Advertisement
Guest User

Untitled

a guest
Mar 13th, 2018
315
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.49 KB | None | 0 0
  1. [root@fdc ~]# KRB5_TRACE=/dev/stderr /usr/local/samba/bin/net ads -P kerberos pac dump impersonate=u_david@abc -d3
  2. lp_load_ex: refreshing parameters
  3. Initialising global parameters
  4. rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
  5. Processing section "[global]"
  6. Registered MSG_REQ_POOL_USAGE
  7. Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
  8. lp_load_ex: refreshing parameters
  9. Initialising global parameters
  10. rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
  11. Processing section "[global]"
  12. added interface ens33 ip=192.168.47.101 bcast=192.168.47.255 netmask=255.255.255.0
  13. [30408] 1520982922.787731: Getting initial credentials for FDC$@ACME.COM
  14. [30408] 1520982922.787733: Sending unauthenticated request
  15. [30408] 1520982922.787734: Sending request (233 bytes) to ACME.COM
  16. [30408] 1520982922.787735: Sending DNS URI query for _kerberos.ACME.COM.
  17. [30408] 1520982922.787736: No URI records found
  18. [30408] 1520982922.787737: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  19. [30408] 1520982922.787738: SRV answer: 0 100 88 "wdc.acme.com."
  20. [30408] 1520982922.787739: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  21. [30408] 1520982922.787740: SRV answer: 0 100 88 "wdc.acme.com."
  22. [30408] 1520982922.787741: Resolving hostname wdc.acme.com.
  23. [30408] 1520982922.787742: Sending initial UDP request to dgram 192.168.47.120:88
  24. [30408] 1520982922.787743: Received answer (88 bytes) from dgram 192.168.47.120:88
  25. [30408] 1520982922.787744: Sending DNS URI query for _kerberos.ACME.COM.
  26. [30408] 1520982922.787745: No URI records found
  27. [30408] 1520982922.787746: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
  28. [30408] 1520982922.787747: No SRV records found
  29. [30408] 1520982922.787748: Response was not from master KDC
  30. [30408] 1520982922.787749: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP
  31. [30408] 1520982922.787750: Request or response is too big for UDP; retrying with TCP
  32. [30408] 1520982922.787751: Sending request (233 bytes) to ACME.COM (tcp only)
  33. [30408] 1520982922.787752: Sending DNS URI query for _kerberos.ACME.COM.
  34. [30408] 1520982922.787753: No URI records found
  35. [30408] 1520982922.787754: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  36. [30408] 1520982922.787755: SRV answer: 0 100 88 "wdc.acme.com."
  37. [30408] 1520982922.787756: Resolving hostname wdc.acme.com.
  38. [30408] 1520982922.787757: Initiating TCP connection to stream 192.168.47.120:88
  39. [30408] 1520982922.787758: Sending TCP request to stream 192.168.47.120:88
  40. [30408] 1520982922.787759: Received answer (184 bytes) from stream 192.168.47.120:88
  41. [30408] 1520982922.787760: Terminating TCP connection to stream 192.168.47.120:88
  42. [30408] 1520982922.787761: Sending DNS URI query for _kerberos.ACME.COM.
  43. [30408] 1520982922.787762: No URI records found
  44. [30408] 1520982922.787763: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  45. [30408] 1520982922.787764: No SRV records found
  46. [30408] 1520982922.787765: Response was not from master KDC
  47. [30408] 1520982922.787766: Received error from KDC: -1765328359/Additional pre-authentication required
  48. [30408] 1520982922.787769: Preauthenticating using KDC method data
  49. [30408] 1520982922.787770: Processing preauth types: 16, 15, 19, 2
  50. [30408] 1520982922.787771: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
  51. [30408] 1520982922.787772: AS key obtained for encrypted timestamp: aes256-cts/EEEE
  52. [30408] 1520982922.787774: Encrypted timestamp (for 1520982930.100361): plain 301AA011180F32303138303331333233313533305AA1050203018809, encrypted F7E846E2A82820C2C7BA5CD4827BE8A292925662792B30EA5687DB9C4198C204C76B0E51539A2E368C088E52A51473334CB0A31335C8A986
  53. [30408] 1520982922.787775: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
  54. [30408] 1520982922.787776: Produced preauth for next request: 2
  55. [30408] 1520982922.787777: Sending request (313 bytes) to ACME.COM (tcp only)
  56. [30408] 1520982922.787778: Sending DNS URI query for _kerberos.ACME.COM.
