03 - Compound - AS

*padata:

[PA-DATA]

[1] padata-type: 136 (PA-FX-FAST)

[PA-FX-FAST-REQUEST]

armored-data:

[KrbFastArmoredReq]

*armor: EXPLICIT (field present)

[KrbFastArmor]

armor-type: 1 (FX_FAST_ARMOR_AP_REQUEST)
armor-value:

[AP-REQ] pvno: 5, msg-type: 14

ap-option: 0x0 ()
ticket:

[Ticket (TGT Computer)] tkt-vno: 5

realm: TEST.LOCAL
sname: krbtgt/TEST.LOCAL (2)
enc-part: EncryptedData[EncTicketPart] etype: 0x12 (AES256_HMAC_SHA1_96), kvno: 2

[EncTicketPart]

flags: 0x40e10000 (enc_pa_rep, name_canonicalize, pre_authent, initial, renewable, forwardable)
key: [EncryptionKey] keytype: 0x12, keyvalue: e05bec1f2efd46078c667187a4bd2fc62b693e1796d0597aa7ad0794b3e661bd
crealm: TEST.LOCAL
cname: WIN10$ (1)
transited: TODO
authtime: 2017/05/29 16:57:04.0
*starttime: 2017/05/29 16:57:04.0
endtime: 2017/05/30 02:57:04.0
*renew-till: 2017/05/30 02:57:04.0
*authorization-data:

[type: 1 - sise: 1166] AD-IF-RELEVANT

[type: 128 - sise: 1144] AD-WIN2K-PAC

[PACTYPE]

cBuffers: 6
Version: 0
Buffers:

[PAC_INFO_BUFFER 0] ulType: 0x1, cbBufferSize: 496, Offset: 0x4405bc06c8

[KERB_VALIDATION_INFO]

LogonTime: 2017/05/29 15:11:39.454
PasswordLastSet: 2017/05/29 06:52:15.424
PasswordCanChange: 2017/05/30 06:52:15.424
EffectiveName: WIN10$
LogonCount: 433
BadPasswordCount: 0
UserId: 1111
PrimaryGroupId: 515
GroupIds (GroupCount: 2): 1120 (0x7), 515 (0x7)
UserFlags: 32
LogonServer: DC-2016
LogonDomainName: TESTLOCAL
LogonDomainId: S-1-5-21-2322411092-424064500-325241940
UserAccountControl: 0x40080
FailedILogonCount: 0
ExtraSids (SidCount: 2):

S-1-5-21-0-0-0-497 (7)
S-1-18-1 (7)

ResourceGroupDomainSid: NULL
ResourceGroupIds (ResourceGroupCount: 0): NONE

[PAC_INFO_BUFFER 1] ulType: 0xa, cbBufferSize: 22, Offset: 0x4405bc08b8

[PAC_CLIENT_INFO]

ClientId: 0x01d2d89c-0x98f73000
Name: WIN10$

[PAC_INFO_BUFFER 2] ulType: 0xc, cbBufferSize: 80, Offset: 0x4405bc08d0

[UPN_DNS_INFO]

Upn: WIN10$@test.local
DnsDomainName: TEST.LOCAL
Flags: 0x1

[PAC_INFO_BUFFER 3] ulType: 0xd, cbBufferSize: 400, Offset: 0x4405bc0920

[PAC_CLIENT_CLAIMS_INFO] Version: 1, Count: 2

[0] Name: ad://ext/adminDescriptio:88d4a403bc439b70, Flags: 0x0, Type: 3, Count: 1

[0] Workstation AD

[1] Name: ad://ext/AuthenticationSilo, Flags: 0x0, Type: 3, Count: 1

[0] test

[PAC_INFO_BUFFER 4] ulType: 0x6, cbBufferSize: 16, Offset: 0x4405bc0ab0

[PAC_SIGNATURE_DATA] Server Signature

SignatureType: 0x10
Signature: b899a0176341a1cd332117a4

[PAC_INFO_BUFFER 5] ulType: 0x7, cbBufferSize: 20, Offset: 0x4405bc0ac0

[PAC_SIGNATURE_DATA] KDC Signature

SignatureType: 0xffffff76
Signature: 47c889542546b1fcdf8321ece23682ba

authenticator: EncryptedData[Authenticator] etype: 0x12 (AES256_HMAC_SHA1_96)

[Authenticator] authenticator-vno: 5

crealm: TEST.LOCAL
cname: WIN10$ (1)
ctime: 2017/05/29 16:57:53.0
*subkey: [EncryptionKey] keytype: 0x12, keyvalue: 2651d4bcf597e8075e32ff964d48127c1aa351871c8d50a10c027e62f3bd7185
*seq-number: 00

req-checksum:

[Checksum]

cksumtype: 0x10
checksum(UNKNOWN): fa34a430000fc5485009bf9c

enc-fast-req: EncryptedData[KrbFastReq] etype: 0x12 (AES256_HMAC_SHA1_96)

[KrbFastReq]

fast-options: 0x0 ()
padata:

[PA-DATA]

[1] padata-type: 138 (PA-ENCRYPTED-CHALLENGE)

[PA-ENC-TS-ENC] etype: 0x12 (AES256_HMAC_SHA1_96)

patimestamp: 2017/05/29 16:57:53.0
*pausec: 505585

[2] padata-type: 128 (PA-PAC-REQUEST), padata-value: TODO
[3] padata-type: 167 (PA-PAC-OPTIONS), KerberosFlags: 0x80000000 (Claims)

req-body:

[KDC-REQ-BODY]

kdc-options: 0x40810010 (enc_pa_rep, name_canonicalize, renewable, forwardable, 0x10)
*cname: adm_ad (1)
realm: TEST.LOCAL
*sname: krbtgt/TEST.LOCAL (2)
till: 2037/09/13 02:48:05.0
*rtime: 2037/09/13 02:48:05.0
nonce: 0x3775a663
etype:

etype: 0x12 (AES256_HMAC_SHA1_96)

*addresses:

addr-type: 20 (NetBios), address: WIN10

req-body:

[KDC-REQ-BODY]

etype: 0x12 (AES256_HMAC_SHA1_96)

*addresses:

addr-type: 20 (NetBios), address: WIN10

03 - Compound - AS_REQ