go-msrpc
go-msrpc copied to clipboard
oiweiwei
Support 0x0000000D ulType in PAC_INFO_BUFFER
Greetings, @oiweiwei !
I found that the 0x0000000D (13) Client claims information PAC_CLIENT_CLAIMS_INFO type is not supported.
Could you please add support for this in PAC?
Hello, @krasnovu. May I ask you to attach some test vector of PAC with claims if you have one?
Yes, of course!
PAC from ASRep:
CAAAAAAAAAABAAAAAAIAAIgAAAAAAAAADQAAAAAAAACIAgAAAAAAAAoAAAAYAAAAiAIAAAAAAAAMAAAAiAAAAKACAAAAAAAAEQAAAAgAAAAoAwAAAAAAABIAAAAcAAAAMAMAAAAAAAAGAAAAEAAAAFADAAAAAAAABwAAABAAAABgAwAAAAAAAAEQCADMzMzM8AEAAAAAAAAAAAIAMCyC/M4U2wH/////////f/////////9/AuG3hP4T2wECoSGvxxTbAf////////9/DgAOAAQAAgAOAA4ACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAwAAAFAEAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIADgAQACQAAgAoAAIAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAcwBhAG0AdQBzAGUAcgAAAAcAAAAAAAAABwAAAHMAYQBtAHUAcwBlAHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQAIAAAAAAAAAAcAAABDAE8ATgBUAE8AUwBPAAAABAAAAAEEAAAAAAAFFQAAAH2C3UO+5nhHg2hh3AIAAAAwAAIABwAAADQAAgAHAAAAAQAAAAEBAAAAAAASAQAAAAUAAAABBQAAAAAABRUAAAAAAAAAAAAAAAAAAADxAQAAgLCF/M4U2wEOAHMAYQBtAHUAcwBlAHIAJgAYABYAQAACAAAADgBYABwAZgAAAAAAcwBhAG0AdQBzAGUAcgBAAGMAbwBuAHQAbwBzAG8ALgBjAG8AbQAAAEMATwBOAFQATwBTAE8ALgBDAE8ATQAAAHMAYQBtAHUAcwBlAHIAAQUAAAAAAAUVAAAAfYLdQ77meEeDaGHcUAQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAAfYLdQ77meEeDaGHcUAQAAAAAAAAQAAAA8Ft8XUds/VVOACNyEAAAAOVZ4hj3fLcPYCG08w==
And from TGSRep:
CAAAAAAAAAABAAAAAAIAAIgAAAAAAAAADQAAAAAAAACIAgAAAAAAAAoAAAAYAAAAiAIAAAAAAAAMAAAAiAAAAKACAAAAAAAABgAAABAAAAAoAwAAAAAAAAcAAAAQAAAAOAMAAAAAAAAQAAAAEAAAAEgDAAAAAAAAEwAAABAAAABYAwAAAAAAAAEQCADMzMzM8AEAAAAAAAAAAAIAMCyC/M4U2wH/////////f/////////9/AuG3hP4T2wECoSGvxxTbAf////////9/DgAOAAQAAgAOAA4ACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAwAAAFAEAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIADgAQACQAAgAoAAIAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAcwBhAG0AdQBzAGUAcgAAAAcAAAAAAAAABwAAAHMAYQBtAHUAcwBlAHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQAIAAAAAAAAAAcAAABDAE8ATgBUAE8AUwBPAAAABAAAAAEEAAAAAAAFFQAAAH2C3UO+5nhHg2hh3AIAAAAwAAIABwAAADQAAgAHAAAAAQAAAAEBAAAAAAASAQAAAAUAAAABBQAAAAAABRUAAAAAAAAAAAAAAAAAAADxAQAAgLCF/M4U2wEOAHMAYQBtAHUAcwBlAHIAJgAYABYAQAACAAAADgBYABwAZgAAAAAAcwBhAG0AdQBzAGUAcgBAAGMAbwBuAHQAbwBzAG8ALgBjAG8AbQAAAEMATwBOAFQATwBTAE8ALgBDAE8ATQAAAHMAYQBtAHUAcwