: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
- [27360] 1520981659.648456: No SRV records found
- [27360] 1520981659.648457: Response was not from master KDC
- [27360] 1520981659.648458: Received error from KDC: -1765328316/Realm not local to KDC
- [27360] 1520981659.648459: Following referral to realm CDOM.ACME.COM
- [27360] 1520981659.648461: Attempting optimistic preauth
- [27360] 1520981659.648462: Processing preauth types: 130
- [27360] 1520981659.648463: Sending unauthenticated request
- [27360] 1520981659.648464: Sending request (180 bytes) to CDOM.ACME.COM
- [27360] 1520981659.648465: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [27360] 1520981659.648466: No URI records found
- [27360] 1520981659.648467: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
- [27360] 1520981659.648468: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [27360] 1520981659.648469: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
- [27360] 1520981659.648470: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [27360] 1520981659.648471: Resolving hostname wsub.cdom.acme.com.
- [27360] 1520981659.648472: Sending initial UDP request to dgram 192.168.47.110:88
- [27360] 1520981659.648473: Received answer (188 bytes) from dgram 192.168.47.110:88
- [27360] 1520981659.648474: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [27360] 1520981659.648475: No URI records found
- [27360] 1520981659.648476: Sending DNS SRV query for _kerberos-master._udp.CDOM.ACME.COM.
- [27360] 1520981659.648477: No SRV records found
- [27360] 1520981659.648478: Response was not from master KDC
- [27360] 1520981659.648479: Received error from KDC: -1765328359/Additional pre-authentication required
- [27360] 1520981659.648482: Preauthenticating using KDC method data
- [27360] 1520981659.648483: Processing preauth types: 16, 15, 19, 2
- [27360] 1520981659.648484: Selected etype info: etype aes256-cts, salt "CDOM.ACME.COMdavid", params ""
- [27360] 1520981659.648485: Preauth module encrypted_timestamp (2) (real) returned: -1765328174/Generic preauthentication failure
- [27360] 1520981659.648486: Getting credentials davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
- [27360] 1520981659.648487: Retrieving davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
- [27360] 1520981659.648488: Getting credentials FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM using ccache MEMORY:kerberos_return_pac
- [27360] 1520981659.648489: Retrieving FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
- [27360] 1520981659.648490: Retrieving FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: 0/Success
- [27360] 1520981659.648491: Starting with TGT for client realm: FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM
- [27360] 1520981659.648492: Requesting tickets for krbtgt/CDOM.ACME.COM@ACME.COM, referrals on
- [27360] 1520981659.648493: Generated subkey for TGS request: aes256-cts/3D30
- [27360] 1520981659.648494: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
- [27360] 1520981659.648496: Encoding request body and padata into FAST request
- [27360] 1520981659.648497: Sending request (1625 bytes) to ACME.COM
- [27360] 1520981659.648498: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648499: No URI records found
- [27360] 1520981659.648500: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [27360] 1520981659.648501: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648502: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [27360] 1520981659.648503: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648504: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648505: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648506: Initiating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648507: Sending TCP request to stream 192.168.47.120:88
- [27360] 1520981659.648508: Received answer (1278 bytes) from stream 192.168.47.120:88
- [27360] 1520981659.648509: Terminating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648510: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648511: No URI records found
- [27360] 1520981659.648512: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [27360] 1520981659.648513: No SRV records found
- [27360] 1520981659.648514: Response was not from master KDC
- [27360] 1520981659.648515: Decoding FAST response
- [27360] 1520981659.648516: TGS reply is for FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM with session key rc4-hmac/B495
- [27360] 1520981659.648517: TGS request result: 0/Success
- [27360] 1520981659.648518: Received creds for desired service krbtgt/CDOM.ACME.COM@ACME.COM
- [27360] 1520981659.648519: Storing FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
- [27360] 1520981659.648520: Get cred via TGT krbtgt/CDOM.ACME.COM@ACME.COM after requesting FDC$\@ACME.COM@CDOM.ACME.COM (canonicalize on)
- [27360] 1520981659.648521: Generated subkey for TGS request: rc4-hmac/04AA
- [27360] 1520981659.648522: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
- [27360] 1520981659.648524: Encoding request body and padata into FAST request
- [27360] 1520981659.648525: Sending request (1976 bytes) to CDOM.ACME.COM
- [27360] 1520981659.648526: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [27360] 1520981659.648527: No URI records found
- [27360] 1520981659.648528: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
- [27360] 1520981659.648529: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [27360] 1520981659.648530: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
- [27360] 1520981659.648531: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [27360] 1520981659.648532: Resolving hostname wsub.cdom.acme.com.
- [27360] 1520981659.648533: Resolving hostname wsub.cdom.acme.com.
- [27360] 1520981659.648534: Initiating TCP connection to stream 192.168.47.110:88
- [27360] 1520981659.648535: Sending TCP request to stream 192.168.47.110:88
- [27360] 1520981659.648536: Received answer (1457 bytes) from stream 192.168.47.110:88
- [27360] 1520981659.648537: Terminating TCP connection to stream 192.168.47.110:88
- [27360] 1520981659.648538: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [27360] 1520981659.648539: No URI records found
- [27360] 1520981659.648540: Sending DNS SRV query for _kerberos-master._tcp.CDOM.ACME.COM.
- [27360] 1520981659.648541: No SRV records found
- [27360] 1520981659.648542: Response was not from master KDC
- [27360] 1520981659.648543: Decoding FAST response
- [27360] 1520981659.648544: Reply server krbtgt/ACME.COM@CDOM.ACME.COM differs from requested FDC$\@ACME.COM@CDOM.ACME.COM
- [27360] 1520981659.648545: TGS reply is for FDC$@ACME.COM -> krbtgt/ACME.COM@CDOM.ACME.COM with session key rc4-hmac/9F92
- [27360] 1520981659.648546: Got cred; 0/Success
- [27360] 1520981659.648547: Get cred via TGT krbtgt/ACME.COM@CDOM.ACME.COM after requesting FDC$@ACME.COM (canonicalize on)
- [27360] 1520981659.648548: Generated subkey for TGS request: rc4-hmac/6A95
- [27360] 1520981659.648549: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
- [27360] 1520981659.648551: Encoding request body and padata into FAST request
- [27360] 1520981659.648552: Sending request (2004 bytes) to ACME.COM
- [27360] 1520981659.648553: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648554: No URI records found
- [27360] 1520981659.648555: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [27360] 1520981659.648556: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648557: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [27360] 1520981659.648558: SRV answer: 0 100 88 "wdc.acme.com."
- [27360] 1520981659.648559: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648560: Resolving hostname wdc.acme.com.
- [27360] 1520981659.648561: Initiating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648562: Sending TCP request to stream 192.168.47.120:88
- [27360] 1520981659.648563: Received answer (1419 bytes) from stream 192.168.47.120:88
- [27360] 1520981659.648564: Terminating TCP connection to stream 192.168.47.120:88
- [27360] 1520981659.648565: Sending DNS URI query for _kerberos.ACME.COM.
- [27360] 1520981659.648566: No URI records found
- [27360] 1520981659.648567: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [27360] 1520981659.648568: No SRV records found
- [27360] 1520981659.648569: Response was not from master KDC
- [27360] 1520981659.648570: Decoding FAST response
- [27360] 1520981659.648571: TGS reply is for davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM with session key aes256-cts/31FA
- [27360] 1520981659.648572: Got cred; 0/Success
- [27360] 1520981659.648573: Storing davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM in MEMORY:kerberos_return_pac
- ads_cleanup_expired_creds: Ticket in ccache[MEMORY:kerberos_return_pac] expiration Wed, 14 Mar 2018 10:54:27 IST
- [27360] 1520981659.648576: Creating authenticator for davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, seqnum 0, subkey aes256-cts/62B1, session key aes256-cts/31FA
- GENSEC backend 'gssapi_spnego' registered
- GENSEC backend 'gssapi_krb5' registered
- GENSEC backend 'gssapi_krb5_sasl' registered
- GENSEC backend 'spnego' registered
- GENSEC backend 'schannel' registered
- GENSEC backend 'naclrpc_as_system' registered
- GENSEC backend 'sasl-EXTERNAL' registered
- GENSEC backend 'ntlmssp' registered
- GENSEC backend 'ntlmssp_resume_ccache' registered
- GENSEC backend 'http_basic' registered
- GENSEC backend 'http_ntlm' registered
- GENSEC backend 'http_negotiate' registered
- [27360] 1520981659.648582: Decrypted AP-REQ with server principal FDC$@ACME.COM: aes256-cts/EEEE
- [27360] 1520981659.648583: AP-REQ ticket: davidu\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, session key aes256-cts/31FA
- [27360] 1520981659.648584: Negotiated enctype based on authenticator: aes256-cts
- [27360] 1520981659.648585: Authenticator contains subkey: aes256-cts/62B1
- Found account name from PAC: samd [disn_david]
- [27360] 1520981659.648593: Destroying ccache MEMORY:kerberos_return_pac
- The Pac: pac_data_ctr->pac_data: struct PAC_DATA
- num_buffers : 0x00000005 (5)
- version : 0x00000000 (0)
- buffers: ARRAY(5)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_LOGON_INFO (1)
- _ndr_size : 0x000001a0 (416)
- info : *
- info : union PAC_INFO(case 1)
- logon_info: struct PAC_LOGON_INFO_CTR
- info : *
- info: struct PAC_LOGON_INFO
- info3: struct netr_SamInfo3
- base: struct netr_SamBaseInfo
- logon_time : Fri Mar 9 08:52:28 PM 2018 IST
- logoff_time : Thu Sep 14 04:48:05 AM 30828 IST
- kickoff_time : Thu Sep 14 04:48:05 AM 30828 IST
- last_password_change : Fri Mar 9 06:19:54 PM 2018 IST
- allow_password_change : Fri Mar 9 06:19:54 PM 2018 IST
- force_password_change : Thu Sep 14 04:48:05 AM 30828 IST
- account_name: struct lsa_String
- length : 0x0008 (8)
- size : 0x0008 (8)
- string : *
- string : 'samd'
- full_name: struct lsa_String
- length : 0x0014 (20)
- size : 0x0014 (20)
- string : *
- string : 'disn_david'
- logon_script: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- profile_path: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- home_directory: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- home_drive: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- logon_count : 0x0006 (6)
- bad_password_count : 0x0000 (0)
- rid : 0x00000451 (1105)
- primary_gid : 0x00000201 (513)
- groups: struct samr_RidWithAttributeArray
- count : 0x00000001 (1)
- rids : *
- rids: ARRAY(1)
- rids: struct samr_RidWithAttribute
- rid : 0x00000201 (513)
- attributes : 0x00000007 (7)
- 1: SE_GROUP_MANDATORY
- 1: SE_GROUP_ENABLED_BY_DEFAULT
- 1: SE_GROUP_ENABLED
- 0: SE_GROUP_OWNER
- 0: SE_GROUP_USE_FOR_DENY_ONLY
- 0: SE_GROUP_RESOURCE
- 0x00: SE_GROUP_LOGON_ID (0)
- user_flags : 0x00000020 (32)
- 0: NETLOGON_GUEST
- 0: NETLOGON_NOENCRYPTION
- 0: NETLOGON_CACHED_ACCOUNT
- 0: NETLOGON_USED_LM_PASSWORD
- 1: NETLOGON_EXTRA_SIDS
- 0: NETLOGON_SUBAUTH_SESSION_KEY
- 0: NETLOGON_SERVER_TRUST_ACCOUNT
- 0: NETLOGON_NTLMV2_ENABLED
- 0: NETLOGON_RESOURCE_GROUPS
- 0: NETLOGON_PROFILE_PATH_RETURNED
- 0: NETLOGON_GRACE_LOGON
- key: struct netr_UserSessionKey
- key: ARRAY(16): <REDACTED SECRET VALUES>
- logon_server: struct lsa_StringLarge
- length : 0x0008 (8)
- size : 0x000a (10)
- string : *
- string : 'WSUB'
- logon_domain: struct lsa_StringLarge
- length : 0x0008 (8)
- size : 0x000a (10)
- string : *
- string : 'CDOM'
- domain_sid : *
- domain_sid : S-1-5-21-3495176760-3063979438-1681964479
- LMSessKey: struct netr_LMSessionKey
- key: ARRAY(8): <REDACTED SECRET VALUES>
- acct_flags : 0x00000210 (528)
- 0: ACB_DISABLED
- 0: ACB_HOMDIRREQ
- 0: ACB_PWNOTREQ
- 0: ACB_TEMPDUP
- 1: ACB_NORMAL
- 0: ACB_MNS
- 0: ACB_DOMTRUST
- 0: ACB_WSTRUST
- 0: ACB_SVRTRUST
- 1: ACB_PWNOEXP
- 0: ACB_AUTOLOCK
- 0: ACB_ENC_TXT_PWD_ALLOWED
- 0: ACB_SMARTCARD_REQUIRED
- 0: ACB_TRUSTED_FOR_DELEGATION
- 0: ACB_NOT_DELEGATED
- 0: ACB_USE_DES_KEY_ONLY
- 0: ACB_DONT_REQUIRE_PREAUTH
- 0: ACB_PW_EXPIRED
- 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
- 0: ACB_NO_AUTH_DATA_REQD
- 0: ACB_PARTIAL_SECRETS_ACCOUNT
- 0: ACB_USE_AES_KEYS
- sub_auth_status : 0x00000000 (0)
- last_successful_logon : NTTIME(0)
- last_failed_logon : NTTIME(0)
- failed_logon_count : 0x00000000 (0)
- reserved : 0x00000000 (0)
- sidcount : 0x00000000 (0)
- sids : NULL
- resource_groups: struct PAC_DOMAIN_GROUP_MEMBERSHIP
- domain_sid : NULL
- groups: struct samr_RidWithAttributeArray
- count : 0x00000000 (0)
- rids : NULL
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_UPN_DNS_INFO (12)
- _ndr_size : 0x00000048 (72)
- info : *
- info : union PAC_INFO(case 12)
- upn_dns_info: struct PAC_UPN_DNS_INFO
- upn_name_size : 0x0014 (20)
- upn_name : *
- upn_name : 'davidu@abc'
- dns_domain_name_size : 0x001a (26)
- dns_domain_name : *
- dns_domain_name : 'CDOM.ACME.COM'
- flags : 0x00000000 (0)
- 0: PAC_UPN_DNS_FLAG_CONSTRUCTED
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_SRV_CHECKSUM (6)
- _ndr_size : 0x00000010 (16)
- info : *
- info : union PAC_INFO(case 6)
- srv_cksum: struct PAC_SIGNATURE_DATA
- type : 0x00000010 (16)
- signature : DATA_BLOB length=12
- [0000] 58 C7 D0 FB 8F 06 AF F0 48 5A 20 11 X....... HZ .
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_KDC_CHECKSUM (7)
- _ndr_size : 0x00000014 (20)
- info : *
- info : union PAC_INFO(case 7)
- kdc_cksum: struct PAC_SIGNATURE_DATA
- type : 0xffffff76 (4294967158)
- signature : DATA_BLOB length=16
- [0000] 7B A7 51 6F E8 6A A5 96 D8 1B CF 26 FD 52 52 97 {.Qo.j.. ...&.RR.
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_LOGON_NAME (10)
- _ndr_size : 0x0000001e (30)
- info : *
- info : union PAC_INFO(case 10)
- logon_name: struct PAC_LOGON_NAME
- logon_time : Wed Mar 14 12:54:27 AM 2018 IST
- size : 0x0014 (20)
- account_name : 'davidu@abc'
- _pad : 0x00000000 (0)
- return code = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement