added interface ip=10.1.2.6 nmask=255.255.255.0 added interface ip=10.1.2.6 nmask=255.255.255.0 Queueing nbt packet to 10.1.2.3:137 request: struct nbt_name_packet name_trn_id : 0xcc22 (52258) operation : 0x0000 (0) 0x00: NBT_RCODE (0) 0: NBT_FLAG_BROADCAST 0: NBT_FLAG_RECURSION_AVAIL 0: NBT_FLAG_RECURSION_DESIRED 0: NBT_FLAG_TRUNCATION 0: NBT_FLAG_AUTHORITIVE 0x00: NBT_OPCODE (0) 0: NBT_FLAG_REPLY qdcount : 0x0001 (1) ancount : 0x0000 (0) nscount : 0x0000 (0) arcount : 0x0000 (0) questions: ARRAY(1) questions: struct nbt_name_question name: struct nbt_name name : '*' scope : NULL type : NBT_NAME_CLIENT (0x0) question_type : NBT_QTYPE_STATUS (0x21) question_class : NBT_QCLASS_IP (0x1) answers: ARRAY(0) nsrecs: ARRAY(0) additional: ARRAY(0) padding : DATA_BLOB length=0 Received nbt packet of length 319 from 10.1.2.3:137 packet: struct nbt_name_packet name_trn_id : 0xcc22 (52258) operation : 0x8400 (33792) 0x00: NBT_RCODE (0) 0: NBT_FLAG_BROADCAST 0: NBT_FLAG_RECURSION_AVAIL 0: NBT_FLAG_RECURSION_DESIRED 0: NBT_FLAG_TRUNCATION 1: NBT_FLAG_AUTHORITIVE 0x00: NBT_OPCODE (0) 1: NBT_FLAG_REPLY qdcount : 0x0000 (0) ancount : 0x0001 (1) nscount : 0x0000 (0) arcount : 0x0000 (0) questions: ARRAY(0) answers: ARRAY(1) answers: struct nbt_res_rec name: struct nbt_name name : '*' scope : NULL type : NBT_NAME_CLIENT (0x0) rr_type : NBT_QTYPE_STATUS (0x21) rr_class : NBT_QCLASS_IP (0x1) ttl : 0x00000000 (0) rdata : union nbt_rdata(case 0x21) status: struct nbt_rdata_status length : 0x00f5 (245) num_names : 0x0b (11) names: ARRAY(11) names: struct nbt_status_name name : 'TEDC2 ' type : NBT_NAME_CLIENT (0x0) nb_flags : 0x4400 (17408) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 0: NBT_NM_GROUP names: struct nbt_status_name name : 'TEDC2 ' type : NBT_NAME_SERVER (0x20) nb_flags : 0x4400 (17408) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 0: NBT_NM_GROUP names: struct nbt_status_name name : 'WINTEAL ' type : NBT_NAME_CLIENT (0x0) nb_flags : 0xc400 (50176) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 1: NBT_NM_GROUP names: struct nbt_status_name name : 'WINTEAL ' type : NBT_NAME_LOGON (0x1C) nb_flags : 0xc400 (50176) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 1: NBT_NM_GROUP names: struct nbt_status_name name : 'WINTEAL ' type : NBT_NAME_PDC (0x1B) nb_flags : 0x4400 (17408) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 0: NBT_NM_GROUP names: struct nbt_status_name name : 'TEDC2 ' type : NBT_NAME_USER (0x3) nb_flags : 0x4400 (17408) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 0: NBT_NM_GROUP names: struct nbt_status_name name : 'TEDC2$ ' type : NBT_NAME_USER (0x3) nb_flags : 0x4400 (17408) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 0: NBT_NM_GROUP names: struct nbt_status_name name : 'WINTEAL ' type : NBT_NAME_BROWSER (0x1E) nb_flags : 0xc400 (50176) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 1: NBT_NM_GROUP names: struct nbt_status_name name : 'WINTEAL ' type : NBT_NAME_MASTER (0x1D) nb_flags : 0x4400 (17408) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 0: NBT_NM_GROUP names: struct nbt_status_name name : '__MSBROWSE__' type : NBT_NAME_MS (0x1) nb_flags : 0xc400 (50176) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 1: NBT_NM_GROUP names: struct nbt_status_name name : 'ADMINISTRATOR ' type : NBT_NAME_USER (0x3) nb_flags : 0x4400 (17408) 0: NBT_NM_PERMANENT 1: NBT_NM_ACTIVE 0: NBT_NM_CONFLICT 0: NBT_NM_DEREGISTER 0x02: NBT_NM_OWNER_TYPE (2) 0: NBT_NM_GROUP statistics: struct nbt_statistics unit_id : 000c296b0767 jumpers : 0x00 (0) test_result : 0x00 (0) version_number : 0x0000 (0) period_of_statistics : 0x0000 (0) number_of_crcs : 0x0000 (0) number_alignment_errors : 0x0000 (0) number_of_collisions : 0x0000 (0) number_send_aborts : 0x0000 (0) number_good_sends : 0x00000000 (0) number_good_receives : 0x00000000 (0) number_retransmits : 0x0000 (0) number_no_resource_conditions: 0x0000 (0) number_free_command_blocks: 0x0000 (0) total_number_command_blocks: 0x0000 (0) max_total_number_command_blocks: 0x0000 (0) number_pending_sessions : 0x0000 (0) max_number_pending_sessions: 0x0000 (0) max_total_sessions_possible: 0x0000 (0) session_data_packet_size : 0x0000 (0) nsrecs: ARRAY(0) additional: ARRAY(0) padding : DATA_BLOB length=18 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 .. Mapped to DCERPC endpoint \pipe\lsarpc added interface ip=10.1.2.6 nmask=255.255.255.0 added interface ip=10.1.2.6 nmask=255.255.255.0 Shutdown SMB signing BSRSPYL SMB signing enabled Shutdown SMB signing Starting GENSEC mechanism spnego Server claims it's principal name is tedc2$@WINTEAL.TUNDRAENG.COM Starting GENSEC submechanism gssapi_krb5 Received smb_krb5 packet of length 168 Received smb_krb5 packet of length 1317 Received smb_krb5 packet of length 1296 Received smb_krb5 packet of length 1296 Aquiring initiator credentials failed: Cannot allocate memory Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [0000] 67 A9 9E 15 49 BA 63 C1 g...I.c. NTLM2 session key: [0000] 5E D5 8D 3F 4F 00 95 EA BF B5 44 8F AA 3B 01 2A ^..?O... ..D..;.* KEY_EXCH session key: [0000] 22 23 CA 3E FE B2 8A 92 48 31 C1 7C A6 CB 15 33 "#.>.... H1.|...3 KEY_EXCH session key (enc): [0000] 47 C9 52 5A 6A 15 FB CE 3B CA 91 EE 9F 76 8E 3C G.RZj... ;....v.< NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH SMB signing enabled! Started Signing with key: [0000] 22 23 CA 3E FE B2 8A 92 48 31 C1 7C A6 CB 15 33 "#.>.... H1.|...3 [0000] 9B AF AD 35 72 4B DE 6A ...5rK.j Seen valid packet, so turning signing on Seen valid packet, so marking signing as 'seen valid' sign_outgoing_message: SENT SIG (seq: 2): sent SMB signature of [0000] DF 6D 1E 65 6A 86 C3 DA .m.ej... [0000] B7 BC FF 5F E4 8C D8 2A ..._...* sign_outgoing_message: SENT SIG (seq: 4): sent SMB signature of [0000] F5 66 67 CC 0F C2 B5 86 .fg..... [0000] 94 E5 0A 95 11 94 9B 1D ........ sign_outgoing_message: SENT SIG (seq: 6): sent SMB signature of [0000] 11 DE 5C D0 BC E6 57 B9 ..\...W. [0000] E1 6C 2B 5A 6B C4 C3 77 .l+Zk..w smb_raw_trans2_recv_helper: done rpc request data: [0000] 00 00 02 00 02 00 00 00 00 00 00 00 02 00 00 00 ........ ........ [0010] 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \....... ........ [0020] 00 00 00 00 00 00 00 00 04 00 02 00 00 00 00 00 ........ ........ [0030] 02 00 01 00 00 00 00 02 ........ sign_outgoing_message: SENT SIG (seq: 8): sent SMB signature of [0000] 7E 09 6C 47 5E B1 F0 CB ~.lG^... sign_outgoing_message: SENT SIG (seq: 10): sent SMB signature of [0000] 83 DC A1 37 DE 4E 58 60 ...7.NX` [0000] FD 78 C9 AC F5 D0 70 7C .x....p| [0000] 7C 3C 19 9C D5 03 71 D8 |<....q. rpc reply data: [0000] 00 00 00 00 1A 44 23 72 1F 91 B1 45 8C CB E5 F8 .....D#r ...E.... [0010] 74 76 32 25 00 00 00 00 tv2%.... rpc request data: [0000] 00 00 00 00 1A 44 23 72 1F 91 B1 45 8C CB E5 F8 .....D#r ...E.... [0010] 74 76 32 25 0C 00 tv2%.. sign_outgoing_message: SENT SIG (seq: 12): sent SMB signature of [0000] FD 44 2A 3C 2C DD 8B DA .D*<,... sign_outgoing_message: SENT SIG (seq: 14): sent SMB signature of [0000] 6E B3 D7 C8 42 D1 C7 0F n...B... [0000] B0 E6 6E AC C3 FB EF 16 ..n..... [0000] 57 02 1C A3 52 91 3F 0A W...R.?. rpc reply data: [0000] 78 F9 11 00 0C 00 00 00 0E 00 10 00 18 45 13 00 x....... .....E.. [0010] 2A 00 2C 00 B0 D3 10 00 2A 00 2C 00 F8 08 0F 00 *.,..... *.,..... [0020] E0 64 07 F2 05 DC 1D 40 AA 31 07 3E A1 E3 FD 97 .d.....@ .1.>.... [0030] 20 62 11 00 08 00 00 00 00 00 00 00 07 00 00 00 b...... ........ [0040] 57 00 49 00 4E 00 54 00 45 00 41 00 4C 00 00 00 W.I.N.T. E.A.L... [0050] 16 00 00 00 00 00 00 00 15 00 00 00 77 00 69 00 ........ ....w.i. [0060] 6E 00 74 00 65 00 61 00 6C 00 2E 00 74 00 75 00 n.t.e.a. l...t.u. [0070] 6E 00 64 00 72 00 61 00 65 00 6E 00 67 00 2E 00 n.d.r.a. e.n.g... [0080] 63 00 6F 00 6D 00 00 00 16 00 00 00 00 00 00 00 c.o.m... ........ [0090] 15 00 00 00 77 00 69 00 6E 00 74 00 65 00 61 00 ....w.i. n.t.e.a. [00A0] 6C 00 2E 00 74 00 75 00 6E 00 64 00 72 00 61 00 l...t.u. n.d.r.a. [00B0] 65 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 00 e.n.g... c.o.m... [00C0] 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ........ ........ [00D0] 58 21 0B F1 D5 27 C6 69 76 B4 AF 16 00 00 00 00 X!...'.i v....... rpc request data: [0000] 00 00 00 00 1A 44 23 72 1F 91 B1 45 8C CB E5 F8 .....D#r ...E.... [0010] 74 76 32 25 03 00 tv2%.. sign_outgoing_message: SENT SIG (seq: 16): sent SMB signature of [0000] 65 47 EC 50 90 32 AF 09 eG.P.2.. sign_outgoing_message: SENT SIG (seq: 18): sent SMB signature of [0000] FD 11 90 90 B6 3B 58 A7 .....;X. [0000] F6 25 1E 80 DC BA BF 15 .%...... [0000] 6D 33 19 7F A3 C2 B1 25 m3.....% rpc reply data: [0000] 18 45 13 00 03 00 00 00 0E 00 10 00 68 AC 08 00 .E...... ....h... [0010] 20 62 11 00 08 00 00 00 00 00 00 00 07 00 00 00 b...... ........ [0020] 57 00 49 00 4E 00 54 00 45 00 41 00 4C 00 00 00 W.I.N.T. E.A.L... [0030] 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ........ ........ [0040] 58 21 0B F1 D5 27 C6 69 76 B4 AF 16 00 00 00 00 X!...'.i v....... sign_outgoing_message: SENT SIG (seq: 20): sent SMB signature of [0000] D5 A2 D3 4B C2 FE DA 89 ...K.... [0000] AB 35 8E 16 AF 12 7D 43 .5....}C sign_outgoing_message: SENT SIG (seq: 22): sent SMB signature of [0000] 01 C7 F5 00 2F 3E 74 00 ..../>t. [0000] 86 76 CE B0 36 11 21 06 .v..6.!. smb_raw_trans2_recv_helper: done rpc request data: [0000] 00 00 00 00 00 00 00 02 ........ sign_outgoing_message: SENT SIG (seq: 24): sent SMB signature of [0000] FE 0F 6E B6 F5 54 2E 3C ..n..T.< [0000] CB 28 AE BE 39 31 03 05 .(..91.. smb_raw_trans2_recv_helper: done rpc reply data: [0000] 00 00 00 00 82 3A 99 32 76 BD 19 45 88 5C 90 CB .....:.2 v..E.\.. [0010] EA B1 A9 D9 00 00 00 00 ........ rpc request data: [0000] 00 00 00 00 82 3A 99 32 76 BD 19 45 88 5C 90 CB .....:.2 v..E.\.. [0010] EA B1 A9 D9 00 00 00 02 04 00 00 00 01 04 00 00 ........ ........ [0020] 00 00 00 05 15 00 00 00 58 21 0B F1 D5 27 C6 69 ........ X!...'.i [0030] 76 B4 AF 16 v... sign_outgoing_message: SENT SIG (seq: 26): sent SMB signature of [0000] 89 2F 72 77 6F 19 14 06 ./rwo... [0000] 05 9E 33 3F C9 4D F0 3B ..3?.M.; smb_raw_trans2_recv_helper: done rpc reply data: [0000] 00 00 00 00 CD 49 D0 79 F3 C8 69 4C B7 47 AB AB .....I.y ..iL.G.. [0010] 84 BE 37 63 00 00 00 00 ..7c.... rpc request data: [0000] 00 00 00 00 CD 49 D0 79 F3 C8 69 4C B7 47 AB AB .....I.y ..iL.G.. [0010] 84 BE 37 63 16 00 16 00 00 00 02 00 0B 00 00 00 ..7c.... ........ [0020] 00 00 00 00 0B 00 00 00 44 00 45 00 56 00 2D 00 ........ D.E.V.-. [0030] 54 00 45 00 41 00 44 00 43 00 31 00 24 00 00 00 T.E.A.D. C.1.$... [0040] 80 00 00 00 00 00 00 02 ........ sign_outgoing_message: SENT SIG (seq: 28): sent SMB signature of [0000] B5 17 57 1F BE 29 FA A0 ..W..).. [0000] 61 FC 9B 3D F3 1E 0F 49 a..=...I smb_raw_trans2_recv_helper: done rpc reply data: [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 63 00 00 C0 ........ ....c... rpc request data: [0000] 00 00 00 00 CD 49 D0 79 F3 C8 69 4C B7 47 AB AB .....I.y ..iL.G.. [0010] 84 BE 37 63 01 00 00 00 E8 03 00 00 00 00 00 00 ..7c.... ........ [0020] 01 00 00 00 16 00 16 00 00 00 02 00 0B 00 00 00 ........ ........ [0030] 00 00 00 00 0B 00 00 00 44 00 45 00 56 00 2D 00 ........ D.E.V.-. [0040] 54 00 45 00 41 00 44 00 43 00 31 00 24 00 T.E.A.D. C.1.$. sign_outgoing_message: SENT SIG (seq: 30): sent SMB signature of [0000] D0 E3 36 98 B2 8A 36 62 ..6...6b [0000] 8D D8 49 BF 44 76 27 06 ..I.Dv'. smb_raw_trans2_recv_helper: done rpc reply data: [0000] 01 00 00 00 A8 DA 14 00 01 00 00 00 59 04 00 00 ........ ....Y... [0010] 01 00 00 00 F8 6A 13 00 01 00 00 00 01 00 00 00 .....j.. ........ [0020] 00 00 00 00 .... rpc request data: [0000] 00 00 00 00 CD 49 D0 79 F3 C8 69 4C B7 47 AB AB .....I.y ..iL.G.. [0010] 84 BE 37 63 00 00 00 02 59 04 00 00 ..7c.... Y... sign_outgoing_message: SENT SIG (seq: 32): sent SMB signature of [0000] F2 C7 64 44 C3 27 1B 4E ..dD.'.N [0000] FC 22 8E D2 48 EE C6 36 ."..H..6 smb_raw_trans2_recv_helper: done rpc reply data: [0000] 00 00 00 00 98 07 5B 6B D7 BD F9 49 AE 08 7F 0D ......[k ...I.... [0010] E9 CE C3 47 00 00 00 00 ...G.... rpc request data: [0000] 00 00 00 00 98 07 5B 6B D7 BD F9 49 AE 08 7F 0D ......[k ...I.... [0010] E9 CE C3 47 10 00 ...G.. sign_outgoing_message: SENT SIG (seq: 34): sent SMB signature of [0000] 40 1A 9F 0B C0 39 F4 90 @....9.. [0000] 99 42 66 D2 3E 1A 71 9A .Bf.>.q. smb_raw_trans2_recv_helper: done rpc reply data: [0000] F8 CA 0F 00 10 00 00 00 80 00 00 00 00 00 00 00 ........ ........ rpc request data: [0000] 00 00 00 00 98 07 5B 6B D7 BD F9 49 AE 08 7F 0D ......[k ...I.... [0010] E9 CE C3 47 ...G sign_outgoing_message: SENT SIG (seq: 36): sent SMB signature of [0000] 2B AC 13 AF A4 4B 2D 4B +....K-K [0000] 1C C7 37 54 B3 CA 6D A5 ..7T..m. smb_raw_trans2_recv_helper: done rpc reply data: [0000] 00 00 00 00 00 00 00 00 00 00 00 00 ........ .... rpc request data: [0000] 00 00 00 00 98 07 5B 6B D7 BD F9 49 AE 08 7F 0D ......[k ...I.... [0010] E9 CE C3 47 19 00 19 00 00 00 00 00 00 00 00 00 ...G.... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 16 00 16 00 00 00 02 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 80 00 00 00 02 00 10 01 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 C5 F6 8A B3 ........ ........ [00E0] 08 E9 C4 79 43 A9 94 8C 64 17 1E AF 9A 39 8E F6 ...yC... d....9.. [00F0] 2F 29 94 20 5D 19 1E B5 FA A3 3E 67 92 24 D8 14 /). ]... ..>g.$.. [0100] 4A 66 3D 1C 9F DC B4 1C 10 F0 39 FA C3 E4 98 80 Jf=..... ..9..... [0110] 80 F3 2B CD 17 42 94 71 64 38 51 68 42 17 73 91 ..+..B.q d8QhB.s. [0120] 68 AA 7E C5 97 80 DA 70 EB AD 75 46 A2 18 0C 3C h.~....p ..uF...< [0130] 93 3F 15 AD F5 67 96 C1 52 6C 24 4B B9 54 2D B9 .?...g.. Rl$K.T-. [0140] 67 55 AA 90 45 F5 45 0A DD B6 A1 FB 08 79 06 E5 gU..E.E. .....y.. [0150] B1 E6 46 84 2E C0 79 EB BF 88 D9 77 EE AD 60 49 ..F...y. ...w..`I [0160] 53 40 F8 50 24 FA D9 53 79 15 46 A9 1A 59 3B 46 S@.P$..S y.F..Y;F [0170] 13 E2 0F C6 67 45 12 0C 37 83 42 01 19 7C 8D A0 ....gE.. 7.B..|.. [0180] 4E 10 26 1A DA F7 56 F3 C0 E5 05 21 B6 3F 99 9F N.&...V. ...!.?.. [0190] 71 12 C6 52 FD 20 CB D9 C0 03 C8 74 AD 72 38 4D q..R. .. ...t.r8M [01A0] A7 D7 6B 35 3C 33 B9 87 38 9A 9D E7 FF 0B DE 82 ..k5<3.. 8....... [01B0] 5E B4 79 4E 74 70 8C A4 02 45 50 D9 92 EB C9 B0 ^.yNtp.. .EP..... [01C0] 62 04 95 91 7D 84 A4 FB 5F 1F 2D 55 48 49 57 04 b...}... _.-UHIW. [01D0] D8 52 CB 04 6C 56 70 92 07 2A 21 A3 33 AF D2 44 .R..lVp. .*!.3..D [01E0] 70 CE 9E 4A 2B 58 5A A7 15 31 2A EE 48 CF 0D 8A p..J+XZ. .1*.H... [01F0] 6D 82 5C ED 8D 5F B3 2A EB 03 72 3A 59 5D 91 71 m.\.._.* ..r:Y].q [0200] F0 96 60 75 50 B5 0F CF 40 AB FC EF 04 86 EE FA ..`uP... @....... [0210] 4A F1 0C DE 24 F7 2F 91 9E A5 09 A8 BC E1 AE EB J...$./. ........ [0220] AB C7 B9 A2 A7 5F E7 3B 63 94 71 42 2E F3 D3 20 ....._.; c.qB... [0230] CC F6 ED FA DA 56 B0 5D 64 CA 45 BF F9 78 E3 22 .....V.] d.E..x." [0240] 47 0C 8E BB 85 86 BE 60 8A F4 EC CC 73 3E C4 1B G......` ....s>.. [0250] A8 D4 C7 86 4C 82 82 B3 C4 1C 94 86 65 37 1D EF ....L... ....e7.. [0260] D5 65 D0 2A 93 F8 37 33 29 01 9E 1A 1B 41 7D 12 .e.*..73 )....A}. [0270] BF 0A 73 B0 CB 44 AB 6C BF 30 4F E7 CB 7A 91 7E ..s..D.l .0O..z.~ [0280] F7 55 32 00 23 34 CD 89 23 CD 3A C0 C6 85 94 91 .U2.#4.. #.:..... [0290] FB F5 EA 54 45 4C 20 45 ED 6C 36 9E 2D 5F 02 09 ...TEL E .l6.-_.. [02A0] B9 51 8A 39 32 A5 8A 73 B2 44 27 39 43 8D FA B1 .Q.92..s .D'9C... [02B0] 5E EF BC F2 A7 3F 72 9E B3 4F 82 DB 4E 11 A9 E1 ^....?r. .O..N... [02C0] 45 01 4F A1 D0 B8 66 4F F7 AA F5 D9 F8 96 C0 83 E.O...fO ........ [02D0] 78 64 A5 37 99 E6 3A 28 88 D2 7F BC 65 00 94 B1 xd.7..:( ....e... [02E0] C5 6C 89 E3 AE 3B 9E 15 C9 0D 7E 66 F2 D1 03 42 .l...;.. ..~f...B [02F0] 0B 00 00 00 00 00 00 00 0B 00 00 00 44 00 45 00 ........ ....D.E. [0300] 56 00 2D 00 54 00 45 00 41 00 44 00 43 00 31 00 V.-.T.E. A.D.C.1. [0310] 24 00 $. sign_outgoing_message: SENT SIG (seq: 38): sent SMB signature of [0000] BA 03 12 CF 2E 95 A9 3E .......> [0000] F4 F8 1C 9E 79 73 94 BF ....ys.. smb_raw_trans2_recv_helper: done rpc reply data: [0000] 00 00 00 00 .... Mapped to DCERPC endpoint 135 added interface ip=10.1.2.6 nmask=255.255.255.0 added interface ip=10.1.2.6 nmask=255.255.255.0 rpc request data: [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0020] 05 00 13 00 0D 35 42 51 E3 06 4B D1 11 AB 04 00 .....5BQ ..K..... [0030] C0 4F C2 DC D2 04 00 02 00 00 00 13 00 0D 04 5D .O...... .......] [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0060] 00 00 01 00 09 04 00 0A 01 02 03 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 01 00 00 00 .... rpc reply data: [0000] 00 00 00 00 2B F0 3B 07 03 81 29 45 8D 17 C8 F2 ....+.;. ..)E.... [0010] 44 25 F5 58 01 00 00 00 01 00 00 00 00 00 00 00 D%.X.... ........ [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0030] 05 00 13 00 0D 35 42 51 E3 06 4B D1 11 AB 04 00 .....5BQ ..K..... [0040] C0 4F C2 DC D2 04 00 02 00 00 00 13 00 0D 04 5D .O...... .......] [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0070] 04 03 01 00 09 04 00 0A 01 02 03 00 00 00 00 00 ........ ........ Mapped to DCERPC endpoint 1027 added interface ip=10.1.2.6 nmask=255.255.255.0 added interface ip=10.1.2.6 nmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Received smb_krb5 packet of length 1296 Received smb_krb5 packet of length 1296 Aquiring initiator credentials failed: Cannot allocate memory Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL Starting GENSEC submechanism ntlmssp ../librpc/rpc/dcerpc_util.c:857: auth_pad_length 0 Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [0000] DE CB 79 2E D6 B8 84 77 ..y....w NTLM2 session key: [0000] 9D CC 75 42 CC DE 6A A9 41 49 EA DB BA 65 3F DF ..uB..j. AI...e?. KEY_EXCH session key: [0000] 9A 26 AF 99 8D F6 92 13 10 CB 82 4F 5F A5 4D FF .&...... ...O_.M. KEY_EXCH session key (enc): [0000] 62 75 15 CA C6 19 5C 49 40 21 AB 51 5B FC FC 95 bu....\I @!.Q[... NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP weakend master key: [0000] 9A 26 AF 99 8D F6 92 13 10 CB 82 4F 5F A5 4D FF .&...... ...O_.M. NTLMSSP send sign key: [0000] AF 62 7F A9 E9 8E F4 8D 22 12 CB DF C6 14 1A E3 .b...... "....... NTLMSSP send seal key: [0000] 56 5C A8 05 04 20 23 0A 60 A6 35 7F 51 6D CF 2D V\... #. `.5.Qm.- NTLMSSP send seal arc4 state: [0000] 56 DE 7F B6 6D 35 BB CC 1B 47 88 AC 4B 83 60 18 V...m5.. .G..K.`. [0010] 02 3E 49 31 FE 36 39 E8 0E 1F E9 34 40 C3 D5 12 .>I1.69. ...4@... [0020] A8 64 D7 19 27 74 53 DF 2B D4 82 4A A5 3F 3C 98 .d..'tS. +..J.?<. [0030] 69 AB 95 A3 BF 20 5E 38 9F EA 14 2D BE 28 63 DD i.... ^8 ...-.(c. [0040] 86 57 5A 7A D2 C1 7E 45 FB 29 C0 77 F8 B2 70 5B .WZz..~E .).w..p[ [0050] F1 08 24 F0 51 C2 2A E2 F9 01 11 CD F4 1A 8E 9A ..$.Q.*. ........ [0060] 9C EE D6 AA 23 C9 2F BC 72 EC 4E B9 F2 94 7D 0B ....#./. r.N...}. [0070] 93 CF 25 AD D0 AF 75 9D 0D 9B 59 0C 62 EF E0 10 ..%...u. ..Y.b... [0080] B4 33 CE 6F A9 90 73 D1 8D 17 A7 B7 15 DB 09 37 .3.o..s. .......7 [0090] E4 E1 80 81 ED FC B8 8F 9E AE E6 04 D9 55 3B 58 ........ .....U;X [00A0] 13 4C 6C 8B CB 44 C6 B5 03 21 1C 41 06 76 97 4D .Ll..D.. .!.A.v.M [00B0] D3 BA 78 C8 D8 46 65 C4 DC 22 CA 07 84 7C 54 B0 ..x..Fe. ."...|T. [00C0] 91 6A BD FF 05 4F 16 3D A0 8C 87 79 5C 0F FA EB .j...O.= ...y\... [00D0] E7 0A 50 52 32 30 C5 DA 89 96 A4 5F E3 1D B3 66 ..PR20.. ..._...f [00E0] 92 E5 85 00 99 67 2C 68 26 6E C7 FD 48 71 42 5D .....g,h &n..HqB] [00F0] B1 3A 1E A6 F6 F7 A1 6B F5 61 8A 2E A2 7B 43 F3 .:.....k .a...{C. NTLMSSP recv sign key: [0000] EE 52 89 9B 88 BF F0 57 17 02 D0 19 C8 A4 90 08 .R.....W ........ NTLMSSP recv seal key: [0000] 6C 24 BE AA 35 C9 FD 3A 38 B7 EF 7A A1 BE B0 62 l$..5..: 8..z...b NTLMSSP recv seal arc4 state: [0000] A9 20 13 FE 4E BB 1E 48 6D 83 9C 09 A3 3D 4F 19 . ..N..H m....=O. [0010] 80 1D 6A D5 39 2B 5F B2 85 55 5E 14 B0 32 4D 9A ..j.9+_. .U^..2M. [0020] 5A 9F 67 4C 22 93 6E 35 21 57 52 02 E2 54 AB 3C Z.gL".n5 !WR..T.< [0030] D8 D6 7F E3 63 7D EE DF A5 59 0D 7B C2 BA A8 07 ....c}.. .Y.{.... [0040] BF 38 90 E5 5D 0F 56 3B 0C 5B 46 66 70 08 37 B5 .8..].V; .[Ffp.7. [0050] E9 97 E7 A4 8A FC 62 8F 7C 8B 74 68 95 61 17 30 ......b. |.th.a.0 [0060] 2C 34 C6 7E 27 F3 81 CF BD B9 FF F7 D3 DA 2A 6B ,4.~'... ......*k [0070] 89 91 49 42 B3 36 EA 7A 3A 50 5C F2 00 25 F4 4B ..IB.6.z :P\..%.K [0080] E8 73 0A E0 24 86 8C B8 E1 06 31 65 CC B6 01 9D .s..$... ..1e.... [0090] 2F BE DE 43 53 AF EF 75 DC 41 CB 2D 40 0B A6 77 /..CS..u .A.-@..w [00A0] 33 1F AE D7 8E 98 60 69 F1 6C 2E 51 D9 04 82 A1 3.....`i .l.Q.... [00B0] 26 78 64 79 1A 29 10 F5 9E B1 D0 05 28 45 C0 FB &xdy.).. ....(E.. [00C0] AC 72 3F F0 F6 92 15 1C C7 A7 C5 CE 9B C8 E4 88 .r?..... ........ [00D0] 1B BC 96 F8 B7 AA C3 6F 4A 03 EB 8D 12 99 C4 B4 .......o J....... [00E0] EC 18 84 FA A0 58 CD C9 D2 71 D4 87 94 0E 76 11 .....X.. .q....v. [00F0] FD AD CA 23 F9 D1 A2 C1 DD 16 3E DB 44 E6 47 ED ...#.... ..>.D.G. ../librpc/rpc/dcerpc_util.c:857: auth_pad_length 0 rpc request data: [0000] 00 00 02 00 1A 20 4D E2 D6 4F D1 11 A3 DA 00 00 ..... M. .O...... [0010] F8 75 AE 0D 00 00 00 00 .u...... ntlmssp_seal_data: seal ntlmssp clear data [0000] 00 00 02 00 1A 20 4D E2 D6 4F D1 11 A3 DA 00 00 ..... M. .O...... [0010] F8 75 AE 0D 00 00 00 00 00 00 00 00 00 00 00 00 .u...... ........ NTLM2: created signature over 64 bytes of input: [0000] 01 00 00 00 51 2A 4B 34 9E EF C8 4B 00 00 00 00 ....Q*K4 ...K.... ntlmssp signature [0000] 01 00 00 00 F7 7B 8C 60 A4 A4 69 7A 00 00 00 00 .....