Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@fdc ~]# KRB5_TRACE=/dev/stderr /usr/local/samba/bin/net ads -P kerberos pac dump impersonate=u_david@abc -d3
- lp_load_ex: refreshing parameters
- Initialising global parameters
- rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
- Processing section "[global]"
- Registered MSG_REQ_POOL_USAGE
- Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
- lp_load_ex: refreshing parameters
- Initialising global parameters
- rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
- Processing section "[global]"
- added interface ens33 ip=192.168.47.101 bcast=192.168.47.255 netmask=255.255.255.0
- [30408] 1520982922.787731: Getting initial credentials for FDC$@ACME.COM
- [30408] 1520982922.787733: Sending unauthenticated request
- [30408] 1520982922.787734: Sending request (233 bytes) to ACME.COM
- [30408] 1520982922.787735: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787736: No URI records found
- [30408] 1520982922.787737: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [30408] 1520982922.787738: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787739: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [30408] 1520982922.787740: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787741: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787742: Sending initial UDP request to dgram 192.168.47.120:88
- [30408] 1520982922.787743: Received answer (88 bytes) from dgram 192.168.47.120:88
- [30408] 1520982922.787744: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787745: No URI records found
- [30408] 1520982922.787746: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
- [30408] 1520982922.787747: No SRV records found
- [30408] 1520982922.787748: Response was not from master KDC
- [30408] 1520982922.787749: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP
- [30408] 1520982922.787750: Request or response is too big for UDP; retrying with TCP
- [30408] 1520982922.787751: Sending request (233 bytes) to ACME.COM (tcp only)
- [30408] 1520982922.787752: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787753: No URI records found
- [30408] 1520982922.787754: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [30408] 1520982922.787755: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787756: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787757: Initiating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787758: Sending TCP request to stream 192.168.47.120:88
- [30408] 1520982922.787759: Received answer (184 bytes) from stream 192.168.47.120:88
- [30408] 1520982922.787760: Terminating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787761: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787762: No URI records found
- [30408] 1520982922.787763: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [30408] 1520982922.787764: No SRV records found
- [30408] 1520982922.787765: Response was not from master KDC
- [30408] 1520982922.787766: Received error from KDC: -1765328359/Additional pre-authentication required
- [30408] 1520982922.787769: Preauthenticating using KDC method data
- [30408] 1520982922.787770: Processing preauth types: 16, 15, 19, 2
- [30408] 1520982922.787771: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
- [30408] 1520982922.787772: AS key obtained for encrypted timestamp: aes256-cts/EEEE
- [30408] 1520982922.787774: Encrypted timestamp (for 1520982930.100361): plain 301AA011180F32303138303331333233313533305AA1050203018809, encrypted F7E846E2A82820C2C7BA5CD4827BE8A292925662792B30EA5687DB9C4198C204C76B0E51539A2E368C088E52A51473334CB0A31335C8A986
- [30408] 1520982922.787775: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
- [30408] 1520982922.787776: Produced preauth for next request: 2
- [30408] 1520982922.787777: Sending request (313 bytes) to ACME.COM (tcp only)
- [30408] 1520982922.787778: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787779: No URI records found
- [30408] 1520982922.787780: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [30408] 1520982922.787781: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787782: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787783: Initiating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787784: Sending TCP request to stream 192.168.47.120:88
- [30408] 1520982922.787785: Received answer (1411 bytes) from stream 192.168.47.120:88
- [30408] 1520982922.787786: Terminating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787787: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787788: No URI records found
- [30408] 1520982922.787789: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [30408] 1520982922.787790: No SRV records found
- [30408] 1520982922.787791: Response was not from master KDC
- [30408] 1520982922.787792: Processing preauth types: 19
- [30408] 1520982922.787793: Selected etype info: etype aes256-cts, salt "ACME.COMhostfdc.acme.com", params ""
- [30408] 1520982922.787794: Produced preauth for next request: (empty)
- [30408] 1520982922.787795: AS key determined by preauth: aes256-cts/EEEE
- [30408] 1520982922.787796: Decrypted AS reply; session key is: aes256-cts/A999
- [30408] 1520982922.787797: FAST negotiation: unavailable
- [30408] 1520982922.787798: Initializing MEMORY:kerberos_return_pac with default princ FDC$@ACME.COM
- [30408] 1520982922.787799: Storing FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
- [30408] 1520982922.787801: Getting credentials u_david\@abc@ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
- [30408] 1520982922.787802: Retrieving u_david\@abc@ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
- [30408] 1520982922.787803: Getting initial credentials for u_david\@abc@ACME.COM
- [30408] 1520982922.787805: Attempting optimistic preauth
- [30408] 1520982922.787806: Processing preauth types: 130
- [30408] 1520982922.787807: Sending unauthenticated request
- [30408] 1520982922.787808: Sending request (171 bytes) to ACME.COM
- [30408] 1520982922.787809: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787810: No URI records found
- [30408] 1520982922.787811: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [30408] 1520982922.787812: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787813: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [30408] 1520982922.787814: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787815: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787816: Sending initial UDP request to dgram 192.168.47.120:88
- [30408] 1520982922.787817: Received answer (105 bytes) from dgram 192.168.47.120:88
- [30408] 1520982922.787818: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787819: No URI records found
- [30408] 1520982922.787820: Sending DNS SRV query for _kerberos-master._udp.ACME.COM.