  57. [30408] 1520982922.787779: No URI records found
  58. [30408] 1520982922.787780: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  59. [30408] 1520982922.787781: SRV answer: 0 100 88 "wdc.acme.com."
  60. [30408] 1520982922.787782: Resolving hostname wdc.acme.com.
  61. [30408] 1520982922.787783: Initiating TCP connection to stream 192.168.47.120:88
  62. [30408] 1520982922.787784: Sending TCP request to stream 192.168.47.120:88
  63. [30408] 1520982922.787785: Received answer (1411 bytes) from stream 192.168.47.120:88
  64. [30408] 1520982922.787786: Terminating TCP connection to stream 192.168.47.120:88
  65. [30408] 1520982922.787787: Sending DNS URI query for _kerberos.ACME.COM.
  66. [30408] 1520982922.787788: No URI records found
  67. [30408] 1520982922.787789: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  68. [30408] 1520982922.787790: No SRV records found
  69. [30408] 1520982922.787791: Response was not from master KDC
  70. [30408] 1520982922.787792: Processing preauth types: 19
  71. [30408] 1520982922.787793: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
  72. [30408] 1520982922.787794: Produced preauth for next request: (empty)
  73. [30408] 1520982922.787795: AS key determined by preauth: aes256-cts/EEEE
  74. [30408] 1520982922.787796: Decrypted AS reply; session key is: aes256-cts/A999
  75. [30408] 1520982922.787797: FAST negotiation: unavailable
  76. [30408] 1520982922.787798: Initializing MEMORY:kerberos_return_pac with default princ FDC$@ACME.COM
  77. [30408] 1520982922.787799: Storing FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
  78. [30408] 1520982922.787801: Getting credentials u_david\@abc@ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
  79. [30408] 1520982922.787802: Retrieving u_david\@abc@ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
  80. [30408] 1520982922.787803: Getting initial credentials for u_david\@abc@ACME.COM
  81. [30408] 1520982922.787805: Attempting optimistic preauth
  82. [30408] 1520982922.787806: Processing preauth types: 130
  83. [30408] 1520982922.787807: Sending unauthenticated request
  84. [30408] 1520982922.787808: Sending request (171 bytes) to ACME.COM
  85. [30408] 1520982922.787809: Sending DNS URI query for _kerberos.ACME.COM.
  86. [30408] 1520982922.787810: No URI records found
  87. [30408] 1520982922.787811: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  88. [30408] 1520982922.787812: SRV answer: 0 100 88 "wdc.acme.com."
  89. [30408] 1520982922.787813: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  90. [30408] 1520982922.787814: SRV answer: 0 100 88 "wdc.acme.com."
  91. [30408] 1520982922.787815: Resolving hostname wdc.acme.com.
  92. [30408] 1520982922.787816: Sending initial UDP request to dgram 192.168.47.120:88
  93. [30408] 1520982922.787817: Received answer (105 bytes) from dgram 192.168.47.120:88
  94. [30408] 1520982922.787818: Sending DNS URI query for _kerberos.ACME.COM.
