IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
----------------------------
- removed DOM_RID4
- removed SAMR_UNKNOWN_32
- added SAMR_SET_USERINFO (opcode 0x32)
- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)
- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- added mod_sam21pwd_entry()
- preparing to call mod_sam21pwd_entry()
- added "user session key" to user_struct.dc. this is md4(nt#) and is
needed to decode user's clear-text passwords in SAMR_SET_USERINFO.
- split code out in chgpasswd.c to decode 516 byte password buffers.
this_pdu_data_pos = data_pos - p->prev_pdu_file_offset;
is correct for first two PDU's only, after that it results in extra
garbage after each fragment and hence "Protocol Error" messages from
NT4 SP4. Changed to:
this_pdu_data_pos = (pdu_data_sent == 0) ? 0 : (pdu_data_sent - 0x18);
(actually, decryption only currently because I need to get some sleep).
Basically another Microsoft twist on DES; the "master key" is the user's
NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys.
remember: only close handles that you've previously opened. if the
lsa_open_secret() succeeds then and only then can you close it.
if the lsa_open_policy2() succeeds then and only then can you close it.
(-> LsarQuerySecret) on client side, including rpcclient command
"querysecret" for others to play with.
The major obstacle is working out the encryption algorithm used
for the secret value. It definitely uses the NT hash as part of the
key, and it seems the block size is 64 bits - probably DES based -
but I can't work out what's done in between. Help required.
it's wrong. i've seen a packet from nt client on MAILSLOT\NETLOGON
with appended undocumented unicode tacked on the end and the response
contained undocumented unicode tacked on the end.
last count (probably an ENUM / resume handle) should always be returned
even if there are no items being returned.
- got fed up of seven intendation levels in cmd_samr.c, maximum recommended
in *any* code is three! made some sub-fns instead.