- [30408] 1520982922.787821: No SRV records found
- [30408] 1520982922.787822: Response was not from master KDC
- [30408] 1520982922.787823: Received error from KDC: -1765328316/Realm not local to KDC
- [30408] 1520982922.787824: Following referral to realm CDOM.ACME.COM
- [30408] 1520982922.787826: Attempting optimistic preauth
- [30408] 1520982922.787827: Processing preauth types: 130
- [30408] 1520982922.787828: Sending unauthenticated request
- [30408] 1520982922.787829: Sending request (181 bytes) to CDOM.ACME.COM
- [30408] 1520982922.787830: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [30408] 1520982922.787831: No URI records found
- [30408] 1520982922.787832: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
- [30408] 1520982922.787833: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [30408] 1520982922.787834: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
- [30408] 1520982922.787835: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [30408] 1520982922.787836: Resolving hostname wsub.cdom.acme.com.
- [30408] 1520982922.787837: Sending initial UDP request to dgram 192.168.47.110:88
- [30408] 1520982922.787838: Received answer (188 bytes) from dgram 192.168.47.110:88
- [30408] 1520982922.787839: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [30408] 1520982922.787840: No URI records found
- [30408] 1520982922.787841: Sending DNS SRV query for _kerberos-master._udp.CDOM.ACME.COM.
- [30408] 1520982922.787842: No SRV records found
- [30408] 1520982922.787843: Response was not from master KDC
- [30408] 1520982922.787844: Received error from KDC: -1765328359/Additional pre-authentication required
- [30408] 1520982922.787847: Preauthenticating using KDC method data
- [30408] 1520982922.787848: Processing preauth types: 16, 15, 19, 2
- [30408] 1520982922.787849: Selected etype info: etype aes256-cts, salt "CDOM.ACME.COMdavid", params ""
- [30408] 1520982922.787850: Preauth module encrypted_timestamp (2) (real) returned: -1765328174/Generic preauthentication failure
- [30408] 1520982922.787851: Getting credentials u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM using ccache MEMORY:kerberos_return_pac
- [30408] 1520982922.787852: Retrieving u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
- [30408] 1520982922.787853: Getting credentials FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM using ccache MEMORY:kerberos_return_pac
- [30408] 1520982922.787854: Retrieving FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: -1765328243/Matching credential not found
- [30408] 1520982922.787855: Retrieving FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM from MEMORY:kerberos_return_pac with result: 0/Success
- [30408] 1520982922.787856: Starting with TGT for client realm: FDC$@ACME.COM -> krbtgt/ACME.COM@ACME.COM
- [30408] 1520982922.787857: Requesting tickets for krbtgt/CDOM.ACME.COM@ACME.COM, referrals on
- [30408] 1520982922.787858: Generated subkey for TGS request: aes256-cts/87D9
- [30408] 1520982922.787859: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
- [30408] 1520982922.787861: Encoding request body and padata into FAST request
- [30408] 1520982922.787862: Sending request (1625 bytes) to ACME.COM
- [30408] 1520982922.787863: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787864: No URI records found
- [30408] 1520982922.787865: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [30408] 1520982922.787866: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787867: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [30408] 1520982922.787868: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787869: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787870: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787871: Initiating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787872: Sending TCP request to stream 192.168.47.120:88
- [30408] 1520982922.787873: Received answer (1278 bytes) from stream 192.168.47.120:88
- [30408] 1520982922.787874: Terminating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787875: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787876: No URI records found
- [30408] 1520982922.787877: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [30408] 1520982922.787878: No SRV records found
- [30408] 1520982922.787879: Response was not from master KDC
- [30408] 1520982922.787880: Decoding FAST response
- [30408] 1520982922.787881: TGS reply is for FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM with session key rc4-hmac/2577
- [30408] 1520982922.787882: TGS request result: 0/Success
- [30408] 1520982922.787883: Received creds for desired service krbtgt/CDOM.ACME.COM@ACME.COM
- [30408] 1520982922.787884: Storing FDC$@ACME.COM -> krbtgt/CDOM.ACME.COM@ACME.COM in MEMORY:kerberos_return_pac
- [30408] 1520982922.787885: Get cred via TGT krbtgt/CDOM.ACME.COM@ACME.COM after requesting FDC$\@ACME.COM@CDOM.ACME.COM (canonicalize on)
- [30408] 1520982922.787886: Generated subkey for TGS request: rc4-hmac/423E
- [30408] 1520982922.787887: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
- [30408] 1520982922.787889: Encoding request body and padata into FAST request
- [30408] 1520982922.787890: Sending request (1980 bytes) to CDOM.ACME.COM
- [30408] 1520982922.787891: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [30408] 1520982922.787892: No URI records found
- [30408] 1520982922.787893: Sending DNS SRV query for _kerberos._udp.CDOM.ACME.COM.
- [30408] 1520982922.787894: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [30408] 1520982922.787895: Sending DNS SRV query for _kerberos._tcp.CDOM.ACME.COM.
- [30408] 1520982922.787896: SRV answer: 0 100 88 "wsub.cdom.acme.com."
- [30408] 1520982922.787897: Resolving hostname wsub.cdom.acme.com.
- [30408] 1520982922.787898: Resolving hostname wsub.cdom.acme.com.
- [30408] 1520982922.787899: Initiating TCP connection to stream 192.168.47.110:88
- [30408] 1520982922.787900: Sending TCP request to stream 192.168.47.110:88
- [30408] 1520982922.787901: Received answer (1466 bytes) from stream 192.168.47.110:88
- [30408] 1520982922.787902: Terminating TCP connection to stream 192.168.47.110:88
- [30408] 1520982922.787903: Sending DNS URI query for _kerberos.CDOM.ACME.COM.
- [30408] 1520982922.787904: No URI records found
- [30408] 1520982922.787905: Sending DNS SRV query for _kerberos-master._tcp.CDOM.ACME.COM.
- [30408] 1520982922.787906: No SRV records found
- [30408] 1520982922.787907: Response was not from master KDC
- [30408] 1520982922.787908: Decoding FAST response
- [30408] 1520982922.787909: Reply server krbtgt/ACME.COM@CDOM.ACME.COM differs from requested FDC$\@ACME.COM@CDOM.ACME.COM
- [30408] 1520982922.787910: TGS reply is for FDC$@ACME.COM -> krbtgt/ACME.COM@CDOM.ACME.COM with session key rc4-hmac/9670
- [30408] 1520982922.787911: Got cred; 0/Success
- [30408] 1520982922.787912: Get cred via TGT krbtgt/ACME.COM@CDOM.ACME.COM after requesting FDC$@ACME.COM (canonicalize on)
- [30408] 1520982922.787913: Generated subkey for TGS request: rc4-hmac/3246
- [30408] 1520982922.787914: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
- [30408] 1520982922.787916: Encoding request body and padata into FAST request
- [30408] 1520982922.787917: Sending request (2016 bytes) to ACME.COM
- [30408] 1520982922.787918: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787919: No URI records found
- [30408] 1520982922.787920: Sending DNS SRV query for _kerberos._udp.ACME.COM.
- [30408] 1520982922.787921: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787922: Sending DNS SRV query for _kerberos._tcp.ACME.COM.
- [30408] 1520982922.787923: SRV answer: 0 100 88 "wdc.acme.com."
- [30408] 1520982922.787924: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787925: Resolving hostname wdc.acme.com.
- [30408] 1520982922.787926: Initiating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787927: Sending TCP request to stream 192.168.47.120:88
- [30408] 1520982922.787928: Received answer (1430 bytes) from stream 192.168.47.120:88
- [30408] 1520982922.787929: Terminating TCP connection to stream 192.168.47.120:88
- [30408] 1520982922.787930: Sending DNS URI query for _kerberos.ACME.COM.
- [30408] 1520982922.787931: No URI records found
- [30408] 1520982922.787932: Sending DNS SRV query for _kerberos-master._tcp.ACME.COM.