  95. [30408] 1520982922.787819: No URI records found
  96. [30408] 1520982922.787820: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
  97. [30408] 1520982922.787821: No SRV records found
  98. [30408] 1520982922.787822: Response was not from master KDC
  99. [30408] 1520982922.787823: Received error from KDC: -1765328316/Realm not local to KDC
  100. [30408] 1520982922.787824: Following referral to realm CDOM.ACME.COM
  101. [30408] 1520982922.787826: Attempting optimistic preauth
  102. [30408] 1520982922.787827: Processing preauth types: 130
  103. [30408] 1520982922.787828: Sending unauthenticated request
  104. [30408] 1520982922.787829: Sending request (181 bytes) to CDOM.ACME.COM
  105. [30408] 1520982922.787830: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  106. [30408] 1520982922.787831: No URI records found
  107. [30408] 1520982922.787832: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
  108. [30408] 1520982922.787833: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  109. [30408] 1520982922.787834: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
  110. [30408] 1520982922.787835: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  111. [30408] 1520982922.787836: Resolving hostname wsub.cdom.acme.com.
  112. [30408] 1520982922.787837: Sending initial UDP request to dgram 192.168.47.110:88
  113. [30408] 1520982922.787838: Received answer (188 bytes) from dgram 192.168.47.110:88
  114. [30408] 1520982922.787839: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  115. [30408] 1520982922.787840: No URI records found
  116. [30408] 1520982922.787841: Sending DNS SRV query for _kerberos-master._udp.CDOM.ACME.COM.
  117. [30408] 1520982922.787842: No SRV records found
  118. [30408] 1520982922.787843: Response was not from master KDC
  119. [30408] 1520982922.787844: Received error from KDC: -1765328359/Additional pre-authentication required
  120. [30408] 1520982922.787847: Preauthenticating using KDC method data
  121. [30408] 1520982922.787848: Processing preauth types: 16, 15, 19, 2
  122. [30408] 1520982922.787849: Selected etype info: etype aes256-cts, salt "CDOM.ACME.COMdavid", params ""
  123. [30408] 1520982922.787850: Preauth module encrypted_timestamp (2) (real) returned: -1765328174/Generic preauthentication failure
  124. [30408] 1520982922.787851: Getting credentials u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
  125. [30408] 1520982922.787852: Retrieving u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
  126. [30408] 1520982922.787853: Getting credentials FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM using ccache MEMORY:kerberos_return_pac
  127. [30408] 1520982922.787854: Retrieving FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
  128. [30408] 1520982922.787855: Retrieving FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: 0/Success
  129. [30408] 1520982922.787856: Starting with TGT for client realm: FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM
  130. [30408] 1520982922.787857: Requesting tickets for krbtgt/CDOM.ACME.COM@ACME.COM, referrals on
  131. [30408] 1520982922.787858: Generated subkey for TGS request: aes256-cts/87D9
  132. [30408] 1520982922.787859: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
  133. [30408] 1520982922.787861: Encoding request body and padata into FAST request
  134. [30408] 1520982922.787862: Sending request (1625 bytes) to ACME.COM
  135. [30408] 1520982922.787863: Sending DNS URI query for _kerberos.ACME.COM.
  136. [30408] 1520982922.787864: No URI records found
  137. [30408] 1520982922.787865: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  138. [30408] 1520982922.787866: SRV answer: 0 100 88 "wdc.acme.com."
  139. [30408] 1520982922.787867: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  140. [30408] 1520982922.787868: SRV answer: 0 100 88 "wdc.acme.com."
  141. [30408] 1520982922.787869: Resolving hostname wdc.acme.com.
  142. [30408] 1520982922.787870: Resolving hostname wdc.acme.com.
  143. [30408] 1520982922.787871: Initiating TCP connection to stream 192.168.47.120:88
  144. [30408] 1520982922.787872: Sending TCP request to stream 192.168.47.120:88
  145. [30408] 1520982922.787873: Received answer (1278 bytes) from stream 192.168.47.120:88
  146. [30408] 1520982922.787874: Terminating TCP connection to stream 192.168.47.120:88
  147. [30408] 1520982922.787875: Sending DNS URI query for _kerberos.ACME.COM.
  148. [30408] 1520982922.787876: No URI records found
  149. [30408] 1520982922.787877: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  150. [30408] 1520982922.787878: No SRV records found
  151. [30408] 1520982922.787879: Response was not from master KDC
  152. [30408] 1520982922.787880: Decoding FAST response
  153. [30408] 1520982922.787881: TGS reply is for FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM with session key rc4-hmac/2577
  154. [30408] 1520982922.787882: TGS request result: 0/Success
  155. [30408] 1520982922.787883: Received creds for desired service krbtgt/CDOM.ACME.COM@ACME.COM
  156. [30408] 1520982922.787884: Storing FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
  157. [30408] 1520982922.787885: Get cred via TGT krbtgt/CDOM.ACME.COM@ACME.COM after requesting FDC$\@ACME.COM@CDOM.ACME.COM (canonicalize on)
  158. [30408] 1520982922.787886: Generated subkey for TGS request: rc4-hmac/423E
  159. [30408] 1520982922.787887: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
  160. [30408] 1520982922.787889: Encoding request body and padata into FAST request
  161. [30408] 1520982922.787890: Sending request (1980 bytes) to CDOM.ACME.COM
  162. [30408] 1520982922.787891: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  163. [30408] 1520982922.787892: No URI records found
  164. [30408] 1520982922.787893: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
  165. [30408] 1520982922.787894: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  166. [30408] 1520982922.787895: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
  167. [30408] 1520982922.787896: SRV answer: 0 100 88 "wsub.cdom.acme.com."
  168. [30408] 1520982922.787897: Resolving hostname wsub.cdom.acme.com.
  169. [30408] 1520982922.787898: Resolving hostname wsub.cdom.acme.com.
  170. [30408] 1520982922.787899: Initiating TCP connection to stream 192.168.47.110:88
  171. [30408] 1520982922.787900: Sending TCP request to stream 192.168.47.110:88
  172. [30408] 1520982922.787901: Received answer (1466 bytes) from stream 192.168.47.110:88
  173. [30408] 1520982922.787902: Terminating TCP connection to stream 192.168.47.110:88
  174. [30408] 1520982922.787903: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
  175. [30408] 1520982922.787904: No URI records found
  176. [30408] 1520982922.787905: Sending DNS SRV query for _kerberos-master._tcp.CDOM.ACME.COM.
  177. [30408] 1520982922.787906: No SRV records found
  178. [30408] 1520982922.787907: Response was not from master KDC
  179. [30408] 1520982922.787908: Decoding FAST response
  180. [30408] 1520982922.787909: Reply server krbtgt/ACME.COM@CDOM.ACME.COM differs from requested FDC$\@ACME.COM@CDOM.ACME.COM
  181. [30408] 1520982922.787910: TGS reply is for FDC$@ACME.COM -> krbtgt/ACME.COM@CDOM.ACME.COM with session key rc4-hmac/9670
  182. [30408] 1520982922.787911: Got cred; 0/Success
  183. [30408] 1520982922.787912: Get cred via TGT krbtgt/ACME.COM@CDOM.ACME.COM after requesting FDC$@ACME.COM (canonicalize on)
  184. [30408] 1520982922.787913: Generated subkey for TGS request: rc4-hmac/3246
  185. [30408] 1520982922.787914: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
  186. [30408] 1520982922.787916: Encoding request body and padata into FAST request
  187. [30408] 1520982922.787917: Sending request (2016 bytes) to ACME.COM
  188. [30408] 1520982922.787918: Sending DNS URI query for _kerberos.ACME.COM.
  189. [30408] 1520982922.787919: No URI records found
  190. [30408] 1520982922.787920: Sending DNS SRV query for _kerberos._udp.ACME.COM.
  191. [30408] 1520982922.787921: SRV answer: 0 100 88 "wdc.acme.com."
