| blob | 088f48b1cfb095ba711e86c907dfbc7c8ebbec1f |
1 pull returned Success
2 PAC_DATA: struct PAC_DATA
3 num_buffers : 0x00000006 (6)
4 version : 0x00000000 (0)
5 buffers: ARRAY(6)
6 buffers: struct PAC_BUFFER
7 type : PAC_TYPE_LOGON_INFO (1)
8 _ndr_size : 0x000001d0 (464)
9 info : *
10 info : union PAC_INFO(case 1)
11 logon_info: struct PAC_LOGON_INFO_CTR
12 info : *
13 info: struct PAC_LOGON_INFO
14 info3: struct netr_SamInfo3
15 base: struct netr_SamBaseInfo
16 logon_time : NTTIME(0)
17 logoff_time : Thu Sep 14 02:48:05 AM 30828 UTC
18 kickoff_time : Thu Sep 14 02:48:05 AM 30828 UTC
19 last_password_change : Wed Oct 13 02:08:12 AM 2021 UTC
20 allow_password_change : Thu Oct 14 02:08:12 AM 2021 UTC
21 force_password_change : Wed Nov 24 02:08:12 AM 2021 UTC
22 account_name: struct lsa_String
23 length : 0x0012 (18)
24 size : 0x0012 (18)
25 string : *
26 string : 'tsttktusr'
27 full_name: struct lsa_String
28 length : 0x0000 (0)
29 size : 0x0000 (0)
30 string : *
31 string : ''
32 logon_script: struct lsa_String
33 length : 0x0000 (0)
34 size : 0x0000 (0)
35 string : *
36 string : ''
37 profile_path: struct lsa_String
38 length : 0x0000 (0)
39 size : 0x0000 (0)
40 string : *
41 string : ''
42 home_directory: struct lsa_String
43 length : 0x0000 (0)
44 size : 0x0000 (0)
45 string : *
46 string : ''
47 home_drive: struct lsa_String
48 length : 0x0000 (0)
49 size : 0x0000 (0)
50 string : *
51 string : ''
52 logon_count : 0x0000 (0)
53 bad_password_count : 0x0000 (0)
54 rid : 0x0000048e (1166)
55 primary_gid : 0x00000201 (513)
56 groups: struct samr_RidWithAttributeArray
57 count : 0x00000001 (1)
58 rids : *
59 rids: ARRAY(1)
60 rids: struct samr_RidWithAttribute
61 rid : 0x00000201 (513)
62 attributes : 0x00000007 (7)
63 1: SE_GROUP_MANDATORY
64 1: SE_GROUP_ENABLED_BY_DEFAULT
65 1: SE_GROUP_ENABLED
66 0: SE_GROUP_OWNER
67 0: SE_GROUP_USE_FOR_DENY_ONLY
68 0: SE_GROUP_INTEGRITY
69 0: SE_GROUP_INTEGRITY_ENABLED
70 0: SE_GROUP_RESOURCE
71 0x00: SE_GROUP_LOGON_ID (0)
72 user_flags : 0x00000020 (32)
73 0: NETLOGON_GUEST
74 0: NETLOGON_NOENCRYPTION
75 0: NETLOGON_CACHED_ACCOUNT
76 0: NETLOGON_USED_LM_PASSWORD
77 1: NETLOGON_EXTRA_SIDS
78 0: NETLOGON_SUBAUTH_SESSION_KEY
79 0: NETLOGON_SERVER_TRUST_ACCOUNT
80 0: NETLOGON_NTLMV2_ENABLED
81 0: NETLOGON_RESOURCE_GROUPS
82 0: NETLOGON_PROFILE_PATH_RETURNED
83 0: NETLOGON_GRACE_LOGON
84 key: struct netr_UserSessionKey
85 key: ARRAY(16): <REDACTED SECRET VALUES>
86 logon_server: struct lsa_StringLarge
87 length : 0x000e (14)
88 size : 0x0010 (16)
89 string : *
90 string : 'LOCALDC'
91 logon_domain: struct lsa_StringLarge
92 length : 0x0016 (22)
93 size : 0x0018 (24)
94 string : *
95 string : 'SAMBADOMAIN'
96 domain_sid : *
97 domain_sid : S-1-5-21-4109729462-983708096-1421331175
98 LMSessKey: struct netr_LMSessionKey
99 key: ARRAY(8): <REDACTED SECRET VALUES>
100 acct_flags : 0x00000010 (16)
101 0: ACB_DISABLED
102 0: ACB_HOMDIRREQ
103 0: ACB_PWNOTREQ
104 0: ACB_TEMPDUP
105 1: ACB_NORMAL
106 0: ACB_MNS
107 0: ACB_DOMTRUST
108 0: ACB_WSTRUST
109 0: ACB_SVRTRUST
110 0: ACB_PWNOEXP
111 0: ACB_AUTOLOCK
112 0: ACB_ENC_TXT_PWD_ALLOWED
113 0: ACB_SMARTCARD_REQUIRED
114 0: ACB_TRUSTED_FOR_DELEGATION
115 0: ACB_NOT_DELEGATED
116 0: ACB_USE_DES_KEY_ONLY
117 0: ACB_DONT_REQUIRE_PREAUTH
118 0: ACB_PW_EXPIRED
119 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
120 0: ACB_NO_AUTH_DATA_REQD
121 0: ACB_PARTIAL_SECRETS_ACCOUNT
122 0: ACB_USE_AES_KEYS
123 sub_auth_status : 0x00000000 (0)
124 last_successful_logon : NTTIME(0)
125 last_failed_logon : NTTIME(0)
126 failed_logon_count : 0x00000000 (0)
127 reserved : 0x00000000 (0)
128 sidcount : 0x00000001 (1)
129 sids : *
130 sids: ARRAY(1)
131 sids: struct netr_SidAttr
132 sid : *
133 sid : S-1-18-1
134 attributes : 0x00000007 (7)
135 1: SE_GROUP_MANDATORY
136 1: SE_GROUP_ENABLED_BY_DEFAULT
137 1: SE_GROUP_ENABLED
138 0: SE_GROUP_OWNER
139 0: SE_GROUP_USE_FOR_DENY_ONLY
140 0: SE_GROUP_INTEGRITY
141 0: SE_GROUP_INTEGRITY_ENABLED
142 0: SE_GROUP_RESOURCE
143 0x00: SE_GROUP_LOGON_ID (0)
144 resource_groups: struct PAC_DOMAIN_GROUP_MEMBERSHIP
145 domain_sid : NULL
146 groups: struct samr_RidWithAttributeArray
147 count : 0x00000000 (0)
148 rids : NULL
149 _pad : 0x00000000 (0)
150 buffers: struct PAC_BUFFER
151 type : PAC_TYPE_LOGON_NAME (10)
152 _ndr_size : 0x0000001c (28)
153 info : *
154 info : union PAC_INFO(case 10)
155 logon_name: struct PAC_LOGON_NAME
156 logon_time : Wed Oct 13 02:08:11 AM 2021 UTC
157 size : 0x0012 (18)
158 account_name : 'tsttktusr'
159 _pad : 0x00000000 (0)
160 buffers: struct PAC_BUFFER
161 type : PAC_TYPE_UPN_DNS_INFO (12)
162 _ndr_size : 0x000000a8 (168)
163 info : *
164 info : union PAC_INFO(case 12)
165 upn_dns_info: struct PAC_UPN_DNS_INFO
166 upn_name_size : 0x0036 (54)
167 upn_name : *
168 upn_name : 'tsttktusr@samba.example.com'
169 dns_domain_name_size : 0x0022 (34)
170 dns_domain_name : *
171 dns_domain_name : 'SAMBA.EXAMPLE.COM'
172 flags : 0x00000001 (1)
173 1: PAC_UPN_DNS_FLAG_CONSTRUCTED
174 0: PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID
175 ex : union PAC_UPN_DNS_INFO_EX(case 0)
176 _pad : 0x00000000 (0)
177 buffers: struct PAC_BUFFER
178 type : PAC_TYPE_SRV_CHECKSUM (6)
179 _ndr_size : 0x00000014 (20)
180 info : *
181 info : union PAC_INFO(case 6)
182 srv_cksum: struct PAC_SIGNATURE_DATA
183 type : 0xffffff76 (4294967158)
184 signature : DATA_BLOB length=16
185 [0000] 2B 39 6A 8C 76 29 DA 8D 63 C0 95 57 19 10 6E CE +9j.v).. c..W..n.
186 _pad : 0x00000000 (0)
187 buffers: struct PAC_BUFFER
188 type : PAC_TYPE_KDC_CHECKSUM (7)
189 _ndr_size : 0x00000010 (16)
190 info : *
191 info : union PAC_INFO(case 7)
192 kdc_cksum: struct PAC_SIGNATURE_DATA
193 type : 0x00000010 (16)
194 signature : DATA_BLOB length=12
195 [0000] 5A D4 78 FD 1B F0 F6 DC B7 45 65 56 Z.x..... .EeV
196 _pad : 0x00000000 (0)
197 buffers: struct PAC_BUFFER
198 type : PAC_TYPE_TICKET_CHECKSUM (16)
199 _ndr_size : 0x00000010 (16)
200 info : *
201 info : union PAC_INFO(case 16)
202 ticket_checksum: struct PAC_SIGNATURE_DATA
203 type : 0x00000010 (16)
204 signature : DATA_BLOB length=12
205 [0000] 78 48 2F 88 18 AA 0B 3F ED 34 DF 4A xH/....? .4.J
206 _pad : 0x00000000 (0)
207 push returned Success
208 pull returned Success
209 WARNING! orig bytes:824 validated pushed bytes:768
210 WARNING! orig pulled bytes:824 validated pulled bytes:768
211 WARNING! orig and validated differ at byte 0x2C (44)
212 WARNING! orig byte[0x2C] = 0xA8 validated byte[0x2C] = 0x70
213 [0000] 06 00 00 00 00 00 00 00 01 00 00 00 D0 01 00 00 ........ ........
214 [0010] 68 00 00 00 00 00 00 00 0A 00 00 00 1C 00 00 00 h....... ........
215 -[0020] 38 02 00 00 00 00 00 00 0C 00 00 00 A8 00 00 00 8....... ........
216 +[0020] 38 02 00 00 00 00 00 00 0C 00 00 00 70 00 00 00 8....... ....p...
217 [0030] 58 02 00 00 00 00 00 00 06 00 00 00 14 00 00 00 X....... ........
218 -[0040] 00 03 00 00 00 00 00 00 07 00 00 00 10 00 00 00 ........ ........
219 +[0040] C8 02 00 00 00 00 00 00 07 00 00 00 10 00 00 00 ........ ........
220 -[0050] 18 03 00 00 00 00 00 00 10 00 00 00 10 00 00 00 ........ ........
221 +[0050] E0 02 00 00 00 00 00 00 10 00 00 00 10 00 00 00 ........ ........
222 -[0060] 28 03 00 00 00 00 00 00 01 10 08 00 CC CC CC CC (....... ........
223 +[0060] F0 02 00 00 00 00 00 00 01 10 08 00 CC CC CC CC ........ ........
224 [0070] C0 01 00 00 00 00 00 00 00 00 02 00 00 00 00 00 ........ ........
225 [0080] 00 00 00 00 FF FF FF FF FF FF FF 7F FF FF FF FF ........ ........
226 [0090] FF FF FF 7F BA 4C 70 2C D7 BF D7 01 BA 0C DA 56 .....Lp, .......V
227 [00A0] A0 C0 D7 01 BA CC C9 21 D8 E0 D7 01 12 00 12 00 .......! ........
228 [00B0] 04 00 02 00 00 00 00 00 08 00 02 00 00 00 00 00 ........ ........
229 [00C0] 0C 00 02 00 00 00 00 00 10 00 02 00 00 00 00 00 ........ ........
230 [00D0] 14 00 02 00 00 00 00 00 18 00 02 00 00 00 00 00 ........ ........
231 [00E0] 8E 04 00 00 01 02 00 00 01 00 00 00 1C 00 02 00 ........ ........
232 [00F0] 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ....... ........
233 [0100] 00 00 00 00 0E 00 10 00 20 00 02 00 16 00 18 00 ........ .......
234 [0110] 24 00 02 00 28 00 02 00 00 00 00 00 00 00 00 00 $...(... ........
235 [0120] 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
236 skipping zero buffer bytes
237 [0140] 01 00 00 00 2C 00 02 00 00 00 00 00 00 00 00 00 ....,... ........
238 [0150] 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 ........ ........
239 [0160] 74 00 73 00 74 00 74 00 6B 00 74 00 75 00 73 00 t.s.t.t. k.t.u.s.
240 [0170] 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r....... ........
241 skipping zero buffer bytes
242 [01B0] 01 00 00 00 01 02 00 00 07 00 00 00 08 00 00 00 ........ ........
243 [01C0] 00 00 00 00 07 00 00 00 4C 00 4F 00 43 00 41 00 ........ L.O.C.A.
244 [01D0] 4C 00 44 00 43 00 00 00 0C 00 00 00 00 00 00 00 L.D.C... ........
245 [01E0] 0B 00 00 00 53 00 41 00 4D 00 42 00 41 00 44 00 ....S.A. M.B.A.D.
246 [01F0] 4F 00 4D 00 41 00 49 00 4E 00 00 00 04 00 00 00 O.M.A.I. N.......
247 [0200] 01 04 00 00 00 00 00 05 15 00 00 00 B6 7E F5 F4 ........ .....~..
248 [0210] C0 31 A2 3A E7 CA B7 54 01 00 00 00 30 00 02 00 .1.:...T ....0...
249 [0220] 07 00 00 00 01 00 00 00 01 01 00 00 00 00 00 12 ........ ........
250 [0230] 01 00 00 00 00 00 00 00 80 B7 21 2C D7 BF D7 01 ........ ..!,....
251 [0240] 12 00 74 00 73 00 74 00 74 00 6B 00 74 00 75 00 ..t.s.t. t.k.t.u.
252 -[0250] 73 00 72 00 00 00 00 00 36 00 18 00 22 00 50 00 s.r..... 6...".P.
253 +[0250] 73 00 72 00 00 00 00 00 36 00 10 00 22 00 48 00 s.r..... 6...".H.
254 -[0260] 01 00 00 00 12 00 78 00 1C 00 8A 00 00 00 00 00 ......x. ........
255 +[0260] 01 00 00 00 00 00 00 00 74 00 73 00 74 00 74 00 ........ t.s.t.t.
256 -[0270] 74 00 73 00 74 00 74 00 6B 00 74 00 75 00 73 00 t.s.t.t. k.t.u.s.
257 +[0270] 6B 00 74 00 75 00 73 00 72 00 40 00 73 00 61 00 k.t.u.s. r.@.s.a.
258 -[0280] 72 00 40 00 73 00 61 00 6D 00 62 00 61 00 2E 00 r.@.s.a. m.b.a...
259 +[0280] 6D 00 62 00 61 00 2E 00 65 00 78 00 61 00 6D 00 m.b.a... e.x.a.m.
260 -[0290] 65 00 78 00 61 00 6D 00 70 00 6C 00 65 00 2E 00 e.x.a.m. p.l.e...
261 +[0290] 70 00 6C 00 65 00 2E 00 63 00 6F 00 6D 00 00 00 p.l.e... c.o.m...
262 -[02A0] 63 00 6F 00 6D 00 00 00 53 00 41 00 4D 00 42 00 c.o.m... S.A.M.B.
263 +[02A0] 53 00 41 00 4D 00 42 00 41 00 2E 00 45 00 58 00 S.A.M.B. A...E.X.
264 -[02B0] 41 00 2E 00 45 00 58 00 41 00 4D 00 50 00 4C 00 A...E.X. A.M.P.L.
265 +[02B0] 41 00 4D 00 50 00 4C 00 45 00 2E 00 43 00 4F 00 A.M.P.L. E...C.O.
266 -[02C0] 45 00 2E 00 43 00 4F 00 4D 00 00 00 00 00 00 00 E...C.O. M.......
267 +[02C0] 4D 00 00 00 00 00 00 00 76 FF FF FF 2B 39 6A 8C M....... v...+9j.
268 -[02D0] 74 00 73 00 74 00 74 00 6B 00 74 00 75 00 73 00 t.s.t.t. k.t.u.s.
269 +[02D0] 76 29 DA 8D 63 C0 95 57 19 10 6E CE 00 00 00 00 v)..c..W ..n.....
270 -[02E0] 72 00 01 05 00 00 00 00 00 05 15 00 00 00 B6 7E r....... .......~
271 +[02E0] 10 00 00 00 5A D4 78 FD 1B F0 F6 DC B7 45 65 56 ....Z.x. .....EeV
272 -[02F0] F5 F4 C0 31 A2 3A E7 CA B7 54 8E 04 00 00 00 00 ...1.:.. .T......
273 +[02F0] 10 00 00 00 78 48 2F 88 18 AA 0B 3F ED 34 DF 4A ....xH/. ...?.4.J
274 -[0300] 76 FF FF FF 2B 39 6A 8C 76 29 DA 8D 63 C0 95 57 v...+9j. v)..c..W
275 +[0300] EMPTY BLOCK
276 -[0310] 19 10 6E CE 00 00 00 00 10 00 00 00 5A D4 78 FD ..n..... ....Z.x.
277 +[0310] EMPTY BLOCK
278 -[0320] 1B F0 F6 DC B7 45 65 56 10 00 00 00 78 48 2F 88 .....EeV ....xH/.
279 +[0320] EMPTY BLOCK
280 -[0330] 18 AA 0B 3F ED 34 DF 4A ...?.4.J
281 +[0330] EMPTY BLOCK
282 dump OK