Relying on the rudimentary info of $ djoin.exe /help
and
this web page:
The blob written to the path passed in the /savefile
flag
contains the machine account credentials. I presume that includes
the randomly generated machine password necessary to derive the
machine’s Kerberos keys. Exactly what I need.
However, I can’t make heads or tails of the decoded blob. It starts with this:
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF comment
0x00000000 0110 0800 cccc cccc 6003 0000 0000 0000 ........`.......
0x00000010 0000 0200 0100 0000 0100 0000 0400 0200 ................
0x00000020 0100 0000 0100 0000 3803 0000 0800 0200 ........8.......
0x00000030 3803 0000 0110 0800 cccc cccc 2803 0000 8...........(...
0x00000040 0000 0000 80c2 54ac d0a0 55ac 309b 55ac ......T...U.0.U.
and then contains recognizable UTF-16 strings, one of which I gather might hold the password.
Is this format documented anywhere?
User contributions licensed under CC BY-SA 3.0