  192. [30408] 1520982922.787922: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
  193. [30408] 1520982922.787923: SRV answer: 0 100 88 "wdc.acme.com."
  194. [30408] 1520982922.787924: Resolving hostname wdc.acme.com.
  195. [30408] 1520982922.787925: Resolving hostname wdc.acme.com.
  196. [30408] 1520982922.787926: Initiating TCP connection to stream 192.168.47.120:88
  197. [30408] 1520982922.787927: Sending TCP request to stream 192.168.47.120:88
  198. [30408] 1520982922.787928: Received answer (1430 bytes) from stream 192.168.47.120:88
  199. [30408] 1520982922.787929: Terminating TCP connection to stream 192.168.47.120:88
  200. [30408] 1520982922.787930: Sending DNS URI query for _kerberos.ACME.COM.
  201. [30408] 1520982922.787931: No URI records found
  202. [30408] 1520982922.787932: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
  203. [30408] 1520982922.787933: No SRV records found
  204. [30408] 1520982922.787934: Response was not from master KDC
  205. [30408] 1520982922.787935: Decoding FAST response
  206. [30408] 1520982922.787936: TGS reply is for u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM with session key aes256-cts/ECC7
  207. [30408] 1520982922.787937: Got cred; 0/Success
  208. [30408] 1520982922.787938: Storing u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM in MEMORY:kerberos_return_pac
  209. ads_cleanup_expired_creds: Ticket in ccache[MEMORY:kerberos_return_pac] expiration Wed, 14 Mar 2018 11:15:30 IST
  210. [30408] 1520982922.787941: Creating authenticator for u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, seqnum 0, subkey aes256-cts/B202, session key aes256-cts/ECC7
  211. GENSEC backend 'gssapi_spnego' registered
  212. GENSEC backend 'gssapi_krb5' registered
  213. GENSEC backend 'gssapi_krb5_sasl' registered
  214. GENSEC backend 'spnego' registered
  215. GENSEC backend 'schannel' registered
  216. GENSEC backend 'naclrpc_as_system' registered
  217. GENSEC backend 'sasl-EXTERNAL' registered
  218. GENSEC backend 'ntlmssp' registered
  219. GENSEC backend 'ntlmssp_resume_ccache' registered
  220. GENSEC backend 'http_basic' registered
  221. GENSEC backend 'http_ntlm' registered
  222. GENSEC backend 'http_negotiate' registered
  223. [30408] 1520982922.787947: Decrypted AP-REQ with server principal FDC$@ACME.COM: aes256-cts/EEEE
  224. [30408] 1520982922.787948: AP-REQ ticket: u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, session key aes256-cts/ECC7
  225. [30408] 1520982922.787949: Negotiated enctype based on authenticator: aes256-cts
  226. [30408] 1520982922.787950: Authenticator contains subkey: aes256-cts/B202
  227. Found account name from PAC: s_david [disn_david]
  228. [30408] 1520982922.787958: Destroying ccache MEMORY:kerberos_return_pac
  229. The Pac: pac_data_ctr->pac_data: struct PAC_DATA
  230. num_buffers : 0x00000005 (5)
  231. version : 0x00000000 (0)
