administrator
S-1-5-21-854245398-1563985344-2146797859-500
Number of subauthorities is 5
Domain is DYNABOOKSS
Length of SID in memory is 28 bytes
Type of SID is SidTypeUser
Name is Administrator
Domain is DYNABOOKSS
Type of SID is SidTypeUser
guest
S-1-5-21-854245398-1563985344-2146797859-501
Number of subauthorities is 5
Domain is DYNABOOKSS
Length of SID in memory is 28 bytes
Type of SID is SidTypeUser
Name is Administrator
Domain is DYNABOOKSS
Type of SID is SidTypeUser
>enum -U -P -d -L -c 192.168.11.3
server: 192.168.11.3
setting up session... success.
password policy:
min length: none
min age: none
max age: 42 days
lockout threshold: none
lockout duration: 30 mins
lockout reset: 30 mins
opening lsa policy... success.
server role: 3 [primary (unknown)]
names:
netbios: DYNABOOKSS
domain: xxxxxxxxxxxx
quota:
paged pool limit: 33554432
non paged pool limit: 1048576
min work set size: 65536
max work set size: 251658240
pagefile limit: 0
time limit: 0
trusted domains:
indeterminate
netlogon done by a PDC server
getting user list (pass 1, index 0)... success, got 2.
Administrator ()
attributes:
Guest ()
attributes: disabled no_passwd
No. Time Source Destination Protocol Info
14 5.033269 192.168.11.4 192.168.11.3 SMB NT Create AndX Request, Path: \samr
Frame 14 (154 bytes on wire, 154 bytes captured)
Arrival Time: Oct 15, 2004 06:31:00.780459000
Time delta from previous packet: 5.033269000 seconds
Time since reference or first frame: 5.033269000 seconds
Frame Number: 14
Packet Length: 154 bytes
Capture Length: 154 bytes
Ethernet II, Src: , Dst:
Destination: (192.168.11.3)
Source: (192.168.11.4)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.11.4 (192.168.11.4), Dst Addr: 192.168.11.3 (192.168.11.3)
Transmission Control Protocol, Src Port: 2550 (2550), Dst Port: microsoft-ds (445), Seq: 0, Ack: 0, Len: 100
Source port: 2550 (2550)
Destination port: microsoft-ds (445)
Sequence number: 0 (relative sequence number)
Next sequence number: 100 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64609
Checksum: 0xa55c (correct)
NetBIOS Session Service
Message Type: Session message
Length: 96
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 15
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .1.. = Security Signatures: Security signatures are supported
.... .... .... ..1. = Extended Attributes: Extended attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1960
User ID: 2048
Multiplex ID: 2848
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 10
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response: Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory: Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock: Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock: Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read: Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write: Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute: Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All: Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed: Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security: System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete access
.... .... .... .... .... ...1 .... .... = Write Attributes: WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes: READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00000040
.... .... .... .... .... .... .... ...0 = Directory: File being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through: Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only: The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert: Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert: Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory: File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge: The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close: The file should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x03
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..1. = Effective Only: ONLY ENABLED aspects of the client's security context are available
Byte Count (BCC): 13
File Name: \samr
No. Time Source Destination Protocol Info
16 5.034424 192.168.11.4 192.168.11.3 DCERPC Bind: call_id: 1 UUID: SAMR
Frame 16 (214 bytes on wire, 214 bytes captured)
Arrival Time: Oct 15, 2004 06:31:00.781614000
Time delta from previous packet: 0.001155000 seconds
Time since reference or first frame: 5.034424000 seconds
Frame Number: 16
Packet Length: 214 bytes
Capture Length: 214 bytes
Ethernet II, Src: , Dst:
Destination: (192.168.11.3)
Source: (192.168.11.4)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.11.4 (192.168.11.4), Dst Addr: 192.168.11.3 (192.168.11.3)
Transmission Control Protocol, Src Port: 2550 (2550), Dst Port: microsoft-ds (445), Seq: 100, Ack: 139, Len: 160
Source port: 2550 (2550)
Destination port: microsoft-ds (445)
Sequence number: 100 (relative sequence number)
Next sequence number: 260 (relative sequence number)
Acknowledgement number: 139 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64470
Checksum: 0x0075 (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 15
The RTT to ACK the segment was: 0.000636000 seconds
NetBIOS Session Service
Message Type: Session message
Length: 156
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 17
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .1.. = Security Signatures: Security signatures are supported
.... .... .... ..1. = Extended Attributes: Extended attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1960
User ID: 2048
Multiplex ID: 2864
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 72
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 72
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 89
Transaction Name: \PIPE\
Padding: FF00
SMB Pipe Protocol
DCE RPC
