Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- reply_pipe_write_and_X: fnum 16128, name: samr len: 144
- [2016/12/10 11:11:02.173469, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send)
- np_write_send: len: 144
- [2016/12/10 11:11:02.173495, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:367(pipe_write_andx_done)
- writeX-IPC nwritten=144
- [2016/12/10 11:11:02.173540, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process)
- PDU is in Little Endian format!
- [2016/12/10 11:11:02.173550, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu)
- Processing packet type 0
- [2016/12/10 11:11:02.173560, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request)
- Checking request auth.
- [2016/12/10 11:11:02.173569, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth)
- Requested Privacy.
- [2016/12/10 11:11:02.173577, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer)
- ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 8
- [2016/12/10 11:11:02.173582, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth)
- GENSEC auth
- [2016/12/10 11:11:02.173589, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet)
- ntlmssp_unseal_packet: seal
- [2016/12/10 11:11:02.173599, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet)
- ntlmssp_check_packet: NTLMSSP signature OK !
- [2016/12/10 11:11:02.173619, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
- push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 1
- [2016/12/10 11:11:02.173627, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
- setting sec ctx (3003, 513) - sec_ctx_stack_ndx = 1
- [2016/12/10 11:11:02.173633, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:63(security_token_debug)
- Security token SIDs (9):
- SID[ 0]: S-1-5-21-1144368606-1404702108-1511304999-1007
- SID[ 1]: S-1-5-21-1144368606-1404702108-1511304999-513
- SID[ 2]: S-1-5-21-1144368606-1404702108-1511304999-514
- SID[ 3]: S-1-1-0
- SID[ 4]: S-1-5-2
- SID[ 5]: S-1-5-11
- SID[ 6]: S-1-22-1-3003
- SID[ 7]: S-1-22-2-513
- SID[ 8]: S-1-22-2-514
- Privileges (0x 0):
- Rights (0x 0):
- [2016/12/10 11:11:02.173662, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
- UNIX token of user 3003
- Primary group is 513 and contains 2 supplementary groups
- Group[ 0]: 513
- Group[ 1]: 514
- [2016/12/10 11:11:02.173680, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user)
- Impersonated user: uid=(3003,3003), gid=(0,513)
- [2016/12/10 11:11:02.173687, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request)
- Requested samr rpc service
- [2016/12/10 11:11:02.173692, 4, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP)
- api_rpcTNP: samr op 0x38 - api_rpcTNP: rpc command: SAMR_GETDOMPWINFO
- [2016/12/10 11:11:02.173699, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP)
- api_rpc_cmds[56].fn == 0x7f89d46cd4e0
- [2016/12/10 11:11:02.173720, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_GetDomPwInfo: struct samr_GetDomPwInfo
- in: struct samr_GetDomPwInfo
- domain_name : *
- domain_name: struct lsa_String
- length : 0x000a (10)
- size : 0x000c (12)
- string : *
- string : 'SIVIS'
- [2016/12/10 11:11:02.173767, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
- push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 2
- [2016/12/10 11:11:02.173776, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
- push_conn_ctx(8968) : conn_ctx_stack_ndx = 0
- [2016/12/10 11:11:02.173781, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2016/12/10 11:11:02.173786, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2016/12/10 11:11:02.173790, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2016/12/10 11:11:02.173801, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
- [2016/12/10 11:11:02.173807, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
- push_conn_ctx(8968) : conn_ctx_stack_ndx = 1
- [2016/12/10 11:11:02.173812, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
- [2016/12/10 11:11:02.173816, 5, pid=16107, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2016/12/10 11:11:02.173820, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2016/12/10 11:11:02.173845, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
- Adding cache entry with key=[ACCT_POL/min password length] and timeout=[Thu Jan 1 01:00:00 AM 1970 CET] (-1481364662 seconds in the past)
- [2016/12/10 11:11:02.173865, 10, pid=16107, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_ldap.c:3877(ldapsam_get_account_policy_from_ldap)
- ldapsam_get_account_policy_from_ldap
- [2016/12/10 11:11:02.173878, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1249(smbldap_search_ext)
- smbldap_search_ext: base => [sambaDomainName=GROUP-ITC,dc=group-itc,dc=com], filter => [(objectClass=sambaDomain)], scope => [0]
- [2016/12/10 11:11:02.174324, 10, pid=16107, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:425(cache_account_policy_set)
- cache_account_policy_set: updating account pol cache
- [2016/12/10 11:11:02.174351, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
- Adding cache entry with key=[ACCT_POL/min password length] and timeout=[Sat Dec 10 11:12:02 AM 2016 CET] (60 seconds ahead)
- [2016/12/10 11:11:02.174374, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2016/12/10 11:11:02.174381, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
- push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
- [2016/12/10 11:11:02.174386, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
- push_conn_ctx(8968) : conn_ctx_stack_ndx = 1
- [2016/12/10 11:11:02.174391, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
- [2016/12/10 11:11:02.174396, 5, pid=16107, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2016/12/10 11:11:02.174400, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
- [2016/12/10 11:11:02.174415, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
- Adding cache entry with key=[ACCT_POL/user must logon to change password] and timeout=[Thu Jan 1 01:00:00 AM 1970 CET] (-1481364662 seconds in the past)
- [2016/12/10 11:11:02.174428, 10, pid=16107, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_ldap.c:3877(ldapsam_get_account_policy_from_ldap)
- ldapsam_get_account_policy_from_ldap
- [2016/12/10 11:11:02.174435, 5, pid=16107, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1249(smbldap_search_ext)
- smbldap_search_ext: base => [sambaDomainName=GROUP-ITC,dc=group-itc,dc=com], filter => [(objectClass=sambaDomain)], scope => [0]
- [2016/12/10 11:11:02.174615, 10, pid=16107, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:425(cache_account_policy_set)
- cache_account_policy_set: updating account pol cache
- [2016/12/10 11:11:02.174634, 10, pid=16107, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:313(gencache_set_data_blob)
- Adding cache entry with key=[ACCT_POL/user must logon to change password] and timeout=[Sat Dec 10 11:12:02 AM 2016 CET] (60 seconds ahead)
- [2016/12/10 11:11:02.174652, 4, pid=16107, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
- pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2016/12/10 11:11:02.174661, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
- pop_sec_ctx (3003, 513) - sec_ctx_stack_ndx = 1
- [2016/12/10 11:11:02.174669, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_GetDomPwInfo: struct samr_GetDomPwInfo
- out: struct samr_GetDomPwInfo
- info : *
- info: struct samr_PwInfo
- min_password_length : 0x0005 (5)
- password_properties : 0x00000000 (0)
- 0: DOMAIN_PASSWORD_COMPLEX
- 0: DOMAIN_PASSWORD_NO_ANON_CHANGE
- 0: DOMAIN_PASSWORD_NO_CLEAR_CHANGE
- 0: DOMAIN_PASSWORD_LOCKOUT_ADMINS
- 0: DOMAIN_PASSWORD_STORE_CLEARTEXT
- 0: DOMAIN_REFUSE_PASSWORD_CHANGE
- result : NT_STATUS_OK
- [2016/12/10 11:11:02.174721, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP)
- api_rpcTNP: called samr successfully
- [2016/12/10 11:11:02.174734, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:421(pop_sec_ctx)
- pop_sec_ctx (3003, 513) - sec_ctx_stack_ndx = 0
- [2016/12/10 11:11:02.174748, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- &r: struct ncacn_packet
- rpc_vers : 0x05 (5)
- rpc_vers_minor : 0x00 (0)
- ptype : DCERPC_PKT_RESPONSE (2)
- pfc_flags : 0x03 (3)
- 1: DCERPC_PFC_FLAG_FIRST
- 1: DCERPC_PFC_FLAG_LAST
- 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
- 0: DCERPC_PFC_FLAG_CONC_MPX
- 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
- 0: DCERPC_PFC_FLAG_MAYBE
- 0: DCERPC_PFC_FLAG_OBJECT_UUID
- drep: ARRAY(4)
- [0] : 0x10 (16)
- [1] : 0x00 (0)
- [2] : 0x00 (0)
- [3] : 0x00 (0)
- frag_length : 0x0024 (36)
- auth_length : 0x0010 (16)
- call_id : 0x00000002 (2)
- u : union dcerpc_payload(case 2)
- response: struct dcerpc_response
- alloc_hint : 0x0000000c (12)
- context_id : 0x0000 (0)
- cancel_count : 0x00 (0)
- _pad : DATA_BLOB length=0
- stub_and_verifier : DATA_BLOB length=12
- [0000] 05 00 00 00 00 00 00 00 00 00 00 00 ........ ....
- [2016/12/10 11:11:02.174832, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- &r: struct dcerpc_auth
- auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10)
- auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
- auth_pad_length : 0x04 (4)
- auth_reserved : 0x00 (0)
- auth_context_id : 0x00000000 (0)
- credentials : DATA_BLOB length=0
- [2016/12/10 11:11:02.174850, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet)
- ntlmssp_seal_data: seal
- [2016/12/10 11:11:02.174858, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process)
- Sending 1 fragments in a total of 12 bytes
- [2016/12/10 11:11:02.174864, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process)
- Sending PDU number: 0, PDU Length: 64
- [2016/12/10 11:11:02.209298, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util_sock.c:369(read_smb_length_return_keepalive)
- got smb length of 59
- [2016/12/10 11:11:02.209332, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1877(process_smb)
- got message type 0x0 of len 0x3b
- [2016/12/10 11:11:02.209340, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1879(process_smb)
- Transaction 10 of length 63 (0 toread)
- [2016/12/10 11:11:02.209345, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:168(show_msg)
- [2016/12/10 11:11:02.209349, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:178(show_msg)
- size=59
- smb_com=0x2e
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=10452
- smb_pid=65279
- smb_uid=8968
- smb_mid=640
- smt_wct=12
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=16128 (0x3F00)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]= 1024 (0x400)
- smb_vwv[ 6]= 1024 (0x400)
- smb_vwv[ 7]=65535 (0xFFFF)
- smb_vwv[ 8]=65535 (0xFFFF)
- smb_vwv[ 9]= 1024 (0x400)
- smb_vwv[10]= 0 (0x0)
- smb_vwv[11]= 0 (0x0)
- smb_bcc=0
- [2016/12/10 11:11:02.209383, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../lib/util/util.c:559(dump_data)
- [2016/12/10 11:11:02.209393, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1489(switch_message)
- switch message SMBreadX (pid 16107) conn 0x7f89d6f0aea0
- [2016/12/10 11:11:02.209400, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:384(change_to_user)
- Skipping user change - already user
- [2016/12/10 11:11:02.209440, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv)
- Received 64 bytes. There is no more data outstanding
- [2016/12/10 11:11:02.209448, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:498(pipe_read_andx_done)
- readX-IPC min=1024 max=1024 nread=64
- [2016/12/10 11:11:02.252678, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util_sock.c:369(read_smb_length_return_keepalive)
- got smb length of 1264
- [2016/12/10 11:11:02.252715, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1877(process_smb)
- got message type 0x0 of len 0x4f0
- [2016/12/10 11:11:02.252723, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1879(process_smb)
- Transaction 11 of length 1268 (0 toread)
- [2016/12/10 11:11:02.252728, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:168(show_msg)
- [2016/12/10 11:11:02.252732, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/lib/util.c:178(show_msg)
- size=1264
- smb_com=0x2f
- smb_rcls=0
- smb_reh=0
- smb_err=0
- smb_flg=24
- smb_flg2=51207
- smb_tid=10452
- smb_pid=65279
- smb_uid=8968
- smb_mid=704
- smt_wct=14
- smb_vwv[ 0]= 255 (0xFF)
- smb_vwv[ 1]=57054 (0xDEDE)
- smb_vwv[ 2]=16128 (0x3F00)
- smb_vwv[ 3]= 0 (0x0)
- smb_vwv[ 4]= 0 (0x0)
- smb_vwv[ 5]=65535 (0xFFFF)
- smb_vwv[ 6]=65535 (0xFFFF)
- smb_vwv[ 7]= 8 (0x8)
- smb_vwv[ 8]= 1200 (0x4B0)
- smb_vwv[ 9]= 0 (0x0)
- smb_vwv[10]= 1200 (0x4B0)
- smb_vwv[11]= 64 (0x40)
- smb_vwv[12]= 0 (0x0)
- smb_vwv[13]= 0 (0x0)
- smb_bcc=1201
- [2016/12/10 11:11:02.252772, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../lib/util/util.c:559(dump_data)
- [0000] EE 05 00 00 03 10 00 00 00 B0 04 10 00 03 00 00 ........ ........