- [30408] 1520982922.787933: No SRV records found
- [30408] 1520982922.787934: Response was not from master KDC
- [30408] 1520982922.787935: Decoding FAST response
- [30408] 1520982922.787936: TGS reply is for u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM with session key aes256-cts/ECC7
- [30408] 1520982922.787937: Got cred; 0/Success
- [30408] 1520982922.787938: Storing u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM in MEMORY:kerberos_return_pac
- ads_cleanup_expired_creds: Ticket in ccache[MEMORY:kerberos_return_pac] expiration Wed, 14 Mar 2018 11:15:30 IST
- [30408] 1520982922.787941: Creating authenticator for u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, seqnum 0, subkey aes256-cts/B202, session key aes256-cts/ECC7
- GENSEC backend 'gssapi_spnego' registered
- GENSEC backend 'gssapi_krb5' registered
- GENSEC backend 'gssapi_krb5_sasl' registered
- GENSEC backend 'spnego' registered
- GENSEC backend 'schannel' registered
- GENSEC backend 'naclrpc_as_system' registered
- GENSEC backend 'sasl-EXTERNAL' registered
- GENSEC backend 'ntlmssp' registered
- GENSEC backend 'ntlmssp_resume_ccache' registered
- GENSEC backend 'http_basic' registered
- GENSEC backend 'http_ntlm' registered
- GENSEC backend 'http_negotiate' registered
- [30408] 1520982922.787947: Decrypted AP-REQ with server principal FDC$@ACME.COM: aes256-cts/EEEE
- [30408] 1520982922.787948: AP-REQ ticket: u_david\@abc@CDOM.ACME.COM -> FDC$@ACME.COM, session key aes256-cts/ECC7
- [30408] 1520982922.787949: Negotiated enctype based on authenticator: aes256-cts
- [30408] 1520982922.787950: Authenticator contains subkey: aes256-cts/B202
- Found account name from PAC: s_david [disn_david]
- [30408] 1520982922.787958: Destroying ccache MEMORY:kerberos_return_pac
- The Pac: pac_data_ctr->pac_data: struct PAC_DATA
- num_buffers : 0x00000005 (5)
- version : 0x00000000 (0)
- buffers: ARRAY(5)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_LOGON_INFO (1)
- _ndr_size : 0x000001a8 (424)
- info : *
- info : union PAC_INFO(case 1)
- logon_info: struct PAC_LOGON_INFO_CTR
- info : *
- info: struct PAC_LOGON_INFO
- info3: struct netr_SamInfo3
- base: struct netr_SamBaseInfo
- logon_time : Fri Mar 9 08:52:28 PM 2018 IST
- logoff_time : Thu Sep 14 04:48:05 AM 30828 IST
- kickoff_time : Thu Sep 14 04:48:05 AM 30828 IST
- last_password_change : Fri Mar 9 06:19:54 PM 2018 IST
- allow_password_change : Fri Mar 9 06:19:54 PM 2018 IST
- force_password_change : Thu Sep 14 04:48:05 AM 30828 IST
- account_name: struct lsa_String
- length : 0x000e (14)
- size : 0x000e (14)
- string : *
- string : 's_david'
- full_name: struct lsa_String
- length : 0x0014 (20)
- size : 0x0014 (20)
- string : *
- string : 'disn_david'
- logon_script: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- profile_path: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- home_directory: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- home_drive: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- logon_count : 0x0006 (6)
- bad_password_count : 0x0000 (0)
- rid : 0x00000451 (1105)
- primary_gid : 0x00000201 (513)
- groups: struct samr_RidWithAttributeArray
- count : 0x00000001 (1)
- rids : *
- rids: ARRAY(1)
- rids: struct samr_RidWithAttribute
- rid : 0x00000201 (513)
- attributes : 0x00000007 (7)
- 1: SE_GROUP_MANDATORY
- 1: SE_GROUP_ENABLED_BY_DEFAULT
- 1: SE_GROUP_ENABLED
- 0: SE_GROUP_OWNER
- 0: SE_GROUP_USE_FOR_DENY_ONLY
- 0: SE_GROUP_RESOURCE
- 0x00: SE_GROUP_LOGON_ID (0)
- user_flags : 0x00000020 (32)
- 0: NETLOGON_GUEST
- 0: NETLOGON_NOENCRYPTION
- 0: NETLOGON_CACHED_ACCOUNT
- 0: NETLOGON_USED_LM_PASSWORD
- 1: NETLOGON_EXTRA_SIDS
- 0: NETLOGON_SUBAUTH_SESSION_KEY
- 0: NETLOGON_SERVER_TRUST_ACCOUNT
- 0: NETLOGON_NTLMV2_ENABLED
- 0: NETLOGON_RESOURCE_GROUPS
- 0: NETLOGON_PROFILE_PATH_RETURNED
- 0: NETLOGON_GRACE_LOGON
- key: struct netr_UserSessionKey
- key: ARRAY(16): <REDACTED SECRET VALUES>
- logon_server: struct lsa_StringLarge
- length : 0x0008 (8)
- size : 0x000a (10)
- string : *
- string : 'WSUB'
- logon_domain: struct lsa_StringLarge
- length : 0x0008 (8)
- size : 0x000a (10)
- string : *
- string : 'CDOM'
- domain_sid : *
- domain_sid : S-1-5-21-3495176760-3063979438-1681964479
- LMSessKey: struct netr_LMSessionKey
- key: ARRAY(8): <REDACTED SECRET VALUES>
- acct_flags : 0x00000210 (528)
- 0: ACB_DISABLED
- 0: ACB_HOMDIRREQ
- 0: ACB_PWNOTREQ
- 0: ACB_TEMPDUP
- 1: ACB_NORMAL
- 0: ACB_MNS
- 0: ACB_DOMTRUST
- 0: ACB_WSTRUST
- 0: ACB_SVRTRUST
- 1: ACB_PWNOEXP
- 0: ACB_AUTOLOCK
- 0: ACB_ENC_TXT_PWD_ALLOWED
- 0: ACB_SMARTCARD_REQUIRED
- 0: ACB_TRUSTED_FOR_DELEGATION
- 0: ACB_NOT_DELEGATED
- 0: ACB_USE_DES_KEY_ONLY
- 0: ACB_DONT_REQUIRE_PREAUTH
- 0: ACB_PW_EXPIRED
- 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
- 0: ACB_NO_AUTH_DATA_REQD
- 0: ACB_PARTIAL_SECRETS_ACCOUNT
- 0: ACB_USE_AES_KEYS
- sub_auth_status : 0x00000000 (0)
- last_successful_logon : NTTIME(0)
- last_failed_logon : NTTIME(0)
- failed_logon_count : 0x00000000 (0)
- reserved : 0x00000000 (0)
- sidcount : 0x00000000 (0)
- sids : NULL
- resource_groups: struct PAC_DOMAIN_GROUP_MEMBERSHIP
- domain_sid : NULL
- groups: struct samr_RidWithAttributeArray
- count : 0x00000000 (0)
- rids : NULL
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_UPN_DNS_INFO (12)
- _ndr_size : 0x00000048 (72)
- info : *
- info : union PAC_INFO(case 12)
- upn_dns_info: struct PAC_UPN_DNS_INFO
- upn_name_size : 0x0016 (22)
- upn_name : *
- upn_name : 'u_david@abc'
- dns_domain_name_size : 0x001a (26)
- dns_domain_name : *
- dns_domain_name : 'CDOM.ACME.COM'
- flags : 0x00000000 (0)
- 0: PAC_UPN_DNS_FLAG_CONSTRUCTED
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_SRV_CHECKSUM (6)
- _ndr_size : 0x00000010 (16)
- info : *
- info : union PAC_INFO(case 6)
- srv_cksum: struct PAC_SIGNATURE_DATA
- type : 0x00000010 (16)
- signature : DATA_BLOB length=12
- [0000] FE DE 72 77 22 30 1F 48 8B 9E 99 B2 ..rw"0.H ....
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_KDC_CHECKSUM (7)
- _ndr_size : 0x00000014 (20)
- info : *
- info : union PAC_INFO(case 7)
- kdc_cksum: struct PAC_SIGNATURE_DATA
- type : 0xffffff76 (4294967158)
- signature : DATA_BLOB length=16
- [0000] C9 29 6A 4D D9 BE 18 33 DC 43 26 78 08 D8 8C 59 .)jM...3 .C&x...Y
- _pad : 0x00000000 (0)
- buffers: struct PAC_BUFFER
- type : PAC_TYPE_LOGON_NAME (10)
- _ndr_size : 0x00000020 (32)
- info : *
- info : union PAC_INFO(case 10)
- logon_name: struct PAC_LOGON_NAME
- logon_time : Wed Mar 14 01:15:30 AM 2018 IST
- size : 0x0016 (22)
- account_name : 'u_david@abc'
- _pad : 0x00000000 (0)
- return code = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement