SSO Authentication -> sends authenticated users to login.php
piler -V output:
piler 1.2.0, build 952, Janos SUTO <sj@acts.hu>
Build Date: Mon Nov 21 13:19:39 GMT 2016
ldd version: ldd (Debian GLIBC 2.19-18+deb8u6) 2.19
gcc version: gcc version 4.9.2 (Debian 4.9.2-10)
OS: Linux svcaarchive 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux
Configure command: ./configure --localstatedir=/var --with-database=mysql --enable-starttls --enable-tcpwrappers
MySQL client library version: 5.5.53
Extractors: /usr/bin/catdoc /usr/bin/catppt /usr/bin/xls2csv /usr/bin/unrtf /usr/bin/tnef
Where I am: This is a new installation of piler on a debian install following instructions on the site with the following addition steps as the apache module couldn't find the socket (samba3->samba4 moves it, resulting in helper broken errors):
$ usermod -a -G winbindd_priv www-data
$ chgrp winbindd_priv /var/lib/samba/winbindd_privileged
$ ln -s /var/lib/samba/winbindd_privileged/pipe /var/run/samba/winbindd_privileged/pipe
This solved the authentication errors in the debug log, but when the user goes to the site address, it seems to be authenticating the user against AD fine, but redirecting them to /login.php. There aren't currently any contents of the archives, I'm not sure if this would cause this. I have included the apache debug information below.
[Mon Nov 21 15:41:21.947673 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: granted
[Mon Nov 21 15:41:21.947725 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require all granted: granted
[Mon Nov 21 15:41:21.947733 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: granted
[Mon Nov 21 15:41:21.967990 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Mon Nov 21 15:41:21.968002 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Mon Nov 21 15:41:22.059856 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Mon Nov 21 15:41:22.059872 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Mon Nov 21 15:41:22.059878 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(1023): [client 10.200.5.70:50924] doing ntlm auth dance
[Mon Nov 21 15:41:22.060925 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(487): [client 10.200.5.70:50924] Launched ntlm_helper, pid 7171
[Mon Nov 21 15:41:22.060942 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(657): [client 10.200.5.70:50924] creating auth user
[Mon Nov 21 15:41:22.060966 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(708): [client 10.200.5.70:50924] parsing reply from helper to YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKAFopAAAADw==\n
[Mon Nov 21 15:41:22.083783 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(746): [client 10.200.5.70:50924] got response: TT <base64 removed>
[Mon Nov 21 15:41:22.083817 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(416): [client 10.200.5.70:50924] sending back <base64 removed>
[Mon Nov 21 15:41:22.095744 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Mon Nov 21 15:41:22.095756 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Mon Nov 21 15:41:22.095761 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(1023): [client 10.200.5.70:50924] doing ntlm auth dance
[Mon Nov 21 15:41:22.095764 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(489): [client 10.200.5.70:50924] Using existing auth helper 7171
[Mon Nov 21 15:41:22.095774 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(708): [client 10.200.5.70:50924] parsing reply from helper to KK <base64 removed>
[Mon Nov 21 15:41:22.866184 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(746): [client 10.200.5.70:50924] got response: AF MYDOMIAN\\some.user
[Mon Nov 21 15:41:22.866215 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(792): [client 10.200.5.70:50924] authenticated MYDOMAIN\\some.users
[Mon Nov 21 15:41:22.866225 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require valid-user : granted
[Mon Nov 21 15:41:22.866230 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: granted
[Mon Nov 21 15:41:22.866709 2016] [:error] [pid 7088] [client 10.200.5.70:50924] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Mon Nov 21 15:41:22.867289 2016] [:error] [pid 7088] [client 10.200.5.70:50924] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Mon Nov 21 15:41:22.886141 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require all granted: granted
[Mon Nov 21 15:41:22.886153 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: granted
[Mon Nov 21 15:41:22.886248 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require all granted: granted
[Mon Nov 21 15:41:22.886258 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: granted
[Mon Nov 21 15:41:22.888940 2016] [deflate:debug] [pid 7088] mod_deflate.c(855): [client 10.200.5.70:50924] AH01384: Zlib: Compressed 2427 to 961 : URL /index.php
[Mon Nov 21 15:41:22.933571 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require all granted: granted, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:22.933585 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: granted, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:22.940039 2016] [deflate:debug] [pid 7088] mod_deflate.c(855): [client 10.200.5.70:50924] AH01384: Zlib: Compressed 186679 to 31541 : URL /view/theme/default/assets/css/metro-bootstrap.css, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:23.006634 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of Require all granted: granted, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:23.006649 2016] [authz_core:debug] [pid 7088] mod_authz_core.c(809): [client 10.200.5.70:50924] AH01626: authorization result of <RequireAny>: granted, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:23.006811 2016] [deflate:debug] [pid 7088] mod_deflate.c(855): [client 10.200.5.70:50924] AH01384: Zlib: Compressed 2444 to 1238 : URL /view/theme/default/assets/js/html5.js, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:23.018076 2016] [authz_core:debug] [pid 7087] mod_authz_core.c(809): [client 10.200.5.70:50925] AH01626: authorization result of Require all granted: granted, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:23.018105 2016] [authz_core:debug] [pid 7087] mod_authz_core.c(809): [client 10.200.5.70:50925] AH01626: authorization result of <RequireAny>: granted, referer: http://svcaarchive/login.php
[Mon Nov 21 15:41:23.332434 2016] [authz_core:debug] [pid 7087] mod_authz_core.c(809): [client 10.200.5.70:50925] AH01626: authorization result of Require all granted: granted
[Mon Nov 21 15:41:23.332448 2016] [authz_core:debug] [pid 7087] mod_authz_core.c(809): [client 10.200.5.70:50925] AH01626: authorization result of <RequireAny>: granted
Comments (26)
-
reporter -
repo owner It seems that the authentication is successful: [Mon Nov 21 15:41:22.866215 2016] [auth_ntlm_winbind:debug] [pid 7088] mod_auth_ntlm_winbind.c(792): [client 10.200.5.70:50924] authenticated MYDOMAIN\some.users
I suspect that some data is sent before the session cookie is sent. Perhaps some white characters from config-site.php? I also recommend to go to search.php after you are redirected to login.php (=manually change the url), and let's see if it shows the search page or sends you to login.php again.
-
reporter I've checked the site-config.php file and there's no white characters (spaces/newlines). Going to /search.php just sends me back to /login.php
-
reporter This is the php version too, if it's any help.
root@svcaarchive:/var/www/piler# php -v PHP 5.6.27-0+deb8u1 (cli) (built: Oct 15 2016 15:53:28) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
Update: This also happens when logging in on /login.php with ldap username and password on non-NTLM enabled browser with the same outcomes in the error log.
-
repo owner OK, then we have to figure out what data is sent before the session cookies. Can you do some debugging? It would be great to see a network dump, eg. "ngrep -X port 80" output when you try to login. You may need to install ngrep, eg. apt-get install ngrep.
-
reporter Sure, it's saying there is some browser unauthorised message. I've checked the apache logs and the winbind helper is reporting ok again.
interface: eth0 (192.168.0.0/255.255.254.0) filter: (ip or ip6) and ( port 80 ) ### T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [AP] GET /sso.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, ap plication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET 4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..DNT: 1..Connection: Keep-Alive.... ## T 192.168.0.66:80 -> 192.168.0.65:60100 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 11:28:12 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM..Content-Length: 458..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html; charset=is o-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested . Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to supply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></ html>. # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [AP] GET /sso.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, ap plication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET 4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..DNT: 1..Connection: Keep-Alive..Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==.... # T 192.168.0.66:80 -> 192.168.0.65:60100 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 11:28:12 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM TlRMTVNTUAACAAAAGgAaADgAAAAFgomi0d4G3M6SZsYAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAG gBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIADBEUYKzRNIBA AAAAA==..Content-Length: 458..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</he ad><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to sup ply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></html>. # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [AP] GET /sso.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, ap plication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET 4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..DNT: 1..Connection: Keep-Alive..Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJoAAAB4AXgBsgAAABoAGgBYAAAAHAAcAHIAAAAMAAwAjgAAAAAAAAAqAgAABYKIogYBsR0AAAAPuwoGzK+jxHUYSJ1CloBPz00AVQ BMAFQASQBHAFIATwBVAFAAUABMAEMAUgBvAHIAeQAuAE0AYwBJAG4AZQByAG4AZQB5AFIATwBSAFkAUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKtM2JWTyYpHCJTudkCBn+UBAQAAAAAAADBEUYKzRNIB4rAC04rYVLIAAAAAAgAaAE0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAAQAWAFMAVgBDAEEAQQ BSAEMASABJAFYARQAEACYAbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAADAD4AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4AbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAAHAAgAMERRgrNE0gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAMAAAkJzxPmjuTLhsWDaTAK 18VvjOndxqmWaDJKymOBlk8w0KABAAAAAAAAAAAAAAAAAAAAAAAAkAPABIAFQAVABQAC8AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4ATQB1AGwAdABpAEcAcgBvAHUAcABQAGwAYwAAAAAAAAAAAAAAAAA=.... ## T 192.168.0.66:80 -> 192.168.0.65:60100 [AP] HTTP/1.1 302 Found..Date: Tue, 22 Nov 2016 11:28:12 GMT..Server: Apache/2.4.10 (Debian)..Set-Cookie: PHPSESSID=h82nu0n365s962jfd5fea4v8g5; path=/..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-reval idate, post-check=0, pre-check=0..Pragma: no-cache..Location: http://svcaarchive/login.php..Content-Length: 0..Keep-Alive: timeout=5, max=98..Connection: Keep-Alive..Content-Type: text/html; charset=UTF-8.... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [AP] GET /login.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .N ET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..Cookie: PHPSESSID=h82nu0n365s962jfd5fea4v8g5..Connection: Keep-Alive..DNT: 1.... ## T 192.168.0.66:80 -> 192.168.0.65:60100 [AP] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 11:28:13 GMT..Server: Apache/2.4.10 (Debian)..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Vary: Acc ept-Encoding..Content-Encoding: gzip..Content-Length: 979..Keep-Alive: timeout=5, max=97..Connection: Keep-Alive..Content-Type: text/html; charset=UTF-8...............VQo.6.~........fi..@...7...gCQ..-.%6........(...,....6u....;...W. ./...c..B.z..!..YD....!a.<u.\.`9Ir.....v....++...Te....8.)y..m.l*.-%.*-..........@.>..Q.+..L.%D....).-l7J......4...I.Nr........`.-*+TyD4.m..a..M.E..}.3...JQ..\.:....l........q.m4,1.a....R.X..>.(. #j.V...,v......qy9=%&...Y+M&...7.... /Q...$&,.!A0..+-pL.........o.w....:.~.T&!Q)..U0...........!?.5..Y.._...........5..t.2.....e*._\........eJ...........m.xUI.Z..9.....J.H)1.o0...~}.......=...C.~Uf.H".$28...."r6.;..K.l._Y........O.Mj.....h......r.2/.N.W*...FT:..x.>iwPS ...:...t..HL...ewd...@b..(2...3j..w..=...1.s.:8_...[...A.Vd..)iu;....jC.t:.i......J...' .c..+JP.r.%.$.}..20"+EI..[.|..^.k.pc...|.(......k..R.E.......w2GI.e..V.{..[...o_.+...$4 w....V.T.'.+....._!i...._.....8.Z%..=.....Z{9...A...|P.. t..ZU..W.$..$....J...[.12.....q..q..C...w.s#D.....&.a%.....7 %q_.....L....\........^.... =!`..U..j..w.^{.,&..U|1........U.../.4......y..8../.g....|...g.._o...0Y.........%..M~.....Oo....k.c.P-./......u.<g{... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [AP] GET /view/theme/default/assets/css/metro-bootstrap.css HTTP/1.1..Accept: */*..Referer: http://svcaarchive/login.php..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; . NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Mon, 21 Nov 2016 13:33:38 GMT..If-None-Match: "2d937-541cfb40 ffe1f-gzip"..DNT: 1..Connection: Keep-Alive..Cookie: PHPSESSID=h82nu0n365s962jfd5fea4v8g5.... # T 192.168.0.66:80 -> 192.168.0.65:60100 [A] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 11:28:13 GMT..Server: Apache/2.4.10 (Debian)..Last-Modified: Mon, 21 Nov 2016 13:33:38 GMT..ETag: "2d937-541cfb40ffe1f-gzip"..Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzi p..Content-Length: 31559..Keep-Alive: timeout=5, max=96..Connection: Keep-Alive..Content-Type: text/css................k.#7. .].".d:U.H*..LSm..Z...........5cAF0.]$..$......w8..".....S..E.....p8.............z...&..]v...o.2.]......... .:.....?~S..n.o...k.E.^.n.^l..M}.t..~...b...vX.....<....8....vC....|......~....7......>~.....y.@...;.K..VO...k..."...._^.........y...{.......................v...,/.'....?_...{8;rH.w.~s=?...%.....A._....&Ir/3.....^.@...-.......~...~. =...e|..*..........C.j.I...^....S..(O..v_S....E..=..k.....#.H...e....w...2FR|..K..[...=.....5..$-......P.Z~....3.....Su/*.....]....u?.. .P.vG"'........i....J.'u}{.O..e" ..V.}..o.$.%.BD.......;..."k{"m..{....zx...bC.p2ud.oiGl.......[ ....c?...*swG......x$].......i....._T.TZ.V....S..+.....L.Z"1F...CG.....A..C}...2$...p...S...T....^2.......5..F..<........FCHH..@kH....ot..G.t....s...C.e....A..DQ..,.v..L....7.......!!.Jp..a...Y...C.tup"*...#.X..!.(...u.S?\....)..o.0 ...z....csw!T.O...E....Q~.j.... ..W>2...l..d.....n.......EO...^....exMs..............[7<...V....t.+...^..&.c3t'R..3..W.j..D.06...J..G12#.....#.....S.@f%.?..P...].......:....R.m..S......h....8l=.3...h.t.*...|Z....y......]Bus..~...,P# k..........>=.9U%...mOx2&p.iM..,.../.....;2..h..4.M.lj.....Z.)..{S....mh.NWlXr.b.o?.{......;J..2m.#*.cF5...S.n....T.........m..6...|....._...h..Z:...n.............,%.B...x1...c...-.....H..r....CXh$a.(.0........z...'._..4.^.T...'K.&. x..b..S..|..T?..v..H-....5=S........0.J.....p...V..]..X..-...M.......s.D.7.@....Y..<..X.A;.....1..6-.....Wz.~.U..e4m..f_..o..{....H&..rG).c.p......i.uG...Y...ay....,.4. .D...?... ....*.uRB..M.Dj...P..%H.db..K... .....*..).)....(.... D$.."..Hk.$I....i?....s#=7.sC-....J.,R-..2s..B..t.r=S.(.2S..T.Lt..-3...y..<.3.(\n.W...$..B....Hy...J........_5.C......"...H...K..~...2'...L..6.n....r.....E:..~.^.2.}4..`.l.`...`...eS.*...BK..[E....<*...8.!9 .JQ<Rm...*."&...Y......)Q ...0<J..+..B..9. 5..(...F..T.BCs8.....R..*5X.V.$.k(...-W...c.S.V*.ah..N..$<.YLr...Q.ch...V.ddQ*<$..t.(.....R..#.IV...6.e.8..J..h.V.....W.......2,z..+...&...6(..K..%^...Bs.[u......Q.1.f+M...Z..Cn..:....&+.YA..D..J|./V@...2..|.[.f.N.. l..2...U......H.*4...$_......."_e.F3+.u5..N.4*...2...j.J..(.D...h..0E0/V3..n.....F..3..."u..U+X<)LS...S.V.aK&.H....D.U..$...h..:L.*B}Rt...s...Xs<.|.g.@.$;.W>.K.}v.n~.+M1..p$.....N.D'.J..L)L.}.wH..0(V.&.&...`...Iu..`....$_kT..Lc...)0 7.&.&.P..)..'@k..m......W...!I.Lv.X.3.>.Z3.a>1..5.s......`.....s.......|.F(.^a.5..l.0n......h..FO.J...l....*W....O..V.2it.!...f3..D.W.'.5.. "../..t.A.V..2.....#.......FAR.d.C....|)y&....#.....X{.........{.o...-.P.....n...)........_. ../-......H:E.n....V.f....h..B..C...UZ....e...,Y'.*.....J.....4.3|.M^..*|.n6..,s.b*.b,/.u.I..IFO-D|_g.K..l............/.W.....`.+....a....qG.....R.<...t..D|..C........].0.".....!..2.!..$~...!)..)I.S..,...].$;)...b........LM...9hv... .C.r.FV.....a#....kH.<QO..Y..>........o.....P ....q.qW.e?..u...........}......i....7........1Z~u=2.......D.w.Q..9.+~:......."...X.|.O!i3D...>.p.....Y.e.4X{...c...Q.../w...Jg.=.........:=a..yU.....w.......X2S.......9.b.4.....v..N..|. qG..%1E.Q..C}B.0.&|.;i....w.....P..;....:.UX..M}....RW._..y.e..O.Nyrl...""...#\:.. ...8w..7.....tj.M}f'....j..l..qO..`.Ka6...,8Yc.....2....VB..F......6...Y\..:.....0J.?.....k...W}.FpD..!.8....D.......O.<.F..pG......)...s..(Z./RO.E.. .Q...b....pk.....N.....&..d%s......X....?..}....Xo....G.'.y........1v>.Z..c.T....:..o|'..wbmz'.lE2.#H.z.(......B.....-qUG...Y...f..@.....GR=?.t'N...<..(..w..B....c....S.JD..G..x..V.0...."._...19tv&.....a.>....I..y3..=..../.......... 8.)D.....I2=.xn/.i..$V9.....fi.......G............m.rU ..8..O.....a_. .XI..Nc|.Q-A.WA.E.^.v..&..hO..L...L..B..u$/I....4......4....}o$...u;......Z..."O..M7..T.4.2h.......Q..v58....Q ).........CC9.N...h.. :.K%.v{.Nj.O.)..g......v.r..D .4:.!...#...?..!..."....*ts%............y=.....F. ........=...)....".H.(.H.(..L9.. h.........@2..A..8Ar.hA......x.1~D.5..m)...8b.Y.. ..E.'9.....x...\.....E.../....9.VZ).s...x3..."....-.a......-$..P...p...7. .m.7.sw...4...r3..B.o.x.l ..l...9A.ns.N....Zu.r..y....u..N..#.....1..,d... ..3.HS...W..Q..kej..:..........2.f.xb.t...^...=u...X.`Ly4].......o]^..d.$.....{z.VMmf...&..9..,H.............|/VR...y.....C..P.)..(p.....%<.OO............. # T 192.168.0.66:80 -> 192.168.0.65:60100 [A] |I+.9..TnE.RrG... ...V..A.....?X..'..-..}.G:..>..+uq.W/BD.z..53-oO*j...k....z...%..X7N&H.k.J.4..ql..g ........pLd..!.l..:J.yE...].j ...Cxh'QJ...C5X.).............:...........[*.......&....9...K..%4..N,..Snb..$....-..&..@Q.P......0P. ........@..P....G3.E.B..sY.L........[.L....Eb....SJ.B.n..2j..S..}7}....Q?.%...^*.)'.....5........:&N5.[.u0fE.xm;..U....FM.c...c./C...........JzD,q{..N. ..U.i :.d..:G..V.....<..J.^S=.....(z|.O+~.a..'.....8.Js...kC<S,...."r.....X..... }._|...7.O.0.....8H.D.,.......f....I...<..{ .&-Qx......M...IF.!e...........A..U.....:......D6..x.:Ny.>Jy.....=....D].)E....q....W.....W.Y.T.sU.G........4X|..iB....M{...E.8.>....[.. ..P....;...@...EG......5..../Q..1....R....z.'~..j.. .....z]..g........a.r0.q. ..V..v.6.=*..a....n. n...u.....u:T..E...BG(...'.2......`H7..75.G&..........~.K...I.?.)...w.....A.......U.l.{T...........k.z..d..2..E.J.6.fD.!u...k..X}...U....R].-...@b....,.{.d..f....Alz.....AYp6 ........f. ..?.::.!..i.%..4D..!..rG.yV._..{.u.f..........N.;W....}Bv<......F...el...A..S];g..`&.f.OD...C{.Z..\.j..`..(....[}...c.8B.....G...lw.&.r.CX.gi..Kay.f..\..~%....]l..........i...I..[z..h.$.....:..e1.a.V>1......._....f../6$H.`|n.7..K... o......b...).H.Ydx..<`...r.T.y.+I.*IF..........TMFq. ..J;H.<G..I....lw.Wu.Z.5..*...?.".9..M.j......).j..(h..F..5N.h....R.....JU.`.!.....>........>S_M.l.....TdR...:lZ?".....:...>.m.G..)@.Xc...S.Q...*...'..rm..F,!f*.I)?w...40...C..3.. vY..D.Y}....[Lr.M..l...T.....Z43)r.....A..........t........|y8.7...F..!_.O.$....FK.1@`.(<.....T....X.,.qhi......|*:.$..Br%F{...udC.......X.D..c#.E.e.Xy.m......Nc.......nB..i.......d.j"2..-^.Y......G.9...N..6..i.!.LS.C..,O.E....@.].. n.V.-.o.p.!9}...k.....-........R....3..O...............a6.........$...:...,.#88.[..c.x>N.......o@.Q......g...q..$.9.o....9...mG.3..F..~(de.....,X...@.....&.U....9}Q._@...qc..)?.....#.....=|L..v....n!?./..X.. .l. .M|..a?.0R%..Ne.uCA. .*..#.xt...?@.....5...3.0......l=..r..y.|....sb?..."vs^H..R3. ...=.[@(L.....8.P..V....).j.y;%.B..D<(.Z..1I...]'[.".....}.l....'.X......$........e..j>...z..w7.....v?.!F%./..Lz..=%..<..{B.....Df.M.N...}e]..I.......s.n...#.sK...S.....f .;.?.C...k...$...#.7Gz8.%@....(.?.......c..e..ITQ...6.z.....[....;.&.>...ipf.....*|....8.O_.)v.*;Y._o.8_..$U.;B....4...........a.uE...X..@1@|Uu..(b~2Q.'..+..Xa..)8.. &....M....bT....l...W.AQy..s|iXb.Klc..i4..&....4..@."h.i4..&..$.4. .@.c..FS.h..M6........3X\.h*....G.)~........cD...l.LQ..Y.....c... *C\/.K.k.X.qc........5W..._.....;..J{(..!l.M....z.....8c...^.q4......c1x.M.&[..?....V.>..........C...y..]....W..)..S.\:{........?%.x.}.f~.o.v.}..T...5.......m.D,.S{.. ...YLb..o....E....\......%....[.>...}= H. a.r..y........n...d.TSd R...}7...rm.M?..|..C>...%....Q........6jg..B....S.^..b.-..p...X.O4....d.X.........;x.x..?..:..\.6...^.....*;..v.-..1.h..q..._B.......Wz...M....r...Zn...Js.Y.x^......5 h....9K:.D.......... .4..z}...K{/..!...........)....={....=...,S.eds.S"....5..^.....e._.H.8.(S..D/=...=..8..#..e...4...3TT.d:B.......n.....HB2..xHH.$8.....2@B.IHG.R......'!.H....$!.I.<$dN....."..$..rd9th........Q5..3..b\.8.PY9p!..1? 8.."A..mH2.2..tca.....J...........f..;....v.m.:....nO...;...wVc=P....j.I\(..j]...H.sn..}..$.V.v.../.jn4#.'@=h}..!q.4.6...{...P`q."....-..Z...~...eGX(p....U...7a.Sw....=d..P...8*.d1v.-.q.8.@1k,.rV&Z..cG...N...s.M)oi........Y.5Hx.f..s .m....:.....K..x.....L...f.t-nF...<..d.`.PS....:_....-2.[.Z...gq.E.g.K..._.....5K...#A...|I&F...n.........hlI.N....o!..W.....L.^.$..N{!....'.C..a.-...l....|^R..X.i.#X.9%.%B}$f.k...b..jK..m.c:....@b!2.9.A.=........=%l.?...o?o...... . .q|....:.............v..$.*.......v............S.....pFYr.......8..<.xw..e.J...e.G....D..y..D.+}.....;..C........m..%.......{...G}.6,.5.@.........Q9.J..i....Se"..y..g55.....M%0....HSU&.T...xVS....}w...F.{&SU.z.-..j..wvf...G.F..0.h$E ...U.M...i.9..q.0........3J...;F.69.ZN....`0.b~..m......H....@......P..C..O-.B.(l2...F.(}......t.e{8]>....y=.8.b.!.....#.e.o.ip..C!j..1LQ.....G!6#.....8A..Eo:-.#...`..%+..s.?..}.K]......$.'b.........C.z_....h! Wd..Q.G@.v..eV.i.....H .}....R5.u.......=.s.Y..(.........;...0 aT.,7.....m`k...+C...S.+.Ba..-..1."...`V....D..H.v_......jN;b..*5....,...k ...I...-,Pu.Q......>..B..Z.n0...|Yk 8G...{\....CV.8....6:....6...j.*....RQ....GGP.D.#.5>.&P5...X.c.......$.5......27 !.k..-L..Iji...z.t[t.N*}..05TG.Iv7im...."HO).7p?tM...@.O..r....@Yl.....Rhb.'zq.=....[.PF.P@......a..NQ.h^.j..).0v.......>R S.K{Z...........E...X.e.8 Y.Y....:..LD.6.)=.......ISk4......}.@..?.p..P.....w..,. # T 192.168.0.66:80 -> 192.168.0.65:60100 [A] a..-K!..gf...@......D...nP i.{7..(........T5..........x..8..V..FU.......h}.A....z|...yhB:{>.LP.J.c..e..@....../..r..y.9M]...u...<.@.v....R......@p.%#{.........6..;.....Y|..}..p.............]..e.mQ.V...{\..@..9fgC...D}..BmW..c.{.. pC }lz..P.....C....Tp......$I......!]#.(.,_>....T.]u:.g........=.........bc.;....7.......P+..w...@........pH].....t.......Hh....Y..|..vJ...:G..:...B..,....Wcw=..D.]..,,`vh.....y.v..U;%.L.#t..J8...p..J....{b...g.].......J..>.y9.{...nu:q .....?..6W@..:....)..>..ruN.DoO....4.......v=..CkL.,.....B...@..Qnn...G.*{x.p...(............,..&F-...@.._.i.5(......DD..<.........8...D._P......gL].e....#...@|..s..5{.p.eF...\.....U....k....@....... r.......@....=*o5\..-J.j.En..... ..5._.l.......@.6.h..u......5Wt.lb8.j./g....t..l....6@.O..%.......%H....?..of.}3...&F4. ...wB00......cS.`=.....h..^v...PI..y...}t7...Dz./.7@....{v.m......k........&F...Y.......R.z\...GA...L..|6p.B....6j.....Mi..4nS..NU.@.I.O.x...... ...0..7....pE,..1..._.xE.....7..........e....j..5.y...6Jk/.].g..L...a...T..=.(.[ ld.2....*j...........DbQ..`....D..G..A..A:.y.{...vo..@..a..........?o.................:y...~.mql@..}.7.....c.j.l].=......"\9u.......D ...o...C....l...B E.t..q..v.....[ `;.....arrq2.HV._iL.".....#x.I+.R..<...@.l..%i......I...&.....uP..pN2..6..=.....J........5.7...._...r.D...X......`....x8...n.Cg........9&.nI..,.m..=..E4.i.cFR..e...|.D.....:.S...X..@..O'..uAB.N.5u.....9...t..HG...... .jz......"x..}..e.D.`.=..lcc.q....X....}..3nQ.e.?....NL...~T.O:.":.Z.a.....s.."x|j.o...sM...(.pm.g:_....8..........)......e.o0.|....^.+Y..7CwB....:_..@ ..P..X#x..t..W....5<"x..@O.;5:</5B:..E...y.....(Av.....P..H.q'...;.pF..TCO.,..D. ...i..L.]....U. .ug.i.....J...<O...L.x.jw9.3..N..s...1$......h.....^.I*..>..Q..g....;...../...T...b..W.g.+%.g...X' <....0E.......H8.:^...W..C.wH.<t..\b.Vf.....c..N@mI....%.....pB..q.8.W!"x.K.tG....[:.j...3.P(xs..6..*.-.=.k.v x...8D. =...C0d.j.R....H.g...e..z.#xTkh.D...^ps...Y......P....Zw.M........e....n.a..c@.M...Zh.]...Bf:...K7..]...2t...=....^v.W=...,....../.......g.P...t).x..s..\.n...w.X....'.Y...^.<.."x.K..8....]4P.~s#......>n.c.OzuG..0....(..CdN....1..*x. .....5=.3^...Hx..BDb....zq(7B d..t.w.5....8......v......w....X}:........I.PE.....l.;t.)..6WT2......5.....^...Q.s.Oxm..p...?..iG....].i...C..VjKn.................R...............<....:...........m..............YT....e.)<L......*..Z.. ....||......Q.l...VG7.}.4.{.n..Y.t|.'d?*..zd.g#.g..vm...W... ...)..........r.^...@D.._...O4-.."O.W...|...2G.....D..SH..1:.Htz.J.]&...J.....p...V...>...?F.......p.7.J.Q|.......>8.D.9g.H.y&.|....Vz@D.x%.D.8.....]~`.C.........62.:z.jx| ...Q.z.E+......%.$.~..CGD....k....O.._...(Ec.T.<.....#..(..=l..`D."[/...UY.D......C}......X...\...|V.d6..ae1,...&..E21.!o..T...yM..".6n..fC?TE... ............v.".......f.\.......I..\...p..(.E.\~...C.D......u..?}Oz...."h.....'...(... ....d$.0......Q.....5...K...Et..n"7.l.Y.tU...K.@....)...vf.GFI.S.........4H]M...{.0....o5...K|gX].....76A....$l>...GV...X.....>5...md..4.&...A.e....~.52.T1.M.....7.N..&..&/s.2^FN.0.......u._.B................X+.......p...V..|yXO.... ..J..W.0......^....+.&..f4rnB. .:{.L.h.~ ..QR.@\F..+e.....).Z1....n8.....A...[...O.u._...5.8..IC.......ON........y.5i..^y.........^.....Q5..|...;_7...mB._.Xdu......;|.d....^c.)s#......bv,.Q.....)...I...}!B...._.......V.+'.[_........ .....g....%2Yk.*"..T...'A...0.W.Q..1W...D&X.l..6.4.KjLH.m}n.v!..?...EQN...E...G..7"@.Z:z...]kva.1.S9^"....W]...E.6.^...bj!s.t..".V...<.....$.+I......u..."...F..L.@t..Q..;.....~.....oi.8"b...(.ti.....nu........P.-..>...."..l....U..A. .0.nY...r....y...c.kX...5...\k....5....X....5,..Y........EB.'..7...$...L[.%V./.$E..Tv....;..................%.......Y..x.9...Is;..C.....[.Qn:......i.o?.o.<.j.)&.....+t4R/.xc....O.,....:1.........3.,.,#......p:|.V.$|......S...6..s.AC F....+..J...(....I9...!V(.%$=DK../.y.P^..>.~.....gT\SCd....A..T/.E0.9xtg..Y...3....7.#Yi.%\....Lc..1....'.x...u.[.7.o..y.%.1...Xl5B......./.,|O..o.p<d%.9..,..e4.D.G#.y9@.CO.=....6.a`.Ts...C...v..shr.......S!M?......o...z..zk~zE.T... /#..f.-...\.r........@....jF..LKk...AK..1ki......|.3&0..U.X....&......TD.bU.l:....5K`..X.M..X....7..<.l^tS.c|......M9W.y.rv.......rA.....0...+.hxE/......0.U......i.. Sm..}B.7.kl.U.......c<..m....Tl/7..I...m.. \aE?..<m.9.961....G...\ #~..o..J.....CF<..r.s.`.....#.W.r#^..8.e... .../Ro...IXc.z.d.X.....m^G...xn....o.t.V7.,.m.&..M...g.,)61...'.,'Ir.,...}..._.gI.C.<..r.s.@.[.q.._q...^n.s...].L.."I..<....Z.....0..Q.....U..q.F.X...P..."[.4.. # T 192.168.0.66:80 -> 192.168.0.65:60100 [A] x..1..Eu.E..........C}.I..>].7.}...P..!C..?9.9X..M."L..8.yE/7....c]&M..e.>.E...]4.ilZUqj.U.]..O.2J.k...^n..U..47..l......o.|.>s.slr..1.<.g.....E}..W.k.w^..xg.O/..X....yR._s..*z.........O..H.>.i.-.u...uu..!...Z.uzZ..F...i.r..h..M..o. R.f?...b.^......{.I..=].7.}....V'.....L...'P..[..5.r.......}|.$.s]O3.:K.e..M......c.C.2....5.....).pm}<...3t....../..COl.g.t.G6..fa...mPp.K...d.[.N.`.R#.@H/............y.1..}8?v.S.!...`k...Y.O.8.. yO.V."{...}cI....u.[..;........^?.. .yX..Y..a......y;.0.(.B.#.Uo:.8n.Zw..IB...}...H.......h...F....~]...H....+p.A.5O....._X}.+..cg...e2`.+^B....5..p.~.[....%.s.OL..#..:.O..~..k5.L.....u....DI.$..D......=.&....J.......9.Y.....}-[.w......_..l...p.-.6.N..........?...n... .n......v.~.....sO....2o..7#x....p.bN.P.lfX..A..f.....#.Z*...v.w.b..+...eNP.S5........U../..1v.6.....qX....W.N3~3...'0:.M.df...^^.3......iW8I=>M3M1A>.s....f..+..!2{....9\./T.yxc..G...t&...8.<j......w.....h.........#.$.x.Kt.7...D"<.. .p...3#..~.W.%P.^K.g.m..Qf=n..,.=n-...L..1...wa..A.}).Rk..1-....D.Lg.....u......e.../...V..o......<.T2..~.?-.1..[.....@mUl.....q....T`.G:......... ......_b.v...X...w@.........c.;..6\1.`.!.......(. .7r....7......M_..8~.r.-[yOP.7.n.&{ ....]..O.K..m.Ve.(..#"..c...l.n.P....r.G.u\.G.aA..m.#n..G...&...4/........\..6/.a..l>...1N5.K..4..z].5....I..n@.Y...#...fk..~....6R............. 4.v..Y...2...;-........Q 8.p..v.............C......9.........8N>.b...F...2..;.....]z... ...MJ.._.....D..d!...........*.M..Lc.c/.".y.B.....5@..NX$$.......... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.66:80 -> 192.168.0.65:60100 [A] .b..i.0u.;........G...Y.}2..Fo..^.KJ..^.y.N.~.~T6..U......@X.#...xb....bp.....&.w.@......#.J..I.....A...@.z...5.....t..G'.P....H......Jl..,....5.`.v12.........h.6.....w.N.!.0.F.-..-V...!7.N1.U.....h.[.p.;.h..\3.Q-9......8..\.2.C.1.. g.k..'.....s.........W.tz..=O+.........W.at.....8i.&j.8.\;...........Q2...X.<..[..P..t..=[B...-.g{..*x.z*..W..x..#z....$.k....s.....ZN......VJ..5C...4z.]...*7...c.....I,..!<.)...^...ke*.z`.zJ.f.g..{h....`.!.b.C8#.jkl3)..v50.e.2.U... .QP7.I.R.~T......d...w`..RE.c#..4u...Q.;..T.I........P....V\n...........C)..>V.X..k.,..E...E]..ju.s..........|L.A.....U..Ml....m.....vy:..wO..T.v0j5`"._R.(X. ....7..G.I.\s...K.`.;.C.w.......t..L.qe.........kw..~....\.]......inPr.... ......2k.n/.1|V.9...6..Z.-`..g..Q.......O~^.u..s.j^...;:."....V.[sIBC.... Nu..g{.jcOrd.....g..3.4.......9.I......&IrG..*......u... ?....~..#.x.6.....D....cDct..9.4.>.RsT.Q.].c....fa..M.....=......i.S...Q...-V.....5...Z....;I.....x;. .......~..w>..&"..<o.....#.h..........iiv....y...pQ...gb`.rw<...".....O.)......~.B.^.a......D...A.h.n.e.B.....cq..5l...4,..c.......X....s.o7F..j..Hc...5.d.mU.]a...R.....f..3..H.}0..zH..n....,KH.....97f.}.T.o..;...R.....1.Y.....V..._ .....k-.|*U..>t..w...}.......B|...!.....h.j.......g21...n.O.$..D....Sk.......H.ab...(oF..4..T.@7._`.d|...Pz..d....k.W.gD.sa...7a1.FA.x-..`...G..%.. .L.<.g.n}V.@.(sd........L.....HZ3.S{.iN..M..t.%.A.......W..F._.o..t...$..........*.2 )4...t..B7|e!....$.q.y..Y...1......5X.jo........t..p...A.Q...o'..bx&.K?.J......J"..Z.'b.%.o.[...YxY.....*.....+...;......,...9X.J.~`.`..`....`..ow.L..t.L..:X<....E.Q,....:B.......$......U..A\..6K.n.a.a...Zf.|Yl_.Mb.V.#w....'k.kcg... .w6&.<.7...iF..h...J.......=.....T..>.1D..,^It,..+%{...B.*.7...|....br...G.e.2 .38...(=,....6....=..... .uW.\.z..9;...zM._/....;....4Z..nhs>.f/.h..#...=.lO.-...........q..;.n.....).......=Q+NW..p........w.'g.3W.....Fo>.......F._..P. q_V..s..P>...Ml2......r>... ...-...hz6\.....%..*.G.tMR...F......W".....Ue2.J.[..u.'K-".'.....T^..j.....u. b.....t..|...s.t.G......t.$9.t.E.k:O....c?....?cMG.19a...L|.g.w...E..W..J...[..2...6.....`.?.....f........sd{..8.e........&... .vn.Y...q'A.vz....'g.R.b.&....L+..Y.r..z.e..f....`......-..;mv..YxO..s.wj.f..5t..........N.&.].c{9...v.P.Vbo%...Z..!n........fTx.=....`.!.....B.,......]EV.H..K.r.l.!.0p....,.<p(.\..(....v&..Q.2P.-.....[.{....FF>.).}......]`..f.A..f. ....}......Clv^......._....axE/.L.=.\.......f..........;..x.x...6!6#.@..1.u.........1aZ..hs...m...e...M..|s.....:2.g.&.1.."....6=..Y....-.g.*...\o.>..3.:$.2g.cd...n..g..l.{....]+.......v...R2.7.>......%.;.Dc.....M.....`.s.;..y.tI.o. .E.. Z.B<...d..|.......S=F.-.Z>...Y.w.7.M.j=...0.d3....W~l.r..{.d1..;......|..@.Pi...JE.....)5P..*V........[..P.>....w..%...YR.[.......O...5<..@e.z'.9..../q.^2K.....%^.K|.v......G....2......#.n.......a...b.d7cu].....33(....#f;...+7. ...(.{sUdO-..2V^...o.^$...+d,'p..,Kp..f.F.#..-...9....e......j.0..8.rc..W.F.s;.?......A..d.-.R...'.{_.@.p....|..z...t..._........R..Q.b....0.Xm..}..{B...V`...2....S.0?.8..(......#.Y(.Wf.y.}.......n.....J5y#C+.E_ J.......Y3'.J..<..$. pn....0..E.._..t.}...\..M.! .*9.....J..m}n....i3.P.s...Y...;%.j@H.VCH......>8..!.9..F+,....5.*.]2.>..K.B.u.|FnL.k.......4......J.sl.]k.._@..T.tB.2[.2....p.......'/.H....0........T6..x.....-.....R8"k[%.E....v)f..0~4....;}..t`.T'..K.. .}.u...9K...6...}......m..[fCY..)...d.,..}.......i.......o.@F.Qa.cm...i..1...i....e...-.........*..6......g......L7.2.d..hw..N...T....)...Y%.. M%.).guZ..)).R..U....]i(.....:.a}.....j.O..u.wP.........I...I..B.....[68...Z_^..6\.k...7~ .........iY.>...z.......xK..k-2...&..lM.[....Kw.....m......z.o..:.....sM.......c..lw.h.........`.F......{.b......J....F.~.H>i..Ieq..`..G.k.(...l.z.r..).=+.W`m@.Q.P..m..K.x.Q.O.....)..bdL.FE..........5....X0*.....r6....[}!>y.N.b-.... 'H4Z...==I..pn:`&......!f1...d.G.bD.U.........j........g]...s.....V....c.........4{.._..w.k`1b. .:a..d..Q..;.q.O.e..`'2..y...~.b..E.8......$.....I.../..cg..f.....[F!}.*J...}%n....^?...x.....`..u*H.DH......`.....h..^...j]7...GE.)..Y. .i.Yo.1cH.<...XW.I....$..3.....X#....-A.....qNi.........#..............p.|.......k..wkj..|C..e..C0t..p..K}.......d...Q....n..P.d.I.,Y'c...y%...;N.Vyh......fl.",F$.!KY..H....VP.]KD.$Y.'.`.q.+...T..L.E.....q.&....gGr...+V.....4....=.. ......G...j.....`.8.XR$..2....x|.~....=..d.@.b.C....=?....LU}..3...G..........u..z...k.}.e._..u...H.x..]Eh.!....p.u...C?T....M86q.D`......\.M......J...&.>......n2.. .L2.z ,rc./.. ....2.(x..Z..}.VK...uW0.. # T 192.168.0.66:80 -> 192.168.0.65:60100 [A] y.%.*l...q......Ke.n.{..aS...../qM....5Y.{..S..\.b....h...*.....z..X.$....l.......r....l...r.T...V~...d....6..|.!....tZ..&..].Tl/...^....q.....&u.5..KE..!....T.-./`... ..GofO......X..(A.p."L..}..M>~..f'd..n......L....2......o....F [ ..ZbK..d...6.{O.;..>..%T.....M...*...?.b.d.|.s.S...R..B..K.......2)..'M....M.E..&..m..cM>l.d.d..P96a...7[.3HrY..E}......Py}....G,T[@p.b.'.%................b#.%..G@.4..E......9y.Is..1+.*{.............$......9.W.k.i.>dN..O.iB.n....... }V.}V.}V.[m.o..Pe..jtJsl}..u...I.l....|H.j.~....&.3....l.I..l..o>..........x.......&3..p2~..~..~...V..[l.TV...:.y..eu...+.-.y......s..0l....x.Y.i..gM&.z..xJ...&.>.....b>.bp.....F...........j;~.. *..l.....j'&a>..`B..c.....)....+..G.v h... I<T...Q..5,..}v~.....b...=.G..MM.xn...g.....AqQ.y..\*..[....K{......sP.......3..i(.T?.3..h.r.f...T.m3....Si.-..'.......]..A.:..{....\..t#a..q.V.!6.U......&...Z..*.....H..\6.8o..........A.r...:.kG....2N.........<#..c.%.......0-. ..%c.]L.BN.....3.......pz*n..5..kV......i.. ..3.c.y*.....]...OF{.[.8&.....A..i...];........xq.21bI..........%....a.=.....A....`.Y.4F...u*...Bc.P.!....F....i*]v..D...i..GzxD2]..=..y...u{w....A.%1.R.`..>...y..B..E ./O;.....M.......... ...z~Oc...i..>...ph...^.H.s.[.D.....!..NkU.k......w... :...'p...).}Q.S.(.......=.m......C....1..%...;...#..1u.`/........%.R......Be.t...P....1.-.l..]?t.R.}..../.... .....@F6...$.hx..H..C..-....D&.....R.....>......Z}..bu=.^c......... F...}..~...oI..SR..R). ._.Z.).v{n/.~................M|E;.....J."H...d.>...;..-3cC.....i.OJ46.&.\..4..j.]..M4..>...y^..4e.........<...r@.......{........r..(....%...........<.:.yT'..n.FZ.ohM4......,..g)..R....@.....{...s`2..z.=<...... ....%...4.`..8...Q.....t....q,j..Y.]Q...>.E.....e.7...-....r..\..._....Gm...9@....6.k....U..q...~..B...Pvg.q4:.=..a.h."..h.^470P....@......U....21.;..U..;SF.2-."NO`"DS#...1H.e..74...YR...HL.|L,db...Eb...2..W..T&...DN.9.h..a.d...>... ..(.T....P/.j.y...J..[.0..3..f.Zf.i$.z..J.(.3...T..s..D..5.t.E..#-....f.6.y6.."...Q+..J.-._e..A.8.WE..IX.>..,.R.0. ...J....2*....oT....F.F.......]]..4/.2..<)..-).l...$O..+..*.r....2..8..0....#.V...".b.....l.Cs..H..,.$)M.j..HW..IR(4$ '..8.."+...04R7...H.2..,..(......s..y...Q...M.b..q..i.UeYe.....(&iqNy....7-WyT.e.%aR.E....,..*..(....e..S..-&..d#....aV..H...C#u|Bz...h...u#....Y..QQ.E.cx.5W.@w.Q...T..H"....L#...]..@.*..fDD!.iH.(.*\.eW.(.aZ.qRdy5RCE...$-.0JH7.h..*. ...uh.......D.H...,...-H...<...Wy....<...b$:.V......[2...4...2K...^.).dN"u.].+>....o.OWD.f..6e....o.._.+....q.j.O.\...%..\...T.d..u..q...i..UA8Gz...b...E.*.4.......I...(.RcJ:..`..IsQ.. .*.2+.]..)i...<.t+f...J.}..d4.&.&.h...P8...D.D. ..S.AiT@..0..4!.I..A.n..t...09A...\TU...Vf.C..'...7."..2*......_..1/..Io....1+2#c.N.&3H~H..O.. b....$.....4.8g.>7k..M..!..@$.. 3,.U.........n..bg...$.:.N.U0..afV@.;".Y..D....u.;!.%"%..o."!.%".G...!.....IuB..t.Ps.'...........W`...x.. A.$......91....U.m...N.cj..91..,Hh35vL{...D......!iL.d@..@h..$. ........,qauO.....*.O...$....=tM.:R2^...,Lf..8...I........V.L...3..."..*!...?...;.;F..........0...@...,...Fda.L,........%4..N,r......2.T...."\4cNi.(](.?F.s...@Q.P(.Mh25 7P.................&;S.E.B..H....@..P(.Sf...R..J..,.5e.)Z.....Wn..=1.yD..a.h......7.3...=9R~.-Y...@..%L.....rX.01Wk{.......M`.Z..D.*.zI..)4....H........d...Vz...(.L....L....L.n.|~.T... ............c.v.h.3...k.E.($fLX..6-..4=......_. /JL.*..5.hU..f.'y\.....E.0.Hu.....~.,...(.....A.hV.._...[4.....t..O.EK.......E..,..8..4B]v.-..i.../t..D..%X.edi.R...ETTi)..<.....F.8&K."....D.Vi(.B.(!..~.2"L..#.c4..*......E..2..$%..*F.QsC...."JK....Yd=M.y%YkE..=.7.....%9)Y=..)..... ;GG...G<$..0....j\.<..s4".....8G..,..!X...'^.sT........TA.jdmYE.u.....A`{G..+..,.R.Q....=.By.....B.D.&ta..xc.G.$..zQ.5W......3".i.:..^.)...~..M...$'..iE.....X..q......Z%eX...K2.B....".W`......_..Kw.R.(w..p..+.Nl.../..(.....Z..3|..u. .....,...r".U...9.G..WR..$.@...t..:)].h..TS$.hg...3.W.$y.`.."MVe.GY"..H.UA..B. #...U..H5me9a#2.d9..B5u.;T..#..9.,.&.....Q.U.9.....IF.....4'....$O.n.,.iNf...`.....D...J./J....')PSid.6......DDN..tp........9..VeA:..%a....;I5...n.%M.j%F .Q5.m.8..9.oL.4.......DE.l...I.z.UD4dY..'..1w...^.H....a...bH......^Rm.1..r..!aH...&....+.I..p........I.=e.y.......(--.7;J.......Bq..4.P..(M-.7;J.......Bq.....[=....}I....F`..Y.?"..+~.Z...N....b.....w.....dG.10.O.).2....A.._.....v.F B.....;.....3..r.q<....`..f_}a..x. c...2..w5.|..]5...:..k..U?..O....{..].?}.#....)u\...5..`.....w.....I..2>.......v.D...~.'...}...X.d.......P.E.*.......;o.z...6...[.h..........Uwd....`....@..W.......aZ.}B # T 192.168.0.66:80 -> 192.168.0.65:60100 [A] .M.m ...."...A.K...........!...Gj.........S{|gp..J.e........8!..HM8....."...C....rA...I2.lvp.Pw]...%E..H..!W.H....../..c....*z...z..{....5G'i.4.*.....+".5vMI1#.....e..`A].V.hq...[ID9.......q..oWa...2....$...J...UK..q....Z....Y....[. rS..S-...u6f....Iu.../....1.._.|..A.......i.L.7..#xn...+Q.$.....,....... =...n)f..1.....<...$....S.b...@5W.w..s;|h.I..A...7....Xg% ...bG.....S......../H....hr.''xr.'gxrn.../.3...nK...(m@L".d..@d.0.|.3I..=p.,e...}.....gB...H.......&. D...TJ.......q..... ........7...C.....!.z..bOLK1v.|....>N]U.qjW..m..{.(.....>.{......M.6......X;...]EO..=Fn^D..[.:..X..:.V^r...+Xn..8.........Q.V....%Kq....^..C...,.......7.R./wCk.+...f._...m}....^.k......c...d.j........(..n.-I..... .....L0D.....Y......a.....'~C.].7(#.-.hA......W...o...\...<f4..S%..l3s.o.....(....V..._.......g......a...x.Q/ ..0....k'.....b ....._.+...7..,.B......x..A.../.4J.",.....B.....Ds......T:s.~...vAl..h...#.#.Ac^..s...$..rm.<~.I..\cy.L.P. .............g....S........T..f":.L..........5.S.....4.m......u"V..~.Jh..uK..w/,..3.4..b..yi.c`...1,..b...... P..`(D......5...]...^...xG?z....Q7$...K..W.WRG.\.3.sH..Gy...(].,..D.r..L.../.T.......S...jqa.8.b.....'v.h...Y.._:...'[..5. ..^...v....&1.H......SMT,.>...B.!A5......v......1nK...A).......I'.H..j.9.F..-................B...LV...X.<.v.... ....%F7Y)+lV..9..;.....'.....@F..K'W............_.........@......CM..................v..2'..EQ-..X.r.n...^...(.=...0.$V6 ...............ri..3rb?.X....q.:..x..;........~z%?...._..u^v...u+.y....0Tm.......,.e...l.A.r.../...Cm/....)i.".......fOv.....3...f.............Y.@..F..nx.]I..F...}.....N.u"Z%...vv..\..o...+.v...jy.{......n......6n<&..o....a.`%d..... ...a~...N.N..|'...KW.1.u...U%..G...K9.?.......g.H...[wl(.....G...2.c..^|..I3.....$......;..Qi;gj.l.wCW...1qx j....D..L(..|L.Z....'*m}%.....4._.QG6.,......p....n411 q...UZ.+..A....).6<....`2 ....9...g2....3.....zy..C?.+.@......aX..>. '.,..x...D.mwU%..L.f....c6X......J..2.}v....u.`..qz..3.+....QH.r......|.)...$Q.T...AY}..'EV.x.,...5..@'...&6.2Zj....#.A..E..4T8^.Q .].......(...A...>.%..U.Q.r6..(.E......!Q.hz.l]..p.z...L.......(W6.U.....>........G...|b.+.../K.B..9) +..."c...z..#3I.(...W).....E.Y.''.B^!q..J...~...M...\.l...WI.H.......m,.....;.r.Un....i.C7.DI.g....Q...8us...6.}#...u...?oQ......D.Q.h....IoQ.....?8=e.G....0..........]|...,.......w........r..~y#C9O'..8..>..wT.(.......n..../.h5..... .WS.s.U.nG....w....=Q.....W..S...%...\...L].\.(8Y...>96.......Ot."......F..f......E...v.w....Y._0h....P..r|...w.rc....!....:...r......bM.......a.2.....R...`?.1..Pw.%{.....5............$..2.m...sBy.e.....2."C..$GY@..58.r0K.=....Lo... }...n.Z...C=8.......4...M.]..;..K".p.....*...-.6z.$v.....9b. ......b.A....1K4..Q.r.}s.....z..1....../. X............,V.2...e.....K..h.J.Z....b7...D....{..C.............O.........y.;\.RDX\......T$..Y.?-..3h.OE.....g..1..]..u..b..1..7 .....NJ]l.N...\3@..E.r....@wR..kPW8+.v....Eh...?vl....5BS.....k...........1........f.z..;p....l..1K.....F.Ac.a.q/...;f..\.F.s.D.....Vdb.XE.q....a.......[..j.m..u.'.Y..:....>.V..4.M.........c.fo+F..z.l.U({...Wc.......-.j..Q.o..2A..;% .0.'....O.....Bd.Y..K;|^.^!r...R.*.{..U*...Yj....=.e.P.W.u..x...wGA.y!..(....[.S....S....S...oWi.u./..e'.Y.e'.Y.e.N./......*......3.K../..%...+.*89...'G.U.... Z.&oa..|0yKO.2.....]6=.s......8u...C.+5....`;.....W/..)?E..>..s.Nz=..\<.= ..a....Px...v ..~...@..Wz.W..?.n_N^.._..g..........R.?8...50..{.....;.G9.4.....8..:.V.A?......V...........7...<.7.8.>..u.l...8._.S....W$.W,.17.d..8....VV.....QY..q]E.9...;........v.eh.5..hB,w..........>V.+.~....C..S.H.%F....H/....Ea ..7#.Q..8..V^S(......(H...`.....s...!.|.Z.......... .4.fa_...}..>..x..yx....A.s...../b.%.....ag..jDWiDB.Y].....S.i.RM=.^\FG.d.J..@v;...r ..n..>7`...V.........z...h.Tl{=".=.ALJ68{......[...f......5.Ll9....M`FV.o.H....C....&...ZLgW%.. .x.......C:......GAA....vU..w.TL1..N.hn...ET........P..2......Y.!H.].)x.y....x.f...9......Aq..i2o...j....c...LGD.....h.).....J)X.j...a..q4.8.....7@I|L.<%.........aZ..].a.&.D.#.J..3...<.....sd.`=W.......j........f\m.P......2....<...* -.@..&.0(2..0.....v..A..T'...b..(.!....................3 .~..b.|.l...D_Z-.+Tw.^.JVS.3u...v..&..l...i.^.t#...I...Jg....f....+.)...;....|.Kr.....3.>...h|X@hN.*.n.J=g&.(......P..2.......P(.>=.k.bD.1....p..j.....YP...Z.D....J.........Y. .I......O0~\^....oSX....w.@.h0..<..S8I.......D.......Fsk).}.#.#.f...).X.#c...Af#....IP....uXL..V.X..."......t....lv.\T.7.G`..N.+.e..../0.g+%......T>if...&.N.#.K ..98..{.......g!.|..)u n.Z...Sa....~x....(* # T 192.168.0.66:80 -> 192.168.0.65:60100 [AP] ?.j.....%d.e......n..t..rL1e..;.....V._+.. .......S2....Z.p.C..*..X0.'.D...6...|...\.Ok.(..z..ss......Z+.6.x/2f.T..#.........X.c...r6.1Z..dL....e............m..4!..,>....E7_..`b............."..?S...g.8q|.....L_.Z...>yh.C.....B...... .....:.|.A..,t"...V..1..4.,.......*.6..2.W...$....F..R..:=..1...HB.\.fMs......m..v.6.3.n.^...............W.(....Dt.....~.v.._............x...,E.}1...~TN.)h.....O8.b.A...>...D..I.....c[K.r...../V....4...J..8....XF6.w....&.....@.....= .k..U......O+.=.Z......w..e.;..>..Mz.y7.8..S.....WY.6..^A.b{iP).4...f!...".3C...,..k..Z+q{....o....0.n G....(mq....v.69..7..{.....~.iF>!...~..UF.sd.8..]s..C...>:......P.}7....'::8.e...Qe.:..._.$Y%....d......4....p......5.\9. r04...U ..G.....G.Q%.b.;\.mGc.2C..GAP.a...w...f..2/.-.....LS.......F*....<3..*...3.x..|..^......O...`..ljt.7g.=.....m11e.J..2........7.xL.........D.p3.Cd,f.t...T...........H...u..=Z.X..v..z.......8..`..vh.c-]"|...t...m ;."....=......w..]... ..H.E,...;z......./L...k.H.&..cUA...1B.R..B.........b...=@..9.r.k..0?e.o..c.K;x...v..E..).Z(.L.P.R2t......w.n...@Xg..!1...X..=i......V..z.Z....`p..:wF.=c.......Y.}......>..%6.....N.7.Y.......d......%.j.I.;':...B}....r ........A.z..@ .g..|t.r...A..s.....E......-..8....$N.y...[l.t.V._<L..4.b._..Z.gK.o.@... U.[..........a.kv....=I.t"8.*..;.~..[..G.....].U%.sl...lO.;.8......K..;.0..S+^..=R...S.k..c^?....|....7/nJ=....^z........6.6...+.7.....8.....}.-.]T.0uSg...U... 4)..$....i.4.a......NM.G.'0.!.].@....e.7.....E..o.La.......?QbO...#.....b..2...9.1....[....t.i.)...R)...&....f.vK@d......D...`.V.<...^G..L.L..s%G.#u&.1+.<.^..?q...W..........MJ..3\.....B....e.._..0.4.........W....8k..(,...<.3.x..... .w".].\W.Ra\e..0*.....6...U8.m.U...}.G..'bU....w....@..m.@...uj.U4.....z7.z...."..."..........[0.._..Ag....F.fv.e.ze~...i0...4....2Zy..7W...#.....<....!u.Y.G.n....^..(...,=....3w..\[...U.....~.."9......a....N|n..,}.#...0...w........ .....I.....=.'..e.!..Y.0I.......WS2<.Q.*....T..$Ey..$..vL......wZ .... d?.rN....,..U..^....T.%..w3..~E...Qj..y......Z.;.>..g..q.6..uq._.p..5;`.@..._e.;...\p".=g.........Y=...>{..9M.5]..^n...r.W.........p.pG7........d......M...A....y .;....6..2=.p...(..tKBW.$n.DMd..........7....f_.....+v.../.....W.H~..uq....#H.=u.v.V...;.Po..v.:.!..}.w'R.m.Y7...:.I.G...qi..$T..~M,$U.]...l..........$!..~ IC.q...zd.m..IQ....E.u.iRM....Ep-...n...h...^<P..du...F....,A.Z_.Kb...(..Vm. ..o/...r[.V..Q.D.x......P....z..m._.ng...8..*X..K...!.....N..m.o...#.O.G.K^Q.......A......#..*v..[....?]O.c...!.g......J.H...M.......}^..}R7....!M..`....D......+....D.Xw8."+...?ZWc.P.........-.q;..Y.$.%....h.;.<U..eFG:.G...G../h.... .c..bO..)..A~>...2/O...O.L......9._..G[R.q...8.B..^.....(....Th..f.....y~.B.)$...%...?.O'...T38v.[_...8A.....g~......Cv 0......AQ<..8.a..<.Of.H..E%{.:.(^...VcQ.@.. .""....ldv.....,.m/.+.k........_..520Q..C.L!.....~.l.IN....f#.j.nU.. ..9.N....,.p&.......L*.!...8.y?.....A....5.... ..l....?J:._f.WT.....Z....._>......B.l...E!1".F.8....../f{Q....k?..!.A.Y.......b.=i0!.......h..C{.&9..`Js.......n...y...BL0.$]a...,t>\N....u...#scG_By...M..4.d...T...JG4.....J...]{h..^. .......2...[....$..]AH.rg......E..-..Rq`N..`......|.."~.6..../Cwj..B.......n..u..u.4o.]..\.......~h.3+..hm\vI.........bf.......$...^.[....N@>}.$7.i.v.r.......C....*.!Gl>;.....J...3..r4gx...-:;:JGW.....&...\_..fw.....\3.y.b...%T.f..n E.:...:.V.........Q.b.....\'...v.u..H.B+f|*...v..f..G.d.6...zPR0..K.bf$......^.......;.D..;2t??.ks..\[.i...?_..n....-...V..B..O....?.U. ...6........<A0......O.].B...*..a].....o.f.q.....u......!.[.... ....E$.]....~.6.O.h.Q..+.D....M. ~....IQ`W.:3...i....^c\>........b....m.!.v.8...3./...C..0m/..R.x....sU...h...8.=....x4#|s..('}r.>....K6|.....t..u..~..@t+.gB....k3z...1?X].-Y.2u.....6.,.+#........Gb.....:m.....z.u..W..4..,.D&..o..l?...9.Id.^..........|..5f.~.F.:0.. ^.....j.8^\..IKvg.}..d.s.A .A 3..J.~/.A.J.Y?..G..L4.[|.l.=#5...].# .>.......Bi..E..{."q.f....||....S....9m\Wi..F.E.........>...u.a.?..i^..y.O$...n.Mh\...p..s..@_I..l.._.fSP......b....AB.z.C...(.......C..U`...@....|.v.)P3....(.@.... .......|.....eu.zt'U......;B.:g.~Q..=+....m..mh....(..t....w..........#......x.nt.".Mk...JD..t.$.F......<".g....k.%.@L.zh.n..x................"/.D@.?s...1..{.F..... .^. $..P.s.W...rQ.=.1.W.@...Zx....Y../.....u.7... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [AP] GET /view/theme/default/assets/js/html5.js HTTP/1.1..Accept: */*..Referer: http://svcaarchive/login.php..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0. 50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Mon, 21 Nov 2016 13:33:38 GMT..If-None-Match: "98c-541cfb4100dbf-gzip"..D NT: 1..Connection: Keep-Alive..Cookie: PHPSESSID=h82nu0n365s962jfd5fea4v8g5.... # T 192.168.0.66:80 -> 192.168.0.65:60100 [AP] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 11:28:13 GMT..Server: Apache/2.4.10 (Debian)..Last-Modified: Mon, 21 Nov 2016 13:33:38 GMT..ETag: "98c-541cfb4100dbf-gzip"..Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzip. .Content-Length: 1256..Keep-Alive: timeout=5, max=95..Connection: Keep-Alive..Content-Type: application/javascript..............}V]..6.}..PLg.&.'@..^...[:.Lg......l+q$.%.....W..dS.C.!]./.sn..'..............E..n.r...i....ZrZY..A..J.. .j..L...i.._...w..e......580...n.&.TZ[.d>/.-.,..9..;..v]=7.{.x>..V1+..+.G...Z..nC.D..E%.BY.6.....m.*.B...:G.........D..F/2.....[z......0#......K.....#Y4.G..A.R.a.....(.yXD...5.Z.{. .K..1".,.....QV.[zw}|.Y..........0....h.....^...... ..Uo.F.)e......f.....EL.Z(......J..4.Ay..O$...Y......q.."...i..].8X....q...3gd..4..l*b.........T.(.C.}.]......3(q..`......".i.1#.aniy...E.....RKp.7..(....o.y.G.......V..<}^.,..gtv.D.]4...V]..bhdt<.{......h.w.|...wo>~.4,...%5....0'4e ........r!..f^o?...]....<.n.w.....>4..R).x.!..+c..xI.+Y%05............V.........nk..RaE7..}.;...t.d.f.n.r..([yk..G77...J7...b.]...A:..JP.....n.p....y.y..fx.g.7.L..+..yq8.....H..U.9..!./W.Kx.d...tkZ;.........Z.....ptk...x..W..2...7.. ..1...r.r)*n.u..W>u.3W.....|...h&*WI.+W.{gj..h.V..W.,..5.|.,w.t.qm......_G-.pI.Xy..ix...l.!..AB.$.....o.yy5.. ]......H.[.K..)....u.7.s...P.-#.....#u......m....T....;....O,~......r.@.:F-+C....$.E.Ea./..al%.q..c.e....hO.D[.5..D......Z ..T.X....2........A=kP...Y.<7.Z.] ....[..F.~N..P..k.."+..m ....h..%...A...I.O......M[.....Z).M..")..L.~4,a..$.........$..A...........5...|..@.s.d ...F.WK...........d..!.....~.Yt..P...Q*X...L....y....4...Q./..Jw.... ### T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60103 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60103 -> 192.168.0.66:80 [AP] GET /view/theme/default/assets/images/archive-logo-lg.png HTTP/1.1..Accept: */*..Referer: http://svcaarchive/login.php..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Mon, 21 Nov 2016 13:33:38 GMT..If-None-Match: "27ce-541cfb 4100dbf"..DNT: 1..Connection: Keep-Alive..Cookie: PHPSESSID=h82nu0n365s962jfd5fea4v8g5..Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==.... ## T 192.168.0.66:80 -> 192.168.0.65:60103 [AP] HTTP/1.1 304 Not Modified..Date: Tue, 22 Nov 2016 11:28:13 GMT..Server: Apache/2.4.10 (Debian)..Connection: Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "27ce-541cfb4100dbf".... # T 192.168.0.65:60103 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [AF] ...... # T 192.168.0.65:60103 -> 192.168.0.66:80 [AF] ...... ### T 192.168.0.65:60103 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60103 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:60100 -> 192.168.0.66:80 [A] ...... exit 49 received, 0 dropped
-
repo owner Apache keeps sending the "HTTP/1.1 401 Unauthorized" response. I have one more trick: edit .htaccess in the document root, and create a block like this in the <IfModule auth_ntlm_winbind_module> block:
<FilesMatch "1\.txt$"> AuthName "piler NTLM authentication" NTLMAuth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative on AuthType NTLM require valid-user </FilesMatch>
Then create a file 1.txt with some contents, eg. Hello world! or similar. Then restart apache, and try to get this file: /1.txt. If you can, then the apache authentication is fine. I'd like to see the ngrep output again for getting this file.
-
reporter interface: eth0 (192.168.0.0/255.255.254.0) filter: (ip or ip6) and ( port 80 ) ### T 192.168.0.65:63861 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:63861 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Cache-Control: max-age=0..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safar i/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID=ches8bgmfnhbnbgue39rt537g2; splitter2 =341..If-None-Match: "6-541e322cb103d"..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT.... ## T 192.168.0.66:80 -> 192.168.0.65:63861 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 12:46:38 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM..Content-Length: 458..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html; charset=is o-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested . Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to supply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></ html>. # T 192.168.0.65:63861 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Cache-Control: max-age=0..Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows N T 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB ,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID=ches8bgmfnhbnbgue39rt537g2; splitter2=341..If-None-Match: "6-541e322cb103d"..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT.... # T 192.168.0.66:80 -> 192.168.0.65:63861 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 12:46:38 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM TlRMTVNTUAACAAAAGgAaADgAAAAFgomiS26GLpmYR3YAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAG gBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIAIgPg3e+RNIBA AAAAA==..Content-Length: 458..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</he ad><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to sup ply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></html>. # T 192.168.0.65:63861 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Cache-Control: max-age=0..Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJoAAABiAWIBsgAAABoAGgBYAAAAHAAcAHIAAAAMAAwAjgAAAAAAAAAUAgAABYKIogYBsR0AAAAPMJ4GzalrT1cnrceJZv5yE00AVQ BMAFQASQBHAFIATwBVAFAAUABMAEMAUgBvAHIAeQAuAE0AYwBJAG4AZQByAG4AZQB5AFIATwBSAFkAUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF20kRlFerV1+/tIFJ0CWVQBAQAAAAAAAIgPg3e+RNIBi4bQ/xO/dpYAAAAAAgAaAE0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAAQAWAFMAVgBDAEEAQQ BSAEMASABJAFYARQAEACYAbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAADAD4AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4AbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAAHAAgAiA+Dd75E0gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAMAAAkJzxPmjuTLhsWDaTAK 18VvjOndxqmWaDJKymOBlk8w0KABAAAAAAAAAAAAAAAAAAAAAAAAkAJgBIAFQAVABQAC8AcwB2AGMAYQBhAHIAYwBoAGkAdgBlADoAOAAwAAAAAAAAAAAAAAAAAA==..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID =ches8bgmfnhbnbgue39rt537g2; splitter2=341..If-None-Match: "6-541e322cb103d"..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT.... # T 192.168.0.66:80 -> 192.168.0.65:63861 [AP] HTTP/1.1 304 Not Modified..Date: Tue, 22 Nov 2016 12:46:38 GMT..Server: Apache/2.4.10 (Debian)..Connection: Keep-Alive..Keep-Alive: timeout=5, max=98..ETag: "6-541e322cb103d".... # T 192.168.0.65:63861 -> 192.168.0.66:80 [A] ...... exit 11 received, 0 dropped
I can see contents of the file created, 1.txt but it is still rejecting something.
-
repo owner I'm confused, because I can't see 1.txt contents in the ngrep output above. Btw. can you try it with a different browser as well, eg. firefox, chrome?
-
reporter interface: eth0 (192.168.0.0/255.255.254.0) filter: (ip or ip6) and ( port 80 ) # T 192.168.0.65:64095 -> 192.168.0.66:80 [AF] ...... ## T 192.168.0.65:64095 -> 192.168.0.66:80 [AR] ...... # T 192.168.0.65:64095 -> 192.168.0.66:80 [R] ...... ### T 192.168.0.65:64116 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:64116 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, appl ication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4. 0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT..If-None-Match: "6-541e322cb103d"..DNT: 1..Connection: Keep-Alive..Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAA AAAGAbEdAAAADw==.... ## T 192.168.0.66:80 -> 192.168.0.65:64116 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 13:00:15 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM TlRMTVNTUAACAAAAGgAaADgAAAAFgomiY3e7RIZqtzYAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAG gBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIAMTWh17ARNIBA AAAAA==..Content-Length: 458..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</h ead><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to su pply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></html>. # T 192.168.0.65:64116 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:64116 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, appl ication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4. 0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT..If-None-Match: "6-541e322cb103d"..DNT: 1..Connection: Keep-Alive..Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJoAAAB4AXgBsgAAABoA GgBYAAAAHAAcAHIAAAAMAAwAjgAAAAAAAAAqAgAABYKIogYBsR0AAAAPSPA0g0mQ5UoDQYjXBshzR00AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAUgBvAHIAeQAuAE0AYwBJAG4AZQByAG4AZQB5AFIATwBSAFkAUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKeBD5ZEag0EqpvQXCH7uOgBAQAAAAAAAMTW h17ARNIBQAlblxijfzYAAAAAAgAaAE0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAAQAWAFMAVgBDAEEAQQBSAEMASABJAFYARQAEACYAbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAADAD4AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4AbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwA bwBjAGEAbAAHAAgAxNaHXsBE0gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAMAAAkJzxPmjuTLhsWDaTAK18VvjOndxqmWaDJKymOBlk8w0KABAAAAAAAAAAAAAAAAAAAAAAAAkAPABIAFQAVABQAC8AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4ATQB1AGwAdABpAEcAcgBvAHUAcABQAGwAYwAAAAAAAAAAAAAA AAA=.... # T 192.168.0.66:80 -> 192.168.0.65:64116 [AP] HTTP/1.1 304 Not Modified..Date: Tue, 22 Nov 2016 13:00:15 GMT..Server: Apache/2.4.10 (Debian)..Connection: Keep-Alive..Keep-Alive: timeout=5, max=99..ETag: "6-541e322cb103d".... # T 192.168.0.65:64116 -> 192.168.0.66:80 [A] ...... ## T 192.168.0.65:64116 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:64116 -> 192.168.0.66:80 [A] ...... exit 17 received, 0 dropped
Sorry, that was my bad. Here is the correct log.
-
repo owner No problem, however, I still can't see a successful authorization. Would try with firefox and/or chrome? Don't forget to setup them to use sso for this site.
-
reporter T 192.168.0.65:64673 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36..Accept: text/htm l,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID=ches8bgmfnhbnbgue39rt537g2; splitter2=341..If-None-Match: "6-54 1e322cb103d"..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT.... ## T 192.168.0.66:80 -> 192.168.0.65:64673 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 13:17:27 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM..Content-Length: 458..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html; charset=is o-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested . Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to supply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></ html>. # T 192.168.0.65:64673 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/ 537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Coo kie: PHPSESSID=ches8bgmfnhbnbgue39rt537g2; splitter2=341..If-None-Match: "6-541e322cb103d"..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT.... # T 192.168.0.66:80 -> 192.168.0.65:64673 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 13:17:27 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM TlRMTVNTUAACAAAAGgAaADgAAAAFgomil1Dk0+kpqzMAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAG gBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIAJzVjcXCRNIBA AAAAA==..Content-Length: 458..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</he ad><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to sup ply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></html>. # T 192.168.0.65:64673 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJoAAABiAWIBsgAAABoAGgBYAAAAHAAcAHIAAAAMAAwAjgAAAAAAAAAUAgAABYKIogYBsR0AAAAPd2yqmmSQJo4aKmcLhYkbUk0AVQBMAFQASQBHAFIATwBVAFAAUABM AEMAUgBvAHIAeQAuAE0AYwBJAG4AZQByAG4AZQB5AFIATwBSAFkAUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzOTvwwDtrZiAajybaDeqIBAQAAAAAAAJzVjcXCRNIBZFBuI1jnoUQAAAAAAgAaAE0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAAQAWAFMAVgBDAEEAQQBSAEMASABJAFYARQAEACYAbQB1 AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAADAD4AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4AbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAAHAAgAnNWNxcJE0gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAMAAAkJzxPmjuTLhsWDaTAK18VvjOndxqmWaDJKymOBlk8w0K ABAAAAAAAAAAAAAAAAAAAAAAAAkAJgBIAFQAVABQAC8AcwB2AGMAYQBhAHIAYwBoAGkAdgBlADoAOAAwAAAAAAAAAAAAAAAAAA==..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2 840.99 Safari/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID=ches8bgmfnhbnbgue39rt537g 2; splitter2=341..If-None-Match: "6-541e322cb103d"..If-Modified-Since: Tue, 22 Nov 2016 12:44:40 GMT.... # T 192.168.0.66:80 -> 192.168.0.65:64673 [AP] HTTP/1.1 304 Not Modified..Date: Tue, 22 Nov 2016 13:17:27 GMT..Server: Apache/2.4.10 (Debian)..Connection: Keep-Alive..Keep-Alive: timeout=5, max=98..ETag: "6-541e322cb103d".... # T 192.168.0.65:64673 -> 192.168.0.66:80 [A] ...... exit 24 received, 0 dropped
I checked the access logs and there's certainly winbind stuff going on. The browser is also definately set to use NTLM.
-
repo owner I can see that, however the 'going on stuff' is not good enough. I have no other idea other than double check the samba logs, perhaps there's a clue in them.
-
reporter By things going on. I meant that mod_auth_ntlm_winbind is working fine, as pasted previously. Apologies for being unclear.
#! [Tue Nov 22 13:53:50.179506 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [Tue Nov 22 13:53:50.179568 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [Tue Nov 22 13:53:50.181781 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [Tue Nov 22 13:53:50.181794 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [Tue Nov 22 13:53:50.181873 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(1023): [client 192.168.0.65:49967] doing ntlm auth dance [Tue Nov 22 13:53:50.181898 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(489): [client 192.168.0.65:49967] Using existing auth helper 16584 [Tue Nov 22 13:53:50.181906 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(657): [client 192.168.0.65:49967] creating auth user [Tue Nov 22 13:53:50.182501 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(708): [client 192.168.0.65:49967] parsing reply from helper to YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==\n [Tue Nov 22 13:53:50.182588 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(746): [client 192.168.0.65:49967] got response: TT TlRMTVNTUAACAAAAGgAaADgAAAAFgomi+iAqvP1+qkYAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAGgBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIAFDAetrHRNIBAAAAAA== [Tue Nov 22 13:53:50.182593 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(416): [client 192.168.0.65:49967] sending back TlRMTVNTUAACAAAAGgAaADgAAAAFgomi+iAqvP1+qkYAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAGgBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIAFDAetrHRNIBAAAAAA== [Tue Nov 22 13:53:50.185006 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [Tue Nov 22 13:53:50.185017 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [Tue Nov 22 13:53:50.185021 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(1023): [client 192.168.0.65:49967] doing ntlm auth dance [Tue Nov 22 13:53:50.185025 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(489): [client 192.168.0.65:49967] Using existing auth helper 16584 [Tue Nov 22 13:53:50.185789 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(708): [client 192.168.0.65:49967] parsing reply from helper to KK TlRMTVNTUAADAAAAGAAYAJoAAABiAWIBsgAAABoAGgBYAAAAHAAcAHIAAAAMAAwAjgAAAAAAAAAUAgAABYKIogYBsR0AAAAP3ODkcPgWh2XfeqNiDaqWTU0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAUgBvAHIAeQAuAE0AYwBJAG4AZQByAG4AZQB5AFIATwBSAFkAUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObp33nucGUKGwN5c8+o1r8BAQAAAAAAAFDAetrHRNIBDnZbH344QlEAAAAAAgAaAE0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAAQAWAFMAVgBDAEEAQQBSAEMASABJAFYARQAEACYAbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAADAD4AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4AbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAAHAAgAUMB62sdE0gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAMAAAkJzxPmjuTLhsWDaTAK18VvjOndxqmWaDJKymOBlk8w0KABAAAAAAAAAAAAAAAAAAAAAAAAkAJgBIAFQAVABQAC8AcwB2AGMAYQBhAHIAYwBoAGkAdgBlADoAOAAwAAAAAAAAAAAAAAAAAA==\n [Tue Nov 22 13:53:50.187926 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(746): [client 192.168.0.65:49967] got response: AF MULTIGROUPPLC\\rory.mcinerney [Tue Nov 22 13:53:50.187938 2016] [auth_ntlm_winbind:debug] [pid 16518] mod_auth_ntlm_winbind.c(792): [client 192.168.0.65:49967] authenticated MULTIGROUPPLC\\rory.mcinerney [Tue Nov 22 13:53:50.187944 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of Require valid-user : granted [Tue Nov 22 13:53:50.187948 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of <RequireAny>: granted [Tue Nov 22 13:53:50.188678 2016] [:error] [pid 16518] [client 192.168.0.65:49967] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30 [Tue Nov 22 13:53:50.189475 2016] [:error] [pid 16518] [client 192.168.0.65:49967] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30 [Tue Nov 22 13:53:50.206918 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of Require all granted: granted [Tue Nov 22 13:53:50.206930 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of <RequireAny>: granted [Tue Nov 22 13:53:50.207013 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of Require all granted: granted [Tue Nov 22 13:53:50.207021 2016] [authz_core:debug] [pid 16518] mod_authz_core.c(809): [client 192.168.0.65:49967] AH01626: authorization result of <RequireAny>: granted [Tue Nov 22 13:53:50.209701 2016] [deflate:debug] [pid 16518] mod_deflate.c(855): [client 192.168.0.65:49967] AH01384: Zlib: Compressed 2427 to 961 : URL /index.php
The samba logs are completely clean of any errors, but I'm led to believe by these logs that the module is authenticating correctly. The same result also comes up when using login.php with typed in/username password. As far as I can guess, apache is authenticating against the domain ok.
Could I ask what version of php the webui was built against and whether it was nginx or apache?
-
repo owner Well, the sso part was tested with php 5 + apache 2.2 (however, I believe that sso should work with php 7 + apache 2.4 as well, since it has nothing to do with php versions).
I also saw the 'authenticated' line in the apache debug logs, however if you can't get 1.txt, then it's simply not working properly, and the webserver itself (not php with any versions) rejects your request. We have to fix it first.
-
reporter I can see the contents of the file, 1.txt - the latest ngrep log is from when I was able to do this.
-
repo owner What's in 1.txt that I could see in ngrep output?
-
reporter I think there was some web-browser caching happening which I apologise for. This ngrep for /1.txt displays the word "thins" (content of the file) which is also present in the ngrep log.
T 192.168.0.65:52229 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Pragma: no-cache..Cache-Control: no-cache..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/5 4.0.2840.99 Safari/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID=ches8bgmfnhbnbgue39r t537g2; splitter2=341.... ## T 192.168.0.66:80 -> 192.168.0.65:52229 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 15:08:09 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM..Content-Length: 458..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html; charset=is o-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested . Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to supply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></ html>. # T 192.168.0.65:52229 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Pragma: no-cache..Cache-Control: no-cache..Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==..Upgrade-Insecure-Requests: 1..User-Agent: Mozil la/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accep t-Language: en-GB,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID=ches8bgmfnhbnbgue39rt537g2; splitter2=341.... # T 192.168.0.66:80 -> 192.168.0.65:52229 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 15:08:09 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM TlRMTVNTUAACAAAAGgAaADgAAAAFgomiS4N+lRChvLsAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAG gBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIAORDgzzSRNIBA AAAAA==..Content-Length: 458..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</he ad><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to sup ply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></html>. # T 192.168.0.65:52229 -> 192.168.0.66:80 [AP] GET /1.txt HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Pragma: no-cache..Cache-Control: no-cache..Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJoAAABiAWIBsgAAABoAGgBYAAAAHAAcAHIAAAAMAAwAjgAAAAAAAAAUAgAABYKIogYBsR0AAAAPmguCECQnZ fjY/oiAw1pjrU0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAUgBvAHIAeQAuAE0AYwBJAG4AZQByAG4AZQB5AFIATwBSAFkAUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoB7ee8TkNGACR7IwilDCsBAQAAAAAAAORDgzzSRNIB323kXWHQHY8AAAAAAgAaAE0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAA QAWAFMAVgBDAEEAQQBSAEMASABJAFYARQAEACYAbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAADAD4AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4AbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAAHAAgA5EODPNJE0gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAMAAAk JzxPmjuTLhsWDaTAK18VvjOndxqmWaDJKymOBlk8w0KABAAAAAAAAAAAAAAAAAAAAAAAAkAJgBIAFQAVABQAC8AcwB2AGMAYQBhAHIAYwBoAGkAdgBlADoAOAAwAAAAAAAAAAAAAAAAAA==..Upgrade-Insecure-Requests: 1..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebK it/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6.. Cookie: PHPSESSID=ches8bgmfnhbnbgue39rt537g2; splitter2=341.... # T 192.168.0.66:80 -> 192.168.0.65:52229 [AP] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 15:08:09 GMT..Server: Apache/2.4.10 (Debian)..Last-Modified: Tue, 22 Nov 2016 12:44:40 GMT..ETag: "6-541e322cb103d"..Accept-Ranges: bytes..Content-Length: 6..Keep-Alive: timeout=5, max=98..Con nection: Keep-Alive..Content-Type: text/plain....thins. # T 192.168.0.65:52229 -> 192.168.0.66:80 [AP] GET /favicon.ico HTTP/1.1..Host: svcaarchive..Connection: keep-alive..Pragma: no-cache..Cache-Control: no-cache..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.3 6..Accept: */*..Referer: http://svcaarchive/1.txt..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cookie: PHPSESSID=ches8bgmfnhbnbgue39rt537g2; splitter2=341.... # T 192.168.0.66:80 -> 192.168.0.65:52229 [AP] HTTP/1.1 404 Not Found..Date: Tue, 22 Nov 2016 15:08:09 GMT..Server: Apache/2.4.10 (Debian)..Content-Length: 286..Keep-Alive: timeout=5, max=97..Connection: Keep-Alive..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML P UBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /favicon.ico was not found on this server.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarc hive Port 80</address>.</body></html>.
-
repo owner OK, it looks better. Can you run ngrep again, but this time checking /sso.php? You may skip the inside of the long binary garbage to shorten the output. The point is that I'd like to see the HTTP/1.1 200 OK response (or something similar) with some cookies.
-
reporter #! interface: eth0 (192.168.0.0/255.255.254.0) filter: (ip or ip6) and ( port 80 ) ### T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [AP] GET /sso.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, ap plication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET 4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..DNT: 1..Connection: Keep-Alive.... ## T 192.168.0.66:80 -> 192.168.0.65:52773 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 15:24:54 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM..Content-Length: 458..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html; charset=is o-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</head><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested . Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to supply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></ html>. # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [AP] GET /sso.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, ap plication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET 4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..DNT: 1..Connection: Keep-Alive..Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==.... # T 192.168.0.66:80 -> 192.168.0.65:52773 [AP] HTTP/1.1 401 Unauthorized..Date: Tue, 22 Nov 2016 15:24:54 GMT..Server: Apache/2.4.10 (Debian)..WWW-Authenticate: NTLM TlRMTVNTUAACAAAAGgAaADgAAAAFgomivNTJc1ZgmkkAAAAAAAAAALQAtABSAAAABgEAAAAAAA9NAFUATABUAEkARwBSAE8AVQBQAFAATABDAAIAG gBNAFUATABUAEkARwBSAE8AVQBQAFAATABDAAEAFgBTAFYAQwBBAEEAUgBDAEgASQBWAEUABAAmAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwAAwA+AHMAdgBjAGEAYQByAGMAaABpAHYAZQAuAG0AdQBsAHQAaQBnAHIAbwB1AHAAcABsAGMALgBsAG8AYwBhAGwABwAIACDilZPURNIBA AAAAA==..Content-Length: 458..Keep-Alive: timeout=5, max=99..Connection: Keep-Alive..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Unauthorized</title>.</he ad><body>.<h1>Unauthorized</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you supplied the wrong.credentials (e.g., bad password), or your.browser doesn't understand how to sup ply.the credentials required.</p>.<hr>.<address>Apache/2.4.10 (Debian) Server at svcaarchive Port 80</address>.</body></html>. # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [AP] GET /sso.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, ap plication/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET 4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..DNT: 1..Connection: Keep-Alive..Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJoAAAB4AXgBsgAAABoAGgBYAAAAHAAcAHIAAAAMAAwAjgAAAAAAAAAqAgAABYKIogYBsR0AAAAP/lRW8pUN+uD6EP91WMKwdE0AVQ BMAFQASQBHAFIATwBVAFAAUABMAEMAUgBvAHIAeQAuAE0AYwBJAG4AZQByAG4AZQB5AFIATwBSAFkAUABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMJLGbe96BN69BUVvCDtbF0BAQAAAAAAACDilZPURNIBNdbCrHCd7jsAAAAAAgAaAE0AVQBMAFQASQBHAFIATwBVAFAAUABMAEMAAQAWAFMAVgBDAEEAQQ BSAEMASABJAFYARQAEACYAbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAADAD4AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4AbQB1AGwAdABpAGcAcgBvAHUAcABwAGwAYwAuAGwAbwBjAGEAbAAHAAgAIOKVk9RE0gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAMAAAkJzxPmjuTLhsWDaTAK 18VvjOndxqmWaDJKymOBlk8w0KABAAAAAAAAAAAAAAAAAAAAAAAAkAPABIAFQAVABQAC8AcwB2AGMAYQBhAHIAYwBoAGkAdgBlAC4ATQB1AGwAdABpAEcAcgBvAHUAcABQAGwAYwAAAAAAAAAAAAAAAAA=.... # T 192.168.0.66:80 -> 192.168.0.65:52773 [AP] HTTP/1.1 302 Found..Date: Tue, 22 Nov 2016 15:24:54 GMT..Server: Apache/2.4.10 (Debian)..Set-Cookie: PHPSESSID=9r36e2o9b8jtgddc5mrrs25be4; path=/..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-reval idate, post-check=0, pre-check=0..Pragma: no-cache..Location: http://svcaarchive/login.php..Content-Length: 0..Keep-Alive: timeout=5, max=98..Connection: Keep-Alive..Content-Type: text/html; charset=UTF-8.... # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [AP] GET /login.php HTTP/1.1..Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .N ET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..Cookie: PHPSESSID=9r36e2o9b8jtgddc5mrrs25be4..Connection: Keep-Alive..DNT: 1.... # T 192.168.0.66:80 -> 192.168.0.65:52773 [AP] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 15:24:54 GMT..Server: Apache/2.4.10 (Debian)..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Vary: Acc ept-Encoding..Content-Encoding: gzip..Content-Length: 979..Keep-Alive: timeout=5, max=97..Connection: Keep-Alive..Content-Type: text/html; charset=UTF-8 <BINARY GARBAGE> T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [AP] GET /view/theme/default/assets/css/metro-bootstrap.css HTTP/1.1..Accept: */*..Referer: http://svcaarchive/login.php..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; . NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Mon, 21 Nov 2016 13:33:38 GMT..If-None-Match: "2d937-541cfb40 ffe1f-gzip"..DNT: 1..Connection: Keep-Alive..Cookie: PHPSESSID=9r36e2o9b8jtgddc5mrrs25be4.... # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 15:24:54 GMT..Server: Apache/2.4.10 (Debian)..Last-Modified: Tue, 22 Nov 2016 12:42:49 GMT..ETag: "2d937-541e31c26de3e-gzip"..Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzi p..Content-Length: 31559..Keep-Alive: timeout=5, max=96..Connection: Keep-Alive..Content-Type: text/css.<BINARY GARBAGE> # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] <BINARY GARBAGE> # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] <BINARY GARBAGE> # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] <BINARY GARBAGE> # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] <BINARY GARBAGE> # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] <BINARY GARBAGE> # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] <BINARY GARBAGE> # T 192.168.0.66:80 -> 192.168.0.65:52773 [AP] <BINARY GARBAGE> # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [AP] GET /view/theme/default/assets/js/html5.js HTTP/1.1..Accept: */*..Referer: http://svcaarchive/login.php..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0. 50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Mon, 21 Nov 2016 13:33:38 GMT..If-None-Match: "98c-541cfb4100dbf-gzip"..D NT: 1..Connection: Keep-Alive..Cookie: PHPSESSID=9r36e2o9b8jtgddc5mrrs25be4.... # T 192.168.0.66:80 -> 192.168.0.65:52773 [AP] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 15:24:54 GMT..Server: Apache/2.4.10 (Debian)..Last-Modified: Tue, 22 Nov 2016 12:42:49 GMT..ETag: "98c-541e31c276ade-gzip"..Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzip. .Content-Length: 1256..Keep-Alive: timeout=5, max=95..Connection: Keep-Alive..Content-Type: application/javascript.<BINARY GARBAGE> T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [AP] GET /view/theme/default/assets/images/archive-logo-lg.png HTTP/1.1..Accept: */*..Referer: http://svcaarchive/login.php..Accept-Language: en-GB..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)..Accept-Encoding: gzip, deflate..Host: svcaarchive..If-Modified-Since: Mon, 21 Nov 2016 13:33:38 GMT..If-None-Match: "27ce-541cfb 4100dbf"..DNT: 1..Connection: Keep-Alive..Cookie: PHPSESSID=9r36e2o9b8jtgddc5mrrs25be4.... # T 192.168.0.66:80 -> 192.168.0.65:52773 [A] HTTP/1.1 200 OK..Date: Tue, 22 Nov 2016 15:24:54 GMT..Server: Apache/2.4.10 (Debian)..Last-Modified: Tue, 22 Nov 2016 12:42:49 GMT..ETag: "27ce-541e31c270d1e"..Accept-Ranges: bytes..Content-Length: 10190..Keep-Alive: timeout=5, max= 94..Connection: Keep-Alive..Content-Type: image/png.....PNG........<BINARY GARBAGE> # T 192.168.0.66:80 -> 192.168.0.65:52773 [AP] ,UC..q.....>.l.v.Jp=-..6I(.8....E....k.b.|......l..6tk..)...egr.R.~z..s...iy..... .o.~....C..c_.......O......BOD...U...%L..R...T.>........R.}.BB,,8x.._.(YI....S.(4!x.. w..).T.....).+"..N...,.i-..L.cB0Q(B0....Avl.).k.s.....J.......z. ..5.?..vg........IEND.B`. # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... # T 192.168.0.65:52773 -> 192.168.0.66:80 [A] ...... exit 38 received, 0 dropped
-
repo owner OK. Unfortunately I can't do more without seeing the php code in action. Is it possible a remote session for that?
-
reporter Yes, this will be fine. What is your preffered method? I can either get external ssh set up on the firewall or can give teamviewer access to a local machine with web/ssh access to the machine.
-
repo owner ssh is my preferred method, however it would be great to see the gui in a browser as well. In what timezone are you?
-
reporter I am in GMT and will be available 07.30 - 1700 to give access if that works for you?
Easiest method for me would be to give you teamviewer access to a box with browser/putty on if that is ok with you?
-
repo owner Yes, it's fine. Contact me on skype (janos.suto) tomorrow, and we'll discuss the rest.
-
reporter - changed status to resolved
Was LDAP authentication issue.
Many thanks.
- Log in to comment
Saw another thread on this, so including this information to provde it's bound to the domain ok:
I can email net ads lookup over too (it works!) but I'd rather not post it here as it contains loads of info about our setup.
Thanks