- [0010] 00 80 04 00 00 00 00 37 00 FC E5 04 63 66 1D E3 .......7 ....cf..
- [0020] 08 95 A5 3C 33 EA E9 91 9A 80 A8 3B 91 5F 03 EE ...<3... ...;._..
- [0030] DE 89 44 30 BA 6D 3E 08 C0 7F 0C 37 F5 9C 57 72 ..D0.m>. ...7..Wr
- [0040] 73 FF F7 E3 FE 66 74 0A 0E 98 AB 93 81 4E EF 2A s....ft. .....N.*
- [0050] AC 9B 1D 98 FF 1F 9B CD 57 45 52 6B 2B 10 B2 79 ........ WERk+..y
- [0060] 93 2E 59 31 27 B7 FF E2 0D EA DA 7E 51 AC B3 24 ..Y1'... ...~Q..$
- [0070] 2D FE 4B 6D CA 79 99 A9 DD B5 D6 5D E7 0D 8D 2E -.Km.y.. ...]....
- [0080] DD 2F 4D 19 37 9A 6E 02 70 FC 0C 69 EA 45 1E 13 ./M.7.n. p..i.E..
- [0090] 6D 83 EE 0F C5 93 7C A1 87 BE 9E 72 F2 44 39 47 m.....|. ...r.D9G
- [00A0] D7 23 C3 00 46 65 A3 AA 2C 21 1A D4 A5 FE ED 77 .#..Fe.. ,!.....w
- [00B0] 95 5C CD 08 27 B6 32 C9 8C 87 FF A7 09 01 BC 49 .\..'.2. .......I
- [00C0] 1B 8D F4 E9 99 01 CA 08 1F D1 01 41 44 A8 27 34 ........ ...AD.'4
- [00D0] C3 EF 2F 27 CE 6E 5F 9C 8A 01 66 FD 0A 72 DB 4A ../'.n_. ..f..r.J
- [00E0] 9F 45 00 A1 41 35 AF C4 CF F3 D9 01 86 2E 57 58 .E..A5.. ......WX
- [00F0] 37 89 9F AB 76 37 0A EC 76 A7 61 A9 4C A6 53 E3 7...v7.. v.a.L.S.
- [0100] D5 28 BD 88 3B 54 13 B4 44 6E 4E 0E D5 9A 6A 47 .(..;T.. DnN...jG
- [0110] 82 45 76 FE 1C 43 3F 56 C9 42 3A 2A B2 15 C2 BA .Ev..C?V .B:*....
- [0120] 0B 55 D0 6C 37 7A 1B 08 1D 12 FA E3 00 71 DB 05 .U.l7z.. .....q..
- [0130] A6 94 9D CF F3 9C 13 43 F2 AC 04 3E E1 EE 35 B2 .......C ...>..5.
- [0140] DF 80 12 EE F9 5D F4 A4 F0 63 96 4A 0E 74 04 FD .....].. .c.J.t..
- [0150] 00 5E 15 EE AB 6E FC 81 C4 98 2A 97 14 A8 31 E9 .^...n.. ..*...1.
- [0160] DD 72 90 9E 32 81 6A 2F 08 C8 24 82 E2 9B 00 4B .r..2.j/ ..$....K
- [0170] F7 80 0C C2 3B 80 B9 E8 90 A1 F8 DF 9C A2 D6 00 ....;... ........
- [0180] 10 AE 5D C4 14 EE DD 45 76 7A 93 DE 84 44 06 42 ..]....E vz...D.B
- [0190] C6 CB 3B 70 34 0B 4C D4 24 5F 53 53 2D 6C 10 CC ..;p4.L. $_SS-l..
- [01A0] B7 81 3E D1 10 17 FF 92 E9 6C 9E 52 47 35 61 95 ..>..... .l.RG5a.
- [01B0] FB 4A 51 E2 60 66 06 58 64 F4 0E FB 2C 44 80 04 .JQ.`f.X d...,D..
- [01C0] A0 DB FC E0 E1 B9 EB 55 A8 7B B3 FF D7 96 9A C2 .......U .{......
- [01D0] 41 46 E1 CD 24 88 0F EF 69 09 5A 56 9F E1 75 3D AF..$... i.ZV..u=
- [01E0] 89 80 0E 91 13 39 4D 04 09 15 F1 A2 B5 B8 9B 4B .....9M. .......K
- [01F0] F7 44 A0 11 33 DD 15 46 E6 8B B7 0B 27 B1 5B 39 .D..3..F ....'.[9
- [2016/12/10 11:11:02.253021, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/process.c:1489(switch_message)
- switch message SMBwriteX (pid 16107) conn 0x7f89d6f0aea0
- [2016/12/10 11:11:02.253030, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:384(change_to_user)
- Skipping user change - already user
- [2016/12/10 11:11:02.253038, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:303(reply_pipe_write_and_X)
- reply_pipe_write_and_X: fnum 16128, name: samr len: 1200
- [2016/12/10 11:11:02.253046, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send)
- np_write_send: len: 1200
- [2016/12/10 11:11:02.253070, 3, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/pipes.c:367(pipe_write_andx_done)
- writeX-IPC nwritten=1200
- [2016/12/10 11:11:02.253114, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process)
- PDU is in Little Endian format!
- [2016/12/10 11:11:02.253124, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu)
- Processing packet type 0
- [2016/12/10 11:11:02.253130, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request)
- Checking request auth.
- [2016/12/10 11:11:02.253136, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth)
- Requested Privacy.
- [2016/12/10 11:11:02.253142, 6, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer)
- ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0
- [2016/12/10 11:11:02.253148, 10, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth)
- GENSEC auth
- [2016/12/10 11:11:02.253154, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet)
- ntlmssp_unseal_packet: seal
- [2016/12/10 11:11:02.253170, 10, pid=16107, effective(3003, 513), real(3003, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet)
- ntlmssp_check_packet: NTLMSSP signature OK !
- [2016/12/10 11:11:02.253187, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
- push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 1
- [2016/12/10 11:11:02.253195, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
- setting sec ctx (3003, 513) - sec_ctx_stack_ndx = 1
- [2016/12/10 11:11:02.253201, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:63(security_token_debug)
- Security token SIDs (9):
- SID[ 0]: S-1-5-21-1144368606-1404702108-1511304999-1007
- SID[ 1]: S-1-5-21-1144368606-1404702108-1511304999-513
- SID[ 2]: S-1-5-21-1144368606-1404702108-1511304999-514
- SID[ 3]: S-1-1-0
- SID[ 4]: S-1-5-2
- SID[ 5]: S-1-5-11
- SID[ 6]: S-1-22-1-3003
- SID[ 7]: S-1-22-2-513
- SID[ 8]: S-1-22-2-514
- Privileges (0x 0):
- Rights (0x 0):
- [2016/12/10 11:11:02.253229, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
- UNIX token of user 3003
- Primary group is 513 and contains 2 supplementary groups
- Group[ 0]: 513
- Group[ 1]: 514
- [2016/12/10 11:11:02.253249, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user)
- Impersonated user: uid=(3003,3003), gid=(0,513)
- [2016/12/10 11:11:02.253256, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request)
- Requested samr rpc service
- [2016/12/10 11:11:02.253261, 4, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP)
- api_rpcTNP: samr op 0x37 - api_rpcTNP: rpc command: SAMR_CHANGEPASSWORDUSER2
- [2016/12/10 11:11:02.253268, 6, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP)
- api_rpc_cmds[55].fn == 0x7f89d46cd780
- [2016/12/10 11:11:02.253288, 1, pid=16107, effective(3003, 513), real(3003, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_ChangePasswordUser2: struct samr_ChangePasswordUser2
- in: struct samr_ChangePasswordUser2
- server : *
- server: struct lsa_String
- length : 0x000a (10)
- size : 0x000c (12)
- string : *
- string : 'SIVIS'
- account : *
- account: struct lsa_String
- length : 0x000a (10)
- size : 0x000c (12)
- string : *
- string : 'tuser'
- nt_password : *
- nt_password: struct samr_CryptPassword
- data: ARRAY(516)
- [0000] E1 5A 56 7D 08 23 6E CF AF 1B 8C 9C D6 82 E4 B0 .ZV}.#n. ........
- [0010] B2 AD F2 08 16 4D AB 9B 8F 5C A3 63 01 FB C6 73 .....M.. .\.c...s
- [0020] 5E D6 01 64 0F 5D 8E 44 CC FA 99 A0 03 E0 11 E2 ^..d.].D ........
- [0030] 48 56 6A A2 E9 CC 19 C4 5A B1 1F 94 64 7D 33 A5 HVj..... Z...d}3.
- [0040] 8B BE D6 2B 1B 4C 2B 91 7A C7 79 E7 7B 3D AE AC ...+.L+. z.y.{=..
- [0050] 90 15 84 FA AE 1A EF 09 D3 8E 88 47 8D E8 E7 09 ........ ...G....
- [0060] 77 7F CD DF F7 66 66 1A B6 7E 6F 44 11 1C 79 A8 w....ff. .~oD..y.
- [0070] 4D 52 CB 0C F8 97 5B A6 AC A1 E3 12 98 A3 E6 58 MR....[. .......X
- [0080] 40 68 E4 74 19 9D 88 07 3A 91 8E 31 50 76 A9 8A @h.t.... :..1Pv..
- [0090] 37 58 AB 7E A1 3A 28 1B AD D2 5F 4C E0 80 10 94 7X.~.:(. .._L....
- [00A0] 2E 4D B7 D6 FF F5 20 25 A1 57 A2 1A 1C B1 D1 B3 .M.... % .W......
- [00B0] 3B 99 6E D7 01 FB 55 45 ED 11 D3 7D 6A 20 3D 76 ;.n...UE ...}j =v
- [00C0] CE 52 7A D7 37 F7 C9 AA 0A 56 35 20 96 A0 9F 3D .Rz.7... .V5 ...=
- [00D0] 0A 72 70 8C 85 53 FA E4 BC 76 F7 A3 7C FB DC D6 .rp..S.. .v..|...
- [00E0] EF F3 8D 80 0C E0 92 1B C2 46 21 C6 80 ED 18 D0 ........ .F!.....
- [00F0] 02 93 40 5F 8A 1D 6E 5F 85 D1 C5 56 3B 39 AD 16 ..@_..n_ ...V;9..
- [0100] 50 2B 39 8E 15 8E 67 8C 3F F8 4E 4B 56 E3 10 BA P+9...g. ?.NKV...
- [0110] C4 22 15 1B 56 34 E4 81 FF D2 61 7C 04 40 A4 44 ."..V4.. ..a|.@.D
- [0120] E7 3F 0E 04 59 92 C5 D2 F5 8C 58 44 3D B0 2C BA .?..Y... ..XD=.,.
- [0130] E4 3C F1 8A 3B 47 78 8C 99 D6 C3 85 28 86 0B 96 .<..;Gx. ....(...
- [0140] F4 3A 50 9D 2B 86 F5 43 91 9D E2 BD 57 2B 68 B9 .:P.+..C ....W+h.
- [0150] D5 CC 41 E2 B1 B5 3A DB 0F 60 0E 2A EA 89 CD FA ..A...:. .`.*....
- [0160] 07 1B 49 EA B1 1F 7F 82 B4 AD 79 71 56 DF 2E C2 ..I..... ..yqV...
- [0170] D6 72 E9 4E 30 73 D9 D2 02 FB 4F CB B0 D5 D9 AC .r.N0s.. ..O.....
- [0180] 2B 62 0A 7F 5C 21 9D E4 AC F3 0A 1C 4D F3 AB 56 +b..\!.. ....M..V
- [0190] D7 95 55 46 36 37 0A 3C 1C BC 9A 4A 63 54 29 E3 ..UF67.< ...JcT).
- [01A0] 9D 7E 59 45 00 97 F9 10 A7 D0 C6 B3 2C 74 64 A3 .~YE.... ....,td.
- [01B0] E1 70 FC BE BD D7 AE 6B 4F 53 EF 54 4D 49 B5 88 .p.....k OS.TMI..
- [01C0] 99 40 AD 60 46 73 B0 3B 0D 77 99 F2 A4 DB A4 FC .@.`Fs.; .w......
- [01D0] DE 0E C5 DA 02 09 80 B5 DD 32 88 21 6C B8 7D DF ........ .2.!l.}.
- [01E0] 92 90 70 89 58 5B 16 47 4E 97 8E EF EC B9 F9 AF ..p.X[.G N.......
- [01F0] A3 29 78 3B 50 06 09 50 0C C0 AA A4 CA EF 33 58 .)x;P..P ......3X
- [0200] BC 55 B4 EF .U..
- nt_verifier : *
- nt_verifier: struct samr_Password
- hash : 6ddeae756a7bf26d8f059567b8a22edb
- lm_change : 0x01 (1)
- lm_password : *
- lm_password: struct samr_CryptPassword
- data: ARRAY(516)
- [0000] A1 78 2D ED 82 7B AB 62 66 F9 C4 3A AD 2A 78 C2 .x-..{.b f..:.*x.
- [0010] 47 6E 29 56 ED 32 A7 B0 33 15 8F 67 B8 A1 83 8C Gn)V.2.. 3..g....
- [0020] FC DC 67 54 E0 2A A5 66 03 07 A8 E0 7B 6E 75 FF ..gT.*.f ....{nu.
- [0030] E6 E2 87 6F 88 95 09 E7 71 DB 0D 04 20 C5 E6 B6 ...o.... q... ...
- [0040] 01 B0 46 18 0F F3 ED 8E 80 BD E7 A7 43 34 7F 87 ..F..... ....C4..
- [0050] 69 92 BE 6D AF 51 69 52 C4 1C DA 0A 16 D5 01 0E i..m.QiR ........
- [0060] 84 2F BF FD B2 2A 22 86 C7 99 5D 26 29 A4 51 53 ./...*". ..]&).QS
- [0070] 9A EC BA 0D FA 47 61 C2 38 64 9C 22 8C 2B C4 8C .....Ga. 8d.".+..
- [0080] 70 74 DB 6F DA DF C0 94 64 11 11 5D 5C 2A 3A 92 pt.o.... d..]\*:.
- [0090] 54 9D D5 91 C7 16 B9 2A F4 55 56 CD B6 AC 59 16 T......* .UV...Y.
- [00A0] E9 E0 F7 23 2C E8 D6 A8 56 5E A6 0E AD D2 53 8C ...#,... V^....S.
- [00B0] 9D E9 53 D2 24 E9 94 75 02 81 0F 1F 4D D5 15 6E ..S.$..u ....M..n
- [00C0] CB 61 2C CA 3C 0C EF 42 B6 59 32 D1 05 86 0C B5 .a,.<..B .Y2.....
- [00D0] EF C4 90 D2 60 70 F5 7E 9C D0 CF 31 C9 AB FA 56 ....`p.~ ...1...V
- [00E0] 7B 1A 21 B6 BE 17 88 44 1B 15 08 50 B1 7C B5 0A {.!....D ...P.|..
- [00F0] FE D8 8E F6 13 C7 33 0B BA 6C 94 5C 26 2B A2 BB ......3. .l.\&+..
- [0100] FE 9B AE 77 0E 64 A2 82 8A 52 03 2A D3 7D CE F0 ...w.d.. .R.*.}..
- [0110] 5E 0B 9F 96 A2 50 FB BE 45 30 26 CC E7 19 1A 0D ^....P.. E0&.....
- [0120] E7 C3 20 DB 2D 88 80 4B A7 FC 4F F9 AF 93 91 68 .. .-..K ..O....h
- [0130] 8B 0C FE E1 08 63 39 88 42 41 AF 16 B2 94 97 6A .....c9. BA.....j
- [0140] 4C D0 E8 8D 72 CF 55 08 CF 69 1D 16 00 7E 94 04 L...r.U. .i...~..
- [0150] B5 CB 3E 4B EF DD CE E1 AA FD 1D 81 A1 5C FD C3 ..>K.... .....\..
- [0160] 1B 49 10 01 E8 44 F7 17 EE DC AA 21 50 AE 48 02 .I...D.. ...!P.H.
- [0170] 50 3D 11 E8 FE CE 43 B6 4A 1C 8F 33 A0 03 D8 E3 P=....C. J..3....
- [0180] 01 46 BA 84 B5 32 B2 D3 DB 8D 1C 92 36 53 CF 72 .F...2.. ....6S.r
- [0190] 6B 06 48 F3 BF 4E 03 6B C7 B0 93 CB 1A 8F 9E 49 k.H..N.k .......I
- [01A0] B6 FB 7A 02 0A 9E CA F2 6C C5 3A B4 C3 E8 8A 3F ..z..... l.:....?
- [01B0] 01 9B F2 4E A6 EE F1 DC 8A B2 01 2E 56 6B 41 94 ...N.... ....VkA.
- [01C0] CE 95 88 58 81 67 94 77 21 F1 6F 4A CA 9B 5A 8F ...X.g.w !.oJ..Z.
- [01D0] 28 1F 0D 4A FC 4B 24 B7 CD F8 30 B1 11 AF CF E8 (..J.K$. ..0.....
- [01E0] FC BB 8A 8D D3 08 40 C9 95 E2 99 18 E6 7D C8 E2 ......@. .....}..
- [01F0] 5E 9A 7A 95 A0 86 4F 5A CE F6 63 F3 BF DD C8 73 ^.z...OZ ..c....s
- [0200] 07 50 A0 4D .P.M
- lm_verifier : *
- lm_verifier: struct samr_Password
- hash : 7f47b3d59929a274c3f2c8753064aecd
- [2016/12/10 11:11:02.254140, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:1743(_samr_ChangePasswordUser2)
- _samr_ChangePasswordUser2: 1743
- [2016/12/10 11:11:02.254150, 5, pid=16107, effective(3003, 513), real(3003, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:1752(_samr_ChangePasswordUser2)
- _samr_ChangePasswordUser2: user: (null) wks: SIVIS
- [2016/12/10 11:11:02.254169, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
- push_sec_ctx(3003, 513) : sec_ctx_stack_ndx = 2
- [2016/12/10 11:11:02.254176, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/uid.c:491(push_conn_ctx)
- push_conn_ctx(8968) : conn_ctx_stack_ndx = 0
- [2016/12/10 11:11:02.254182, 4, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
- setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
- [2016/12/10 11:11:02.254187, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../libcli/security/security_token.c:53(security_token_debug)
- Security token: (NULL)
- [2016/12/10 11:11:02.254191, 5, pid=16107, effective(3003, 513), real(3003, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token)
- UNIX token of user 0
- Primary group is 0 and contains 0 supplementary groups
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement