03 - Compound - AP

ap-option: 0x20000000 (mutual-required)
ticket:

[Ticket] tkt-vno: 5

realm: TEST.LOCAL
sname: cifs/srv-01.test.local (2)
enc-part: EncryptedData[EncTicketPart] etype: 0x12 (AES256_HMAC_SHA1_96), kvno: 10

[EncTicketPart]

flags: 0x40a10000 (enc_pa_rep, name_canonicalize, pre_authent, renewable, forwardable)
key: [EncryptionKey] keytype: 0x12, keyvalue: 0547fa0ac99b765b951f714179e07e1316d50c2d31b43f4398c9205378e39436
crealm: TEST.LOCAL
cname: adm_ad (1)
transited: TODO
authtime: 2017/05/29 16:57:55.0
*starttime: 2017/05/29 16:57:55.0
endtime: 2017/05/30 02:57:55.0
*renew-till: 2017/06/05 16:57:55.0
*authorization-data:

[type: 1 - sise: 1758] AD-IF-RELEVANT

[type: 128 - sise: 1736] AD-WIN2K-PAC

[PACTYPE]

cBuffers: 8
Version: 0
Buffers:

[PAC_INFO_BUFFER 0] ulType: 0x1, cbBufferSize: 592, Offset: 0xa2b5b71258

[KERB_VALIDATION_INFO]

LogonTime: 2017/05/29 14:38:10.364
PasswordLastSet: 2017/05/23 08:03:18.266
PasswordCanChange: 2017/05/24 08:03:18.266
EffectiveName: adm_ad
FullName: adm_ad
LogonCount: 23
BadPasswordCount: 0
UserId: 1119
PrimaryGroupId: 513
GroupIds (GroupCount: 2): 513 (0x7), 512 (0x7)
UserFlags: 544
LogonServer: DC-2016
LogonDomainName: TESTLOCAL
LogonDomainId: S-1-5-21-2322411092-424064500-325241940
UserAccountControl: 0x210
FailedILogonCount: 0
ExtraSids (SidCount: 3):

S-1-5-21-0-0-0-497 (7)
S-1-18-1 (7)
S-1-5-21-0-0-0-496 (7)

ResourceGroupDomainSid: S-1-5-21-2322411092-424064500-325241940
ResourceGroupIds (ResourceGroupCount: 1): 572 (0x20000007)

[PAC_INFO_BUFFER 1] ulType: 0xe, cbBufferSize: 192, Offset: 0xa2b5b714a8

[PAC_DEVICE_INFO]

UserId: 1111
PrimaryGroupId: 515
AccountDomainId: S-1-5-21-2322411092-424064500-325241940
AccountGroupIds (AccountGroupCount: 2): 1120 (0x7), 515 (0x7)
ExtraSids (SidCount: 1):

S-1-18-1 (7)

DomainGroup (DomainGroupCount: 1):

[0]

DomainId: S-1-5-21-2322411092-424064500-325241940
GroupIds (AccountGroupCount: 2): 497 (0x7), 3048772832 (0xa2)

[PAC_INFO_BUFFER 2] ulType: 0xd, cbBufferSize: 272, Offset: 0xa2b5b71568

[PAC_CLIENT_CLAIMS_INFO] Version: 1, Count: 1

[0] Name: ad://ext/adminDescriptio:88d4a403bc439b70, Flags: 0x0, Type: 3, Count: 1

[0] AD_Level

[PAC_INFO_BUFFER 3] ulType: 0xf, cbBufferSize: 400, Offset: 0xa2b5b71678

[PAC_DEVICE_CLAIMS_INFO] Version: 1, Count: 2

[0] Name: ad://ext/adminDescriptio:88d4a403bc439b70, Flags: 0x0, Type: 3, Count: 1

[0] Workstation AD

[1] Name: ad://ext/AuthenticationSilo, Flags: 0x0, Type: 3, Count: 1

[0] test

[PAC_INFO_BUFFER 4] ulType: 0xa, cbBufferSize: 22, Offset: 0xa2b5b71808

[PAC_CLIENT_INFO]

ClientId: 0x01d2d89c-0xb75d2b80
Name: adm_ad

[PAC_INFO_BUFFER 5] ulType: 0xc, cbBufferSize: 80, Offset: 0xa2b5b71820

[UPN_DNS_INFO]

Upn: adm_ad@test.local
DnsDomainName: TEST.LOCAL
Flags: 0x0

[PAC_INFO_BUFFER 6] ulType: 0x6, cbBufferSize: 16, Offset: 0xa2b5b71870

[PAC_SIGNATURE_DATA] Server Signature

SignatureType: 0x10
Signature: aaf597bbf57ea07576d0c7b7

[PAC_INFO_BUFFER 7] ulType: 0x7, cbBufferSize: 20, Offset: 0xa2b5b71880

[PAC_SIGNATURE_DATA] KDC Signature

SignatureType: 0xffffff76
Signature: 033e70fa97f33fb09c536b18a44d12ec

[type: 1 - sise: 95] AD-IF-RELEVANT

[type: 141 - sise: 53] KERB-AD-RESTRICTION-ENTRY

type: 0 - sise: 0
type: 0 - sise: 40

[type: 142 - sise: 16] KERB-LOCAL - TODO

authenticator: EncryptedData[Authenticator] etype: 0x12 (AES256_HMAC_SHA1_96)

[Authenticator] authenticator-vno: 5

crealm: TEST.LOCAL
cname: adm_ad (1)
*cksum:

[Checksum]

cksumtype: 0x8003
[GssChecksum] size: 24

Flags: 0x22 (Mutual, Integrity)
Hash size: 16

ctime: 2017/05/29 16:57:54.0
*subkey: [EncryptionKey] keytype: 0x12, keyvalue: 9c952b0bb3c4f0a871cb600dc12e528ba1d44cdd629481255933d7b4dabadccc
*seq-number: 37716648
*authorization-data:

[type: 1 - sise: 111] AD-IF-RELEVANT

[type: 141 - sise: 53] KERB-AD-RESTRICTION-ENTRY

type: 0 - sise: 0
type: 0 - sise: 40

[type: 142 - sise: 16] KERB-LOCAL - TODO
[type: 143 - sise: 4] AD-AUTH-DATA-AP-OPTIONS: 0x4000

03 - Compound - AP_REQ