{.` ..iz.... ntlmssp sealed data [0000] E1 AE 6A 64 16 50 EA 99 18 10 73 71 1B BF 88 FD ..jd.P.. ..sq.... [0010] C0 89 A4 9C 71 63 42 08 12 EC BF 57 05 BB FB 77 ....qcB. ...W...w ../librpc/rpc/dcerpc_util.c:857: auth_pad_length 4 ntlmssp sealed data [0000] 9C 20 08 3D DF CB F2 2E 7C F4 8C 0E 7F 55 2D B7 . .=.... |....U-. [0010] 3C B1 BF 3A E8 75 C7 BF 46 6C 82 64 BF FE A2 94 <..:.u.. Fl.d.... [0020] F5 AC 9F 65 37 30 E4 F8 35 4F 39 CB 9E 72 6D 53 ...e70.. 5O9..rmS [0030] 4C 2D A2 3E 94 7A A1 D9 93 E8 6F 24 C7 37 3E CD L-.>.z.. ..o$.7>. ntlmssp clear data [0000] C0 82 BF 7C 18 00 00 00 18 00 00 00 7F FB 1F 00 ...|.... ........ [0010] 42 95 32 00 B1 FD D1 4C 9B 33 7C 12 5B F5 EA B4 B.2....L .3|.[... [0020] FC 00 00 00 00 00 00 00 91 FC 13 30 4C EB F6 46 ........ ...0L..F [0030] 88 D4 AC 45 09 C6 DC BD 00 00 00 00 52 00 49 00 ...E.... ....R.I. NTLM2: created signature over 96 bytes of input: [0000] 01 00 00 00 FC 3E 08 70 59 8B 5C 7A 00 00 00 00 .....>.p Y.\z.... checked ntlmssp signature [0000] 01 00 00 00 FC 3E 08 70 59 8B 5C 7A 00 00 00 00 .....>.p Y.\z.... rpc reply data: [0000] C0 82 BF 7C 18 00 00 00 18 00 00 00 7F FB 1F 00 ...|.... ........ [0010] 42 95 32 00 B1 FD D1 4C 9B 33 7C 12 5B F5 EA B4 B.2....L .3|.[... [0020] FC 00 00 00 00 00 00 00 91 FC 13 30 4C EB F6 46 ........ ...0L..F [0030] 88 D4 AC 45 09 C6 DC BD 00 00 00 00 ...E.... .... rpc request data: [0000] 00 00 00 00 91 FC 13 30 4C EB F6 46 88 D4 AC 45 .......0 L..F...E [0010] 09 C6 DC BD 01 00 00 00 01 00 00 00 E4 04 00 00 ........ ........ [0020] 07 04 00 00 00 00 00 00 0B 00 00 00 01 00 00 00 ........ ........ [0030] 01 00 00 00 00 00 02 00 01 00 00 00 04 00 02 00 ........ ........ [0040] 2E 00 00 00 00 00 00 00 2E 00 00 00 53 00 2D 00 ........ ....S.-. [0050] 31 00 2D 00 35 00 2D 00 32 00 31 00 2D 00 34 00 1.-.5.-. 2.1.-.4. [0060] 30 00 34 00 34 00 30 00 33 00 38 00 34 00 38 00 0.4.4.0. 3.8.4.8. [0070] 38 00 2D 00 31 00 37 00 37 00 34 00 35 00 39 00 8.-.1.7. 7.4.5.9. [0080] 34 00 30 00 30 00 35 00 2D 00 33 00 38 00 30 00 4.0.0.5. -.3.8.0. [0090] 36 00 31 00 33 00 37 00 35 00 30 00 2D 00 31 00 6.1.3.7. 5.0.-.1. [00A0] 31 00 31 00 33 00 00 00 1.1.3... ntlmssp_seal_data: seal ntlmssp clear data [0000] 00 00 00 00 91 FC 13 30 4C EB F6 46 88 D4 AC 45 .......0 L..F...E [0010] 09 C6 DC BD 01 00 00 00 01 00 00 00 E4 04 00 00 ........ ........ [0020] 07 04 00 00 00 00 00 00 0B 00 00 00 01 00 00 00 ........ ........ [0030] 01 00 00 00 00 00 02 00 01 00 00 00 04 00 02 00 ........ ........ [0040] 2E 00 00 00 00 00 00 00 2E 00 00 00 53 00 2D 00 ........ ....S.-. [0050] 31 00 2D 00 35 00 2D 00 32 00 31 00 2D 00 34 00 1.-.5.-. 2.1.-.4. [0060] 30 00 34 00 34 00 30 00 33 00 38 00 34 00 38 00 0.4.4.0. 3.8.4.8. [0070] 38 00 2D 00 31 00 37 00 37 00 34 00 35 00 39 00 8.-.1.7. 7.4.5.9. [0080] 34 00 30 00 30 00 35 00 2D 00 33 00 38 00 30 00 4.0.0.5. -.3.8.0. [0090] 36 00 31 00 33 00 37 00 35 00 30 00 2D 00 31 00 6.1.3.7. 5.0.-.1. [00A0] 31 00 31 00 33 00 00 00 00 00 00 00 00 00 00 00 1.1.3... ........ NTLM2: created signature over 208 bytes of input: [0000] 01 00 00 00 5F FF C5 7A 4E 1D 12 15 01 00 00 00 ...._..z N....... ntlmssp signature [0000] 01 00 00 00 80 39 29 B7 D4 71 10 C1 01 00 00 00 .....9). .q...... ntlmssp sealed data [0000] EE 30 04 93 4F 3F DE 09 3C 6C E1 D7 C0 06 35 BC .0..O?.. scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: defaultNamingContext: DC=winteal,DC=tundraeng,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com configurationNamingContext: CN=Configuration,DC=winteal,DC=tundraeng,DC=com rootDomainNamingContext: DC=winteal,DC=tundraeng,DC=com ldb_wrap open of ldap://TEDC2 ldb: ldb_trace_request: SEARCH dn: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com scope: base expr: (|(objectClass=*)(distinguishedName=*)) attr: msDS-KeyVersionNumber attr: servicePrincipalName attr: dNSHostName attr: objectGUID control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com dNSHostName: dev-teadc1.winteal.tundraeng.com objectGUID: bb4eb378-32a6-4481-8cc6-a4dfddde7b7e servicePrincipalName: host/dev-teadc1/WINTEAL servicePrincipalName: host/dev-teadc1.winteal.tundraeng.com/WINTEAL servicePrincipalName: host/dev-teadc1/winteal.tundraeng.com servicePrincipalName: host/dev-teadc1.winteal.tundraeng.com/winteal.tundraeng. com servicePrincipalName: host/dev-teadc1 servicePrincipalName: host/dev-teadc1.winteal.tundraeng.com ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (ldap)->start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: MODIFY dn: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com changetype: add servicePrincipalName: host/dev-teadc1.winteal.tundraeng.com servicePrincipalName: host/dev-teadc1 servicePrincipalName: host/dev-teadc1.winteal.tundraeng.com/winteal.tundraeng. com servicePrincipalName: host/dev-teadc1/winteal.tundraeng.com servicePrincipalName: host/dev-teadc1.winteal.tundraeng.com/WINTEAL servicePrincipalName: host/dev-teadc1/WINTEAL dNSHostName: dev-teadc1.winteal.tundraeng.com control: ldb: ldb_trace_request: (ldap)->modify ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (ldap)->end_transaction rpc request data: [0000] 00 00 00 00 91 FC 13 30 4C EB F6 46 88 D4 AC 45 .......0 L..F...E [0010] 09 C6 DC BD 01 00 00 00 01 00 00 00 E4 04 00 00 ........ ........ [0020] 07 04 00 00 00 00 00 00 02 00 00 00 01 00 00 00 ........ ........ [0030] 01 00 00 00 00 00 02 00 01 00 00 00 04 00 02 00 ........ ........ [0040] 09 00 00 00 00 00 00 00 09 00 00 00 57 00 49 00 ........ ....W.I. [0050] 4E 00 54 00 45 00 41 00 4C 00 5C 00 00 00 N.T.E.A. L.\... ntlmssp_seal_data: seal ntlmssp clear data [0000] 00 00 00 00 91 FC 13 30 4C EB F6 46 88 D4 AC 45 .......0 L..F...E [0010] 09 C6 DC BD 01 00 00 00 01 00 00 00 E4 04 00 00 ........ ........ [0020] 07 04 00 00 00 00 00 00 02 00 00 00 01 00 00 00 ........ ........ [0030] 01 00 00 00 00 00 02 00 01 00 00 00 04 00 02 00 ........ ........ [0040] 09 00 00 00 00 00 00 00 09 00 00 00 57 00 49 00 ........ ....W.I. [0050] 4E 00 54 00 45 00 41 00 4C 00 5C 00 00 00 00 00 N.T.E.A. L.\..... NTLM2: created signature over 128 bytes of input: [0000] 01 00 00 00 65 27 90 E6 47 5D 94 DB 02 00 00 00 ....e'.. G]...... ntlmssp signature [0000] 01 00 00 00 D9 03 87 8F 30 E1 5D 4E 02 00 00 00 ........ 0.]N.... ntlmssp sealed data [0000] 4A 74 4D 41 30 4A E9 5E 68 98 25 44 26 03 F1 A6 JtMA0J.^ h.%D&... [0010] 6A BD B5 E8 DE 59 43 AA CE 32 EF C5 C8 21 A8 1C j....YC. .2...!.. [0020] 6E FD 60 24 46 45 ED 80 2C 84 03 D9 93 70 F6 C9 n.`$FE.. ,....p.. [0030] 9C 8A 4C B1 1C 05 30 D6 E3 1E 05 07 BF D3 28 4A ..L...0. ......(J [0040] B5 16 39 18 B4 9F 7E F6 10 53 DF E2 30 CF E4 3D ..9...~. .S..0..= [0050] FF 00 4F B4 08 21 92 AF 1B 55 A8 0D E8 66 A0 C3 ..O..!.. .U...f.. ../librpc/rpc/dcerpc_util.c:857: auth_pad_length 4 ntlmssp sealed data [0000] 62 A6 86 05 36 66 39 1C C6 BC 60 71 C2 5F 87 3A b...6f9. ..`q._.: [0010] 02 0C 53 BE 8E 82 D5 AF AE 91 2D DE E7 3C CF A3 ..S..... ..-..<.. [0020] 08 26 D5 23 15 8A BA 06 4A 44 A4 36 A8 88 7F 6B .&.#.... JD.6...k [0030] F1 14 98 44 B4 38 CC 82 48 ED 7A 72 D5 2F 80 A2 ...D.8.. H.zr./.. [0040] 0A C6 11 C4 DA 97 6C BF A7 B5 23 0A 97 5B 5A 94 ......l. ..#..[Z. [0050] 86 D1 62 00 C1 BA 0A CF 3D 95 21 96 93 4B 78 1A ..b..... =.!..Kx. [0060] 80 B7 FB C2 76 70 10 FA F2 E0 04 8E 29 1A FF B6 ....vp.. ....)... [0070] 2B 39 E3 BC 55 95 B8 9E AB 4E 4E 10 F1 E1 32 4F +9..U... .NN...2O [0080] 9C 2E A1 19 C8 2F 9B D7 32 2B 38 A4 C9 8A 40 E7 ...../.. 2+8...@. [0090] 97 E8 E3 61 53 53 DA 68 21 65 10 FC 1D E4 3C BC ...aSS.h !e....<. [00A0] 26 F9 51 74 D3 C8 0B 87 54 A4 DB 65 66 59 0F 31 &.Qt.... T..efY.1 ntlmssp clear data [0000] 01 00 00 00 01 00 00 00 78 1B 8C 09 01 00 00 00 ........ x....... [0010] 88 1B 8C 09 01 00 00 00 00 00 00 00 48 61 8C 09 ........ ....Ha.. [0020] 28 62 8C 09 16 00 00 00 00 00 00 00 16 00 00 00 (b...... ........ [0030] 77 00 69 00 6E 00 74 00 65 00 61 00 6C 00 2E 00 w.i.n.t. e.a.l... [0040] 74 00 75 00 6E 00 64 00 72 00 61 00 65 00 6E 00 t.u.n.d. r.a.e.n. [0050] 67 00 2E 00 63 00 6F 00 6D 00 00 00 1F 00 00 00 g...c.o. m....... [0060] 00 00 00 00 1F 00 00 00 44 00 43 00 3D 00 77 00 ........ D.C.=.w. [0070] 69 00 6E 00 74 00 65 00 61 00 6C 00 2C 00 44 00 i.n.t.e. a.l.,.D. [0080] 43 00 3D 00 74 00 75 00 6E 00 64 00 72 00 61 00 C.=.t.u. n.d.r.a. [0090] 65 00 6E 00 67 00 2C 00 44 00 43 00 3D 00 63 00 e.n.g.,. D.C.=.c. [00A0] 6F 00 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 o.m..... ........ NTLM2: created signature over 208 bytes of input: [0000] 01 00 00 00 C2 B4 22 8C 43 78 01 75 02 00 00 00 ......". Cx.u.... checked ntlmssp signature [0000] 01 00 00 00 C2 B4 22 8C 43 78 01 75 02 00 00 00 ......". Cx.u.... rpc reply data: [0000] 01 00 00 00 01 00 00 00 78 1B 8C 09 01 00 00 00 ........ x....... [0010] 88 1B 8C 09 01 00 00 00 00 00 00 00 48 61 8C 09 ........ ....Ha.. [0020] 28 62 8C 09 16 00 00 00 00 00 00 00 16 00 00 00 (b...... ........ [0030] 77 00 69 00 6E 00 74 00 65 00 61 00 6C 00 2E 00 w.i.n.t. e.a.l... [0040] 74 00 75 00 6E 00 64 00 72 00 61 00 65 00 6E 00 t.u.n.d. r.a.e.n. [0050] 67 00 2E 00 63 00 6F 00 6D 00 00 00 1F 00 00 00 g...c.o. m....... [0060] 00 00 00 00 1F 00 00 00 44 00 43 00 3D 00 77 00 ........ D.C.=.w. [0070] 69 00 6E 00 74 00 65 00 61 00 6C 00 2C 00 44 00 i.n.t.e. a.l.,.D. [0080] 43 00 3D 00 74 00 75 00 6E 00 64 00 72 00 61 00 C.=.t.u. n.d.r.a. [0090] 65 00 6E 00 67 00 2C 00 44 00 43 00 3D 00 63 00 e.n.g.,. D.C.=.c. [00A0] 6F 00 6D 00 00 00 00 00 00 00 00 00 o.m..... .... added interface ip=10.1.2.6 nmask=255.255.255.0 added interface ip=10.1.2.6 nmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Received smb_krb5 packet of length 1296 Received smb_krb5 packet of length 1296 Aquiring initiator credentials failed: Cannot allocate memory Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x62898205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [0000] 36 93 B8 0C 2A 79 ED DA 6...*y.. NTLM2 session key: [0000] 57 03 99 EE B4 12 15 66 A2 D0 B0 B2 B9 38 3F 95 W......f .....8?. KEY_EXCH session key: [0000] B3 2D C8 48 65 07 9F DA AF 5B C7 FB 2B 89 7F 5A .-.He... .[..+..Z KEY_EXCH session key (enc): [0000] 5B AB 3B FC 46 AD 95 E4 73 3F 1C EA 2E 46 44 E5 [.;.F... s?...FD. NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH ldb: No modules specified for this database ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: defaultNamingContext: DC=winteal,DC=tundraeng,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com configurationNamingContext: CN=Configuration,DC=winteal,DC=tundraeng,DC=com rootDomainNamingContext: DC=winteal,DC=tundraeng,DC=com ldb_wrap open of ldap://tedc2.winteal.tundraeng.com/ ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: * control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: currentTime: 20100419173901.0Z subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=winteal,DC=tundr aeng,DC=com dsServiceName: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com namingContexts: CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com namingContexts: CN=Configuration,DC=winteal,DC=tundraeng,DC=com namingContexts: DC=winteal,DC=tundraeng,DC=com defaultNamingContext: DC=winteal,DC=tundraeng,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com configurationNamingContext: CN=Configuration,DC=winteal,DC=tundraeng,DC=com rootDomainNamingContext: DC=winteal,DC=tundraeng,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.801 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.528 supportedControl: 1.2.840.113556.1.4.417 supportedControl: 1.2.840.113556.1.4.619 supportedControl: 1.2.840.113556.1.4.841 supportedControl: 1.2.840.113556.1.4.529 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.2.840.113556.1.4.521 supportedControl: 1.2.840.113556.1.4.970 supportedControl: 1.2.840.113556.1.4.1338 supportedControl: 1.2.840.113556.1.4.474 supportedControl: 1.2.840.113556.1.4.1339 supportedControl: 1.2.840.113556.1.4.1340 supportedControl: 1.2.840.113556.1.4.1413 supportedLDAPVersion: 3 supportedLDAPVersion: 2 supportedLDAPPolicies: MaxPoolThreads supportedLDAPPolicies: MaxDatagramRecv supportedLDAPPolicies: MaxReceiveBuffer supportedLDAPPolicies: InitRecvTimeout supportedLDAPPolicies: MaxConnections supportedLDAPPolicies: MaxConnIdleTime supportedLDAPPolicies: MaxActiveQueries supportedLDAPPolicies: MaxPageSize supportedLDAPPolicies: MaxQueryDuration supportedLDAPPolicies: MaxTempTableSize supportedLDAPPolicies: MaxResultSetSize supportedLDAPPolicies: MaxNotificationPerConn highestCommittedUSN: 5133 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO dnsHostName: tedc2.winteal.tundraeng.com ldapServiceName: winteal.tundraeng.com:tedc2$@WINTEAL.TUNDRAENG.COM serverName: CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu ration,DC=winteal,DC=tundraeng,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 supportedCapabilities: 1.2.840.113556.1.4.1791 isSynchronized: TRUE isGlobalCatalogReady: TRUE ldb: ldb_trace_request: SEARCH dn: CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: one expr: (cn=Partitions) attr: msDs-Behavior-Version control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=Partitions,CN=Configuration,DC=winteal,DC=tundraeng,DC=com ldb: ldb_trace_response: REFERRAL ref: ldap://winteal.tundraeng.com/CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com??base ldb: ldb_trace_request: SEARCH dn: DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: msDs-Behavior-Version control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: DC=winteal,DC=tundraeng,DC=com ldb: ldb_trace_request: SEARCH dn: CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: objectVersion control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com objectVersion: 13 ldb: ldb_trace_request: SEARCH dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: revision control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_set_errstring: LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=System,DC=winteal,DC=tundraeng,DC=com <0000208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=System,DC=winteal,DC=tundraeng,DC=com' > <> ldb: ldb_trace_request: SEARCH dn: scope: base expr: (|(objectClass=*)(distinguishedName=*)) control: 1.2.840.113556.1.4.417 crit:1 data:no ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=Infrastructure,DC=winteal,DC=tundraeng,DC=com cn: Infrastructure fSMORoleOwner: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com instanceType: 4 isCriticalSystemObject: TRUE distinguishedName: CN=Infrastructure,DC=winteal,DC=tundraeng,DC=com objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=winteal ,DC=tundraeng,DC=com objectClass: top objectClass: infrastructureUpdate objectGUID: 6660e5b1-123b-475d-82fd-b0e7995e0223 name: Infrastructure showInAdvancedViewOnly: TRUE systemFlags: -1946157056 uSNChanged: 1360 uSNCreated: 1360 whenChanged: 20100212184026.0Z whenCreated: 20100212184026.0Z ldb: ldb_trace_request: SEARCH dn: CN=Infrastructure,DC=winteal,DC=tundraeng,DC=com scope: base expr: (|(objectClass=*)(distinguishedName=*)) attr: fSMORoleOwner control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=Infrastructure,DC=winteal,DC=tundraeng,DC=com fSMORoleOwner: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com ldb: ldb_trace_request: SEARCH dn: CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: dnsHostName control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com dNSHostName: tedc2.winteal.tundraeng.com ldb: ldb_trace_request: SEARCH dn: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: objectGUID control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com objectGUID: fb8baa65-8d40-426a-aa55-eacbdeed57fb ldb: ldb_trace_request: SEARCH dn: DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: rIDManagerReference control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: DC=winteal,DC=tundraeng,DC=com rIDManagerReference: CN=RID Manager$,CN=System,DC=winteal,DC=tundraeng,DC=com ldb: ldb_trace_request: SEARCH dn: CN=RID Manager$,CN=System,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: fSMORoleOwner control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=RID Manager$,CN=System,DC=winteal,DC=tundraeng,DC=com fSMORoleOwner: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com ldb: ldb_trace_request: SEARCH dn: CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: dnsHostName control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com dNSHostName: tedc2.winteal.tundraeng.com ldb: ldb_trace_request: SEARCH dn: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: objectGUID control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com objectGUID: fb8baa65-8d40-426a-aa55-eacbdeed57fb ldb: ldb_trace_request: SEARCH dn: CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com cn: Default-First-Site-Name instanceType: 4 distinguishedName: CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=win teal,DC=tundraeng,DC=com objectCategory: CN=Site,CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC= com objectClass: top objectClass: site objectGUID: 00329542-fdb1-4cd1-9b33-7c125bf5eab4 name: Default-First-Site-Name showInAdvancedViewOnly: TRUE systemFlags: 1107296256 uSNChanged: 1171 uSNCreated: 1171 whenChanged: 20100212184026.0Z whenCreated: 20100212184026.0Z Become DC [(null)] of Domain[WINTEAL]/[winteal.tundraeng.com] Promotion Partner is Server[tedc2.winteal.tundraeng.com] from Site[Default-First-Site-Name] Options:crossRef behavior_version[0] schema object_version[13] domain behavior_version[0] domain w2k3_update_revision[0] ldb: ldb_trace_request: SEARCH dn: DC=winteal,DC=tundraeng,DC=com scope: sub expr: (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=DEV-TEADC1$)) attr: distinguishedName attr: userAccountControl control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com distinguishedName: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com userAccountControl: 4096 ldb: ldb_trace_response: REFERRAL ref: ldap://winteal.tundraeng.com/CN=Configuration,DC=winteal,DC=tundraeng,DC=com ldb: ldb_trace_request: SEARCH dn: CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com scope: base expr: (objectClass=*) attr: control: ldb: ldb_trace_request: (ldap)->search ldb: ldb_trace_response: ENTRY dn: CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com serverReference: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com cn: DEV-TEADC1 instanceType: 4 distinguishedName: CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Site s,CN=Configuration,DC=winteal,DC=tundraeng,DC=com objectCategory: CN=Server,CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,D C=com objectClass: top objectClass: server objectGUID: 32dc6837-7ed4-497d-bffd-8bdb44b453b8 name: DEV-TEADC1 showInAdvancedViewOnly: TRUE systemFlags: 1375731712 uSNChanged: 4869 uSNCreated: 4869 whenChanged: 20100414172918.0Z whenCreated: 20100414172918.0Z ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (ldap)->start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: MODIFY dn: CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com changetype: add serverReference: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com control: ldb: ldb_trace_request: (ldap)->modify ldb: ldb_set_errstring: LDAP error 20 LDAP_ATTRIBUTE_OR_VALUE_EXISTS - <00002083: AtrErr: DSID-03150A39, #1: 0: 00002083: DSID-03150A39, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 90203 (serverReference):len 172 > <> ldb: cancel ldb transaction (nesting: 0) ldb: ldb_trace_request: (ldap)->del_transaction ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (ldap)->start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: MODIFY dn: CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com changetype: add serverReference: CN=dev-teadc1,CN=Computers,DC=winteal,DC=tundraeng,DC=com control: ldb: ldb_trace_request: (ldap)->modify ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (ldap)->end_transaction Mapped to DCERPC endpoint 135 added interface ip=10.1.2.6 nmask=255.255.255.0 added interface ip=10.1.2.6 nmask=255.255.255.0 rpc request data: [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0020] 05 00 13 00 0D 35 42 51 E3 06 4B D1 11 AB 04 00 .....5BQ ..K..... [0030] C0 4F C2 DC D2 04 00 02 00 00 00 13 00 0D 04 5D .O...... .......] [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 01 00 00 00 .... rpc reply data: [0000] 00 00 00 00 A9 2B 87 51 D1 AA 31 45 9D CC DC 4B .....+.Q ..1E...K [0010] 02 A1 7F 7D 01 00 00 00 01 00 00 00 00 00 00 00 ...}.... ........ [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0030] 05 00 13 00 0D 35 42 51 E3 06 4B D1 11 AB 04 00 .....5BQ ..K..... [0040] C0 4F C2 DC D2 04 00 02 00 00 00 13 00 0D 04 5D .O...... .......] [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0070] 04 03 01 00 09 04 00 0A 01 02 03 00 00 00 00 00 ........ ........ Mapped to DCERPC endpoint 1027 added interface ip=10.1.2.6 nmask=255.255.255.0 added interface ip=10.1.2.6 nmask=255.255.255.0 Starting GENSEC mechanism gssapi_krb5 Received smb_krb5 packet of length 1296 Received smb_krb5 packet of length 1296 Aquiring initiator credentials failed: Cannot allocate memory Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL Failed to start GENSEC client mechanism gssapi_krb5: NT_STATUS_UNSUCCESSFUL Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - NT_STATUS_UNSUCCESSFUL libnet_BecomeDC() failed - NT_STATUS_UNSUCCESSFUL