  232. buffers: ARRAY(5)
  233. buffers: struct PAC_BUFFER
  234. type : PAC_TYPE_LOGON_INFO (1)
  235. _ndr_size : 0x000001a8 (424)
  236. info : *
  237. info : union PAC_INFO(case 1)
  238. logon_info: struct PAC_LOGON_INFO_CTR
  239. info : *
  240. info: struct PAC_LOGON_INFO
  241. info3: struct netr_SamInfo3
  242. base: struct netr_SamBaseInfo
  243. logon_time : Fri Mar 9 08:52:28 PM 2018 IST
  244. logoff_time : Thu Sep 14 04:48:05 AM 30828 IST
  245. kickoff_time : Thu Sep 14 04:48:05 AM 30828 IST
  246. last_password_change : Fri Mar 9 06:19:54 PM 2018 IST
  247. allow_password_change : Fri Mar 9 06:19:54 PM 2018 IST
  248. force_password_change : Thu Sep 14 04:48:05 AM 30828 IST
  249. account_name: struct lsa_String
  250. length : 0x000e (14)
  251. size : 0x000e (14)
  252. string : *
  253. string : 's_david'
  254. full_name: struct lsa_String
  255. length : 0x0014 (20)
  256. size : 0x0014 (20)
  257. string : *
  258. string : 'disn_david'
  259. logon_script: struct lsa_String
  260. length : 0x0000 (0)
  261. size : 0x0000 (0)
  262. string : *
  263. string : ''
  264. profile_path: struct lsa_String
  265. length : 0x0000 (0)
  266. size : 0x0000 (0)
  267. string : *
  268. string : ''
  269. home_directory: struct lsa_String
  270. length : 0x0000 (0)
  271. size : 0x0000 (0)
  272. string : *
  273. string : ''
  274. home_drive: struct lsa_String
  275. length : 0x0000 (0)
  276. size : 0x0000 (0)
  277. string : *
  278. string : ''
  279. logon_count : 0x0006 (6)
  280. bad_password_count : 0x0000 (0)
  281. rid : 0x00000451 (1105)
  282. primary_gid : 0x00000201 (513)
  283. groups: struct samr_RidWithAttributeArray
  284. count : 0x00000001 (1)
  285. rids : *
  286. rids: ARRAY(1)
  287. rids: struct samr_RidWithAttribute
  288. rid : 0x00000201 (513)
  289. attributes : 0x00000007 (7)
  290. 1: SE_GROUP_MANDATORY
  291. 1: SE_GROUP_ENABLED_BY_DEFAULT
  292. 1: SE_GROUP_ENABLED
  293. 0: SE_GROUP_OWNER
  294. 0: SE_GROUP_USE_FOR_DENY_ONLY
  295. 0: SE_GROUP_RESOURCE
  296. 0x00: SE_GROUP_LOGON_ID (0)
  297. user_flags : 0x00000020 (32)
  298. 0: NETLOGON_GUEST
  299. 0: NETLOGON_NOENCRYPTION
  300. 0: NETLOGON_CACHED_ACCOUNT
  301. 0: NETLOGON_USED_LM_PASSWORD
  302. 1: NETLOGON_EXTRA_SIDS
  303. 0: NETLOGON_SUBAUTH_SESSION_KEY
  304. 0: NETLOGON_SERVER_TRUST_ACCOUNT
  305. 0: NETLOGON_NTLMV2_ENABLED
  306. 0: NETLOGON_RESOURCE_GROUPS
  307. 0: NETLOGON_PROFILE_PATH_RETURNED
  308. 0: NETLOGON_GRACE_LOGON
  309. key: struct netr_UserSessionKey
  310. key: ARRAY(16): <REDACTED SECRET VALUES>
  311. logon_server: struct lsa_StringLarge
  312. length : 0x0008 (8)
  313. size : 0x000a (10)
  314. string : *
  315. string : 'WSUB'
  316. logon_domain: struct lsa_StringLarge
  317. length : 0x0008 (8)
  318. size : 0x000a (10)
  319. string : *
  320. string : 'CDOM'
  321. domain_sid : *
  322. domain_sid : S-1-5-21-3495176760-3063979438-1681964479
  323. LMSessKey: struct netr_LMSessionKey
  324. key: ARRAY(8): <REDACTED SECRET VALUES>
  325. acct_flags : 0x00000210 (528)
  326. 0: ACB_DISABLED
  327. 0: ACB_HOMDIRREQ
  328. 0: ACB_PWNOTREQ
  329. 0: ACB_TEMPDUP
  330. 1: ACB_NORMAL
  331. 0: ACB_MNS
  332. 0: ACB_DOMTRUST
  333. 0: ACB_WSTRUST
  334. 0: ACB_SVRTRUST
  335. 1: ACB_PWNOEXP
  336. 0: ACB_AUTOLOCK
  337. 0: ACB_ENC_TXT_PWD_ALLOWED
  338. 0: ACB_SMARTCARD_REQUIRED
  339. 0: ACB_TRUSTED_FOR_DELEGATION
  340. 0: ACB_NOT_DELEGATED
  341. 0: ACB_USE_DES_KEY_ONLY
  342. 0: ACB_DONT_REQUIRE_PREAUTH
  343. 0: ACB_PW_EXPIRED
  344. 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
  345. 0: ACB_NO_AUTH_DATA_REQD
  346. 0: ACB_PARTIAL_SECRETS_ACCOUNT
  347. 0: ACB_USE_AES_KEYS
  348. sub_auth_status : 0x00000000 (0)
  349. last_successful_logon : NTTIME(0)
  350. last_failed_logon : NTTIME(0)
  351. failed_logon_count : 0x00000000 (0)
  352. reserved : 0x00000000 (0)
  353. sidcount : 0x00000000 (0)
  354. sids : NULL
  355. resource_groups: struct PAC_DOMAIN_GROUP_MEMBERSHIP
  356. domain_sid : NULL
  357. groups: struct samr_RidWithAttributeArray
  358. count : 0x00000000 (0)
  359. rids : NULL
  360. _pad : 0x00000000 (0)
  361. buffers: struct PAC_BUFFER
  362. type : PAC_TYPE_UPN_DNS_INFO (12)
  363. _ndr_size : 0x00000048 (72)
  364. info : *
  365. info : union PAC_INFO(case 12)
  366. upn_dns_info: struct PAC_UPN_DNS_INFO
  367. upn_name_size : 0x0016 (22)
  368. upn_name : *
  369. upn_name : 'u_david@abc'
  370. dns_domain_name_size : 0x001a (26)
  371. dns_domain_name : *
  372. dns_domain_name : 'CDOM.ACME.COM'
  373. flags : 0x00000000 (0)
  374. 0: PAC_UPN_DNS_FLAG_CONSTRUCTED
  375. _pad : 0x00000000 (0)
  376. buffers: struct PAC_BUFFER
  377. type : PAC_TYPE_SRV_CHECKSUM (6)
  378. _ndr_size : 0x00000010 (16)
  379. info : *
  380. info : union PAC_INFO(case 6)
  381. srv_cksum: struct PAC_SIGNATURE_DATA
  382. type : 0x00000010 (16)
  383. signature : DATA_BLOB length=12
  384. [0000] FE DE 72 77 22 30 1F 48 8B 9E 99 B2 ..rw"0.H ....
  385. _pad : 0x00000000 (0)
  386. buffers: struct PAC_BUFFER
  387. type : PAC_TYPE_KDC_CHECKSUM (7)
  388. _ndr_size : 0x00000014 (20)
  389. info : *
  390. info : union PAC_INFO(case 7)
  391. kdc_cksum: struct PAC_SIGNATURE_DATA
  392. type : 0xffffff76 (4294967158)
  393. signature : DATA_BLOB length=16
  394. [0000] C9 29 6A 4D D9 BE 18 33 DC 43 26 78 08 D8 8C 59 .)jM...3 .C&x...Y
  395. _pad : 0x00000000 (0)
  396. buffers: struct PAC_BUFFER
  397. type : PAC_TYPE_LOGON_NAME (10)
  398. _ndr_size : 0x00000020 (32)
  399. info : *
  400. info : union PAC_INFO(case 10)
  401. logon_name: struct PAC_LOGON_NAME
  402. logon_time : Wed Mar 14 01:15:30 AM 2018 IST
  403. size : 0x0016 (22)
  404. account_name : 'u_david@abc'
  405. _pad : 0x00000000 (0)
  406.  
  407. return code = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement