API tools faq
paste
Advertisement
Guest User

samba_log

a guest
Dec 10th, 2016
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.72 KB | None | 0 0
raw download clone embed print report
  1. reply_pipe_write_and_X: fnum 16128, name: samr len: 144
  2. [2016/12/10 11:11:02.173469, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send)
  3. np_write_send: len: 144
  4. [2016/12/10 11:11:02.173495, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:367(pipe_write_andx_done)
  5. writeX-IPC nwritten=144
  6. [2016/12/10 11:11:02.173540, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process)
  7. PDU is in Little Endian format!
  8. [2016/12/10 11:11:02.173550, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu)
  9. Processing packet type 0
  10. [2016/12/10 11:11:02.173560, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request)
  11. Checking request auth.
  12. [2016/12/10 11:11:02.173569, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth)
  13. Requested Privacy.
  14. [2016/12/10 11:11:02.173577, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer)
  15. ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 8
  16. [2016/12/10 11:11:02.173582, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth)
  17. GENSEC auth
  18. [2016/12/10 11:11:02.173589, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet)
  19. ntlmssp_unseal_packet: seal
  20. [2016/12/10 11:11:02.173599, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet)
  21. ntlmssp_check_packet: NTLMSSP signature OK !
  22. [2016/12/10 11:11:02.173619, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  23. push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 1
  24. [2016/12/10 11:11:02.173627, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  25. setting sec ctx (3003, 513) - sec_ctx_stack_ndx = 1
  26. [2016/12/10 11:11:02.173633, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:63(security_token_debug)
  27. Security token SIDs (9):
  28. SID[ 0]: S-1-5-21-1144368606-1404702108-1511304999-1007
  29. SID[ 1]: S-1-5-21-1144368606-1404702108-1511304999-513
  30. SID[ 2]: S-1-5-21-1144368606-1404702108-1511304999-514
  31. SID[ 3]: S-1-1-0
  32. SID[ 4]: S-1-5-2
  33. SID[ 5]: S-1-5-11
  34. SID[ 6]: S-1-22-1-3003
  35. SID[ 7]: S-1-22-2-513
  36. SID[ 8]: S-1-22-2-514
  37. Privileges (0x 0):
  38. Rights (0x 0):
  39. [2016/12/10 11:11:02.173662, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
  40. UNIX token of user 3003
  41. Primary group is 513 and contains 2 supplementary groups
  42. Group[ 0]: 513
  43. Group[ 1]: 514
  44. [2016/12/10 11:11:02.173680, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user)
  45. Impersonated user: uid=(3003,3003), gid=(0,513)
  46. [2016/12/10 11:11:02.173687, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request)
  47. Requested samr rpc service
  48. [2016/12/10 11:11:02.173692, 4, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP)
  49. api_rpcTNP: samr op 0x38 - api_rpcTNP: rpc command: SAMR_GETDOMPWINFO
  50. [2016/12/10 11:11:02.173699, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP)
  51. api_rpc_cmds[56].fn == 0x7f89d46cd4e0
  52. [2016/12/10 11:11:02.173720, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  53. samr_GetDomPwInfo: struct samr_GetDomPwInfo
  54. in: struct samr_GetDomPwInfo
  55. domain_name : *
  56. domain_name: struct lsa_String
  57. length : 0x000a (10)
  58. size : 0x000c (12)
  59. string : *
  60. string : 'SIVIS'
  61. [2016/12/10 11:11:02.173767, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  62. push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 2
  63. [2016/12/10 11:11:02.173776, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
  64. push_conn_ctx(8968) : conn_ctx_stack_ndx = 0
  65. [2016/12/10 11:11:02.173781, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  66. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  67. [2016/12/10 11:11:02.173786, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:53(security_token_debug)
  68. Security token: (NULL)
  69. [2016/12/10 11:11:02.173790, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
  70. UNIX token of user 0
  71. Primary group is 0 and contains 0 supplementary groups
  72. [2016/12/10 11:11:02.173801, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  73. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
  74. [2016/12/10 11:11:02.173807, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
  75. push_conn_ctx(8968) : conn_ctx_stack_ndx = 1
  76. [2016/12/10 11:11:02.173812, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  77. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
  78. [2016/12/10 11:11:02.173816, 5, pid=16107, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug)
  79. Security token: (NULL)
  80. [2016/12/10 11:11:02.173820, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
  81. UNIX token of user 0
  82. Primary group is 0 and contains 0 supplementary groups
  83. [2016/12/10 11:11:02.173845, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
  84. Adding cache entry with key=[ACCT_POL/min password length] and timeout=[Thu Jan 1 01:00:00 AM 1970 CET] (-1481364662 seconds in the past)
  85. [2016/12/10 11:11:02.173865, 10, pid=16107, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_ldap.c:3877(ldapsam_get_account_policy_from_ldap)
  86. ldapsam_get_account_policy_from_ldap
  87. [2016/12/10 11:11:02.173878, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1249(smbldap_search_ext)
  88. smbldap_search_ext: base => [sambaDomainName=GROUP-ITC,dc=group-itc,dc=com], filter => [(objectClass=sambaDomain)], scope => [0]
  89. [2016/12/10 11:11:02.174324, 10, pid=16107, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:425(cache_account_policy_set)
  90. cache_account_policy_set: updating account pol cache
  91. [2016/12/10 11:11:02.174351, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
  92. Adding cache entry with key=[ACCT_POL/min password length] and timeout=[Sat Dec 10 11:12:02 AM 2016 CET] (60 seconds ahead)
  93. [2016/12/10 11:11:02.174374, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
  94. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
  95. [2016/12/10 11:11:02.174381, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  96. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
  97. [2016/12/10 11:11:02.174386, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
  98. push_conn_ctx(8968) : conn_ctx_stack_ndx = 1
  99. [2016/12/10 11:11:02.174391, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  100. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
  101. [2016/12/10 11:11:02.174396, 5, pid=16107, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug)
  102. Security token: (NULL)
  103. [2016/12/10 11:11:02.174400, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
  104. UNIX token of user 0
  105. Primary group is 0 and contains 0 supplementary groups
  106. [2016/12/10 11:11:02.174415, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
  107. Adding cache entry with key=[ACCT_POL/user must logon to change password] and timeout=[Thu Jan 1 01:00:00 AM 1970 CET] (-1481364662 seconds in the past)
  108. [2016/12/10 11:11:02.174428, 10, pid=16107, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_ldap.c:3877(ldapsam_get_account_policy_from_ldap)
  109. ldapsam_get_account_policy_from_ldap
  110. [2016/12/10 11:11:02.174435, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1249(smbldap_search_ext)
  111. smbldap_search_ext: base => [sambaDomainName=GROUP-ITC,dc=group-itc,dc=com], filter => [(objectClass=sambaDomain)], scope => [0]
  112. [2016/12/10 11:11:02.174615, 10, pid=16107, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:425(cache_account_policy_set)
  113. cache_account_policy_set: updating account pol cache
  114. [2016/12/10 11:11:02.174634, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
  115. Adding cache entry with key=[ACCT_POL/user must logon to change password] and timeout=[Sat Dec 10 11:12:02 AM 2016 CET] (60 seconds ahead)
  116. [2016/12/10 11:11:02.174652, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
  117. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
  118. [2016/12/10 11:11:02.174661, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
  119. pop_sec_ctx (3003, 513) - sec_ctx_stack_ndx = 1
  120. [2016/12/10 11:11:02.174669, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  121. samr_GetDomPwInfo: struct samr_GetDomPwInfo
  122. out: struct samr_GetDomPwInfo
  123. info : *
  124. info: struct samr_PwInfo
  125. min_password_length : 0x0005 (5)
  126. password_properties : 0x00000000 (0)
  127. 0: DOMAIN_PASSWORD_COMPLEX
  128. 0: DOMAIN_PASSWORD_NO_ANON_CHANGE
  129. 0: DOMAIN_PASSWORD_NO_CLEAR_CHANGE
  130. 0: DOMAIN_PASSWORD_LOCKOUT_ADMINS
  131. 0: DOMAIN_PASSWORD_STORE_CLEARTEXT
  132. 0: DOMAIN_REFUSE_PASSWORD_CHANGE
  133. result : NT_STATUS_OK
  134. [2016/12/10 11:11:02.174721, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP)
  135. api_rpcTNP: called samr successfully
  136. [2016/12/10 11:11:02.174734, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
  137. pop_sec_ctx (3003, 513) - sec_ctx_stack_ndx = 0
  138. [2016/12/10 11:11:02.174748, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  139. &r: struct ncacn_packet
  140. rpc_vers : 0x05 (5)
  141. rpc_vers_minor : 0x00 (0)
  142. ptype : DCERPC_PKT_RESPONSE (2)
  143. pfc_flags : 0x03 (3)
  144. 1: DCERPC_PFC_FLAG_FIRST
  145. 1: DCERPC_PFC_FLAG_LAST
  146. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  147. 0: DCERPC_PFC_FLAG_CONC_MPX
  148. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  149. 0: DCERPC_PFC_FLAG_MAYBE
  150. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  151. drep: ARRAY(4)
  152. [0] : 0x10 (16)
  153. [1] : 0x00 (0)
  154. [2] : 0x00 (0)
  155. [3] : 0x00 (0)
  156. frag_length : 0x0024 (36)
  157. auth_length : 0x0010 (16)
  158. call_id : 0x00000002 (2)
  159. u : union dcerpc_payload(case 2)
  160. response: struct dcerpc_response
  161. alloc_hint : 0x0000000c (12)
  162. context_id : 0x0000 (0)
  163. cancel_count : 0x00 (0)
  164. _pad : DATA_BLOB length=0
  165. stub_and_verifier : DATA_BLOB length=12
  166. [0000] 05 00 00 00 00 00 00 00 00 00 00 00 ........ ....
  167. [2016/12/10 11:11:02.174832, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  168. &r: struct dcerpc_auth
  169. auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10)
  170. auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
  171. auth_pad_length : 0x04 (4)
  172. auth_reserved : 0x00 (0)
  173. auth_context_id : 0x00000000 (0)
  174. credentials : DATA_BLOB length=0
  175. [2016/12/10 11:11:02.174850, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet)
  176. ntlmssp_seal_data: seal
  177. [2016/12/10 11:11:02.174858, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process)
  178. Sending 1 fragments in a total of 12 bytes
  179. [2016/12/10 11:11:02.174864, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process)
  180. Sending PDU number: 0, PDU Length: 64
  181. [2016/12/10 11:11:02.209298, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util_sock.c:369(read_smb_length_return_keepalive)
  182. got smb length of 59
  183. [2016/12/10 11:11:02.209332, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1877(process_smb)
  184. got message type 0x0 of len 0x3b
  185. [2016/12/10 11:11:02.209340, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1879(process_smb)
  186. Transaction 10 of length 63 (0 toread)
  187. [2016/12/10 11:11:02.209345, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:168(show_msg)
  188. [2016/12/10 11:11:02.209349, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:178(show_msg)
  189. size=59
  190. smb_com=0x2e
  191. smb_rcls=0
  192. smb_reh=0
  193. smb_err=0
  194. smb_flg=24
  195. smb_flg2=51207
  196. smb_tid=10452
  197. smb_pid=65279
  198. smb_uid=8968
  199. smb_mid=640
  200. smt_wct=12
  201. smb_vwv[ 0]= 255 (0xFF)
  202. smb_vwv[ 1]=57054 (0xDEDE)
  203. smb_vwv[ 2]=16128 (0x3F00)
  204. smb_vwv[ 3]= 0 (0x0)
  205. smb_vwv[ 4]= 0 (0x0)
  206. smb_vwv[ 5]= 1024 (0x400)
  207. smb_vwv[ 6]= 1024 (0x400)
  208. smb_vwv[ 7]=65535 (0xFFFF)
  209. smb_vwv[ 8]=65535 (0xFFFF)
  210. smb_vwv[ 9]= 1024 (0x400)
  211. smb_vwv[10]= 0 (0x0)
  212. smb_vwv[11]= 0 (0x0)
  213. smb_bcc=0
  214. [2016/12/10 11:11:02.209383, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../lib/util/util.c:559(dump_data)
  215. [2016/12/10 11:11:02.209393, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1489(switch_message)
  216. switch message SMBreadX (pid 16107) conn 0x7f89d6f0aea0
  217. [2016/12/10 11:11:02.209400, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:384(change_to_user)
  218. Skipping user change - already user
  219. [2016/12/10 11:11:02.209440, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv)
  220. Received 64 bytes. There is no more data outstanding
  221. [2016/12/10 11:11:02.209448, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:498(pipe_read_andx_done)
  222. readX-IPC min=1024 max=1024 nread=64
  223. [2016/12/10 11:11:02.252678, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util_sock.c:369(read_smb_length_return_keepalive)
  224. got smb length of 1264
  225. [2016/12/10 11:11:02.252715, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1877(process_smb)
  226. got message type 0x0 of len 0x4f0
  227. [2016/12/10 11:11:02.252723, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1879(process_smb)
  228. Transaction 11 of length 1268 (0 toread)
  229. [2016/12/10 11:11:02.252728, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:168(show_msg)
  230. [2016/12/10 11:11:02.252732, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:178(show_msg)
  231. size=1264
  232. smb_com=0x2f
  233. smb_rcls=0
  234. smb_reh=0
  235. smb_err=0
  236. smb_flg=24
  237. smb_flg2=51207
  238. smb_tid=10452
  239. smb_pid=65279
  240. smb_uid=8968
  241. smb_mid=704
  242. smt_wct=14
  243. smb_vwv[ 0]= 255 (0xFF)
  244. smb_vwv[ 1]=57054 (0xDEDE)
  245. smb_vwv[ 2]=16128 (0x3F00)
  246. smb_vwv[ 3]= 0 (0x0)
  247. smb_vwv[ 4]= 0 (0x0)
  248. smb_vwv[ 5]=65535 (0xFFFF)
  249. smb_vwv[ 6]=65535 (0xFFFF)
  250. smb_vwv[ 7]= 8 (0x8)
  251. smb_vwv[ 8]= 1200 (0x4B0)
  252. smb_vwv[ 9]= 0 (0x0)
  253. smb_vwv[10]= 1200 (0x4B0)
  254. smb_vwv[11]= 64 (0x40)
  255. smb_vwv[12]= 0 (0x0)
  256. smb_vwv[13]= 0 (0x0)
  257. smb_bcc=1201
  258. [2016/12/10 11:11:02.252772, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../lib/util/util.c:559(dump_data)
  259. [0000] EE 05 00 00 03 10 00 00 00 B0 04 10 00 03 00 00 ........ ........
  260. [0010] 00 80 04 00 00 00 00 37 00 FC E5 04 63 66 1D E3 .......7 ....cf..
  261. [0020] 08 95 A5 3C 33 EA E9 91 9A 80 A8 3B 91 5F 03 EE ...<3... ...;._..
  262. [0030] DE 89 44 30 BA 6D 3E 08 C0 7F 0C 37 F5 9C 57 72 ..D0.m>. ...7..Wr
  263. [0040] 73 FF F7 E3 FE 66 74 0A 0E 98 AB 93 81 4E EF 2A s....ft. .....N.*
  264. [0050] AC 9B 1D 98 FF 1F 9B CD 57 45 52 6B 2B 10 B2 79 ........ WERk+..y
  265. [0060] 93 2E 59 31 27 B7 FF E2 0D EA DA 7E 51 AC B3 24 ..Y1'... ...~Q..$
  266. [0070] 2D FE 4B 6D CA 79 99 A9 DD B5 D6 5D E7 0D 8D 2E -.Km.y.. ...]....
  267. [0080] DD 2F 4D 19 37 9A 6E 02 70 FC 0C 69 EA 45 1E 13 ./M.7.n. p..i.E..
  268. [0090] 6D 83 EE 0F C5 93 7C A1 87 BE 9E 72 F2 44 39 47 m.....|. ...r.D9G
  269. [00A0] D7 23 C3 00 46 65 A3 AA 2C 21 1A D4 A5 FE ED 77 .#..Fe.. ,!.....w
  270. [00B0] 95 5C CD 08 27 B6 32 C9 8C 87 FF A7 09 01 BC 49 .\..'.2. .......I
  271. [00C0] 1B 8D F4 E9 99 01 CA 08 1F D1 01 41 44 A8 27 34 ........ ...AD.'4
  272. [00D0] C3 EF 2F 27 CE 6E 5F 9C 8A 01 66 FD 0A 72 DB 4A ../'.n_. ..f..r.J
  273. [00E0] 9F 45 00 A1 41 35 AF C4 CF F3 D9 01 86 2E 57 58 .E..A5.. ......WX
  274. [00F0] 37 89 9F AB 76 37 0A EC 76 A7 61 A9 4C A6 53 E3 7...v7.. v.a.L.S.
  275. [0100] D5 28 BD 88 3B 54 13 B4 44 6E 4E 0E D5 9A 6A 47 .(..;T.. DnN...jG
  276. [0110] 82 45 76 FE 1C 43 3F 56 C9 42 3A 2A B2 15 C2 BA .Ev..C?V .B:*....
  277. [0120] 0B 55 D0 6C 37 7A 1B 08 1D 12 FA E3 00 71 DB 05 .U.l7z.. .....q..
  278. [0130] A6 94 9D CF F3 9C 13 43 F2 AC 04 3E E1 EE 35 B2 .......C ...>..5.
  279. [0140] DF 80 12 EE F9 5D F4 A4 F0 63 96 4A 0E 74 04 FD .....].. .c.J.t..
  280. [0150] 00 5E 15 EE AB 6E FC 81 C4 98 2A 97 14 A8 31 E9 .^...n.. ..*...1.
  281. [0160] DD 72 90 9E 32 81 6A 2F 08 C8 24 82 E2 9B 00 4B .r..2.j/ ..$....K
  282. [0170] F7 80 0C C2 3B 80 B9 E8 90 A1 F8 DF 9C A2 D6 00 ....;... ........
  283. [0180] 10 AE 5D C4 14 EE DD 45 76 7A 93 DE 84 44 06 42 ..]....E vz...D.B
  284. [0190] C6 CB 3B 70 34 0B 4C D4 24 5F 53 53 2D 6C 10 CC ..;p4.L. $_SS-l..
  285. [01A0] B7 81 3E D1 10 17 FF 92 E9 6C 9E 52 47 35 61 95 ..>..... .l.RG5a.
  286. [01B0] FB 4A 51 E2 60 66 06 58 64 F4 0E FB 2C 44 80 04 .JQ.`f.X d...,D..
  287. [01C0] A0 DB FC E0 E1 B9 EB 55 A8 7B B3 FF D7 96 9A C2 .......U .{......
  288. [01D0] 41 46 E1 CD 24 88 0F EF 69 09 5A 56 9F E1 75 3D AF..$... i.ZV..u=
  289. [01E0] 89 80 0E 91 13 39 4D 04 09 15 F1 A2 B5 B8 9B 4B .....9M. .......K
  290. [01F0] F7 44 A0 11 33 DD 15 46 E6 8B B7 0B 27 B1 5B 39 .D..3..F ....'.[9
  291. [2016/12/10 11:11:02.253021, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1489(switch_message)
  292. switch message SMBwriteX (pid 16107) conn 0x7f89d6f0aea0
  293. [2016/12/10 11:11:02.253030, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:384(change_to_user)
  294. Skipping user change - already user
  295. [2016/12/10 11:11:02.253038, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:303(reply_pipe_write_and_X)
  296. reply_pipe_write_and_X: fnum 16128, name: samr len: 1200
  297. [2016/12/10 11:11:02.253046, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send)
  298. np_write_send: len: 1200
  299. [2016/12/10 11:11:02.253070, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:367(pipe_write_andx_done)
  300. writeX-IPC nwritten=1200
  301. [2016/12/10 11:11:02.253114, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process)
  302. PDU is in Little Endian format!
  303. [2016/12/10 11:11:02.253124, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu)
  304. Processing packet type 0
  305. [2016/12/10 11:11:02.253130, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request)
  306. Checking request auth.
  307. [2016/12/10 11:11:02.253136, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth)
  308. Requested Privacy.
  309. [2016/12/10 11:11:02.253142, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer)
  310. ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0
  311. [2016/12/10 11:11:02.253148, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth)
  312. GENSEC auth
  313. [2016/12/10 11:11:02.253154, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet)
  314. ntlmssp_unseal_packet: seal
  315. [2016/12/10 11:11:02.253170, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet)
  316. ntlmssp_check_packet: NTLMSSP signature OK !
  317. [2016/12/10 11:11:02.253187, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  318. push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 1
  319. [2016/12/10 11:11:02.253195, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  320. setting sec ctx (3003, 513) - sec_ctx_stack_ndx = 1
  321. [2016/12/10 11:11:02.253201, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:63(security_token_debug)
  322. Security token SIDs (9):
  323. SID[ 0]: S-1-5-21-1144368606-1404702108-1511304999-1007
  324. SID[ 1]: S-1-5-21-1144368606-1404702108-1511304999-513
  325. SID[ 2]: S-1-5-21-1144368606-1404702108-1511304999-514
  326. SID[ 3]: S-1-1-0
  327. SID[ 4]: S-1-5-2
  328. SID[ 5]: S-1-5-11
  329. SID[ 6]: S-1-22-1-3003
  330. SID[ 7]: S-1-22-2-513
  331. SID[ 8]: S-1-22-2-514
  332. Privileges (0x 0):
  333. Rights (0x 0):
  334. [2016/12/10 11:11:02.253229, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
  335. UNIX token of user 3003
  336. Primary group is 513 and contains 2 supplementary groups
  337. Group[ 0]: 513
  338. Group[ 1]: 514
  339. [2016/12/10 11:11:02.253249, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user)
  340. Impersonated user: uid=(3003,3003), gid=(0,513)
  341. [2016/12/10 11:11:02.253256, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request)
  342. Requested samr rpc service
  343. [2016/12/10 11:11:02.253261, 4, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP)
  344. api_rpcTNP: samr op 0x37 - api_rpcTNP: rpc command: SAMR_CHANGEPASSWORDUSER2
  345. [2016/12/10 11:11:02.253268, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP)
  346. api_rpc_cmds[55].fn == 0x7f89d46cd780
  347. [2016/12/10 11:11:02.253288, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  348. samr_ChangePasswordUser2: struct samr_ChangePasswordUser2
  349. in: struct samr_ChangePasswordUser2
  350. server : *
  351. server: struct lsa_String
  352. length : 0x000a (10)
  353. size : 0x000c (12)
  354. string : *
  355. string : 'SIVIS'
  356. account : *
  357. account: struct lsa_String
  358. length : 0x000a (10)
  359. size : 0x000c (12)
  360. string : *
  361. string : 'tuser'
  362. nt_password : *
  363. nt_password: struct samr_CryptPassword
  364. data: ARRAY(516)
  365. [0000] E1 5A 56 7D 08 23 6E CF AF 1B 8C 9C D6 82 E4 B0 .ZV}.#n. ........
  366. [0010] B2 AD F2 08 16 4D AB 9B 8F 5C A3 63 01 FB C6 73 .....M.. .\.c...s
  367. [0020] 5E D6 01 64 0F 5D 8E 44 CC FA 99 A0 03 E0 11 E2 ^..d.].D ........
  368. [0030] 48 56 6A A2 E9 CC 19 C4 5A B1 1F 94 64 7D 33 A5 HVj..... Z...d}3.
  369. [0040] 8B BE D6 2B 1B 4C 2B 91 7A C7 79 E7 7B 3D AE AC ...+.L+. z.y.{=..
  370. [0050] 90 15 84 FA AE 1A EF 09 D3 8E 88 47 8D E8 E7 09 ........ ...G....
  371. [0060] 77 7F CD DF F7 66 66 1A B6 7E 6F 44 11 1C 79 A8 w....ff. .~oD..y.
  372. [0070] 4D 52 CB 0C F8 97 5B A6 AC A1 E3 12 98 A3 E6 58 MR....[. .......X
  373. [0080] 40 68 E4 74 19 9D 88 07 3A 91 8E 31 50 76 A9 8A @h.t.... :..1Pv..
  374. [0090] 37 58 AB 7E A1 3A 28 1B AD D2 5F 4C E0 80 10 94 7X.~.:(. .._L....
  375. [00A0] 2E 4D B7 D6 FF F5 20 25 A1 57 A2 1A 1C B1 D1 B3 .M.... % .W......
  376. [00B0] 3B 99 6E D7 01 FB 55 45 ED 11 D3 7D 6A 20 3D 76 ;.n...UE ...}j =v
  377. [00C0] CE 52 7A D7 37 F7 C9 AA 0A 56 35 20 96 A0 9F 3D .Rz.7... .V5 ...=
  378. [00D0] 0A 72 70 8C 85 53 FA E4 BC 76 F7 A3 7C FB DC D6 .rp..S.. .v..|...
  379. [00E0] EF F3 8D 80 0C E0 92 1B C2 46 21 C6 80 ED 18 D0 ........ .F!.....
  380. [00F0] 02 93 40 5F 8A 1D 6E 5F 85 D1 C5 56 3B 39 AD 16 ..@_..n_ ...V;9..
  381. [0100] 50 2B 39 8E 15 8E 67 8C 3F F8 4E 4B 56 E3 10 BA P+9...g. ?.NKV...
  382. [0110] C4 22 15 1B 56 34 E4 81 FF D2 61 7C 04 40 A4 44 ."..V4.. ..a|.@.D
  383. [0120] E7 3F 0E 04 59 92 C5 D2 F5 8C 58 44 3D B0 2C BA .?..Y... ..XD=.,.
  384. [0130] E4 3C F1 8A 3B 47 78 8C 99 D6 C3 85 28 86 0B 96 .<..;Gx. ....(...
  385. [0140] F4 3A 50 9D 2B 86 F5 43 91 9D E2 BD 57 2B 68 B9 .:P.+..C ....W+h.
  386. [0150] D5 CC 41 E2 B1 B5 3A DB 0F 60 0E 2A EA 89 CD FA ..A...:. .`.*....
  387. [0160] 07 1B 49 EA B1 1F 7F 82 B4 AD 79 71 56 DF 2E C2 ..I..... ..yqV...
  388. [0170] D6 72 E9 4E 30 73 D9 D2 02 FB 4F CB B0 D5 D9 AC .r.N0s.. ..O.....
  389. [0180] 2B 62 0A 7F 5C 21 9D E4 AC F3 0A 1C 4D F3 AB 56 +b..\!.. ....M..V
  390. [0190] D7 95 55 46 36 37 0A 3C 1C BC 9A 4A 63 54 29 E3 ..UF67.< ...JcT).
  391. [01A0] 9D 7E 59 45 00 97 F9 10 A7 D0 C6 B3 2C 74 64 A3 .~YE.... ....,td.
  392. [01B0] E1 70 FC BE BD D7 AE 6B 4F 53 EF 54 4D 49 B5 88 .p.....k OS.TMI..
  393. [01C0] 99 40 AD 60 46 73 B0 3B 0D 77 99 F2 A4 DB A4 FC .@.`Fs.; .w......
  394. [01D0] DE 0E C5 DA 02 09 80 B5 DD 32 88 21 6C B8 7D DF ........ .2.!l.}.
  395. [01E0] 92 90 70 89 58 5B 16 47 4E 97 8E EF EC B9 F9 AF ..p.X[.G N.......
  396. [01F0] A3 29 78 3B 50 06 09 50 0C C0 AA A4 CA EF 33 58 .)x;P..P ......3X
  397. [0200] BC 55 B4 EF .U..
  398. nt_verifier : *
  399. nt_verifier: struct samr_Password
  400. hash : 6ddeae756a7bf26d8f059567b8a22edb
  401. lm_change : 0x01 (1)
  402. lm_password : *
  403. lm_password: struct samr_CryptPassword
  404. data: ARRAY(516)
  405. [0000] A1 78 2D ED 82 7B AB 62 66 F9 C4 3A AD 2A 78 C2 .x-..{.b f..:.*x.
  406. [0010] 47 6E 29 56 ED 32 A7 B0 33 15 8F 67 B8 A1 83 8C Gn)V.2.. 3..g....
  407. [0020] FC DC 67 54 E0 2A A5 66 03 07 A8 E0 7B 6E 75 FF ..gT.*.f ....{nu.
  408. [0030] E6 E2 87 6F 88 95 09 E7 71 DB 0D 04 20 C5 E6 B6 ...o.... q... ...
  409. [0040] 01 B0 46 18 0F F3 ED 8E 80 BD E7 A7 43 34 7F 87 ..F..... ....C4..
  410. [0050] 69 92 BE 6D AF 51 69 52 C4 1C DA 0A 16 D5 01 0E i..m.QiR ........
  411. [0060] 84 2F BF FD B2 2A 22 86 C7 99 5D 26 29 A4 51 53 ./...*". ..]&).QS
  412. [0070] 9A EC BA 0D FA 47 61 C2 38 64 9C 22 8C 2B C4 8C .....Ga. 8d.".+..
  413. [0080] 70 74 DB 6F DA DF C0 94 64 11 11 5D 5C 2A 3A 92 pt.o.... d..]\*:.
  414. [0090] 54 9D D5 91 C7 16 B9 2A F4 55 56 CD B6 AC 59 16 T......* .UV...Y.
  415. [00A0] E9 E0 F7 23 2C E8 D6 A8 56 5E A6 0E AD D2 53 8C ...#,... V^....S.
  416. [00B0] 9D E9 53 D2 24 E9 94 75 02 81 0F 1F 4D D5 15 6E ..S.$..u ....M..n
  417. [00C0] CB 61 2C CA 3C 0C EF 42 B6 59 32 D1 05 86 0C B5 .a,.<..B .Y2.....
  418. [00D0] EF C4 90 D2 60 70 F5 7E 9C D0 CF 31 C9 AB FA 56 ....`p.~ ...1...V
  419. [00E0] 7B 1A 21 B6 BE 17 88 44 1B 15 08 50 B1 7C B5 0A {.!....D ...P.|..
  420. [00F0] FE D8 8E F6 13 C7 33 0B BA 6C 94 5C 26 2B A2 BB ......3. .l.\&+..
  421. [0100] FE 9B AE 77 0E 64 A2 82 8A 52 03 2A D3 7D CE F0 ...w.d.. .R.*.}..
  422. [0110] 5E 0B 9F 96 A2 50 FB BE 45 30 26 CC E7 19 1A 0D ^....P.. E0&.....
  423. [0120] E7 C3 20 DB 2D 88 80 4B A7 FC 4F F9 AF 93 91 68 .. .-..K ..O....h
  424. [0130] 8B 0C FE E1 08 63 39 88 42 41 AF 16 B2 94 97 6A .....c9. BA.....j
  425. [0140] 4C D0 E8 8D 72 CF 55 08 CF 69 1D 16 00 7E 94 04 L...r.U. .i...~..
  426. [0150] B5 CB 3E 4B EF DD CE E1 AA FD 1D 81 A1 5C FD C3 ..>K.... .....\..
  427. [0160] 1B 49 10 01 E8 44 F7 17 EE DC AA 21 50 AE 48 02 .I...D.. ...!P.H.
  428. [0170] 50 3D 11 E8 FE CE 43 B6 4A 1C 8F 33 A0 03 D8 E3 P=....C. J..3....
  429. [0180] 01 46 BA 84 B5 32 B2 D3 DB 8D 1C 92 36 53 CF 72 .F...2.. ....6S.r
  430. [0190] 6B 06 48 F3 BF 4E 03 6B C7 B0 93 CB 1A 8F 9E 49 k.H..N.k .......I
  431. [01A0] B6 FB 7A 02 0A 9E CA F2 6C C5 3A B4 C3 E8 8A 3F ..z..... l.:....?
  432. [01B0] 01 9B F2 4E A6 EE F1 DC 8A B2 01 2E 56 6B 41 94 ...N.... ....VkA.
  433. [01C0] CE 95 88 58 81 67 94 77 21 F1 6F 4A CA 9B 5A 8F ...X.g.w !.oJ..Z.
  434. [01D0] 28 1F 0D 4A FC 4B 24 B7 CD F8 30 B1 11 AF CF E8 (..J.K$. ..0.....
  435. [01E0] FC BB 8A 8D D3 08 40 C9 95 E2 99 18 E6 7D C8 E2 ......@. .....}..
  436. [01F0] 5E 9A 7A 95 A0 86 4F 5A CE F6 63 F3 BF DD C8 73 ^.z...OZ ..c....s
  437. [0200] 07 50 A0 4D .P.M
  438. lm_verifier : *
  439. lm_verifier: struct samr_Password
  440. hash : 7f47b3d59929a274c3f2c8753064aecd
  441. [2016/12/10 11:11:02.254140, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:1743(_samr_ChangePasswordUser2)
  442. _samr_ChangePasswordUser2: 1743
  443. [2016/12/10 11:11:02.254150, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:1752(_samr_ChangePasswordUser2)
  444. _samr_ChangePasswordUser2: user: (null) wks: SIVIS
  445. [2016/12/10 11:11:02.254169, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  446. push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 2
  447. [2016/12/10 11:11:02.254176, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
  448. push_conn_ctx(8968) : conn_ctx_stack_ndx = 0
  449. [2016/12/10 11:11:02.254182, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  450. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  451. [2016/12/10 11:11:02.254187, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:53(security_token_debug)
  452. Security token: (NULL)
  453. [2016/12/10 11:11:02.254191, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
  454. UNIX token of user 0
  455. Primary group is 0 and contains 0 supplementary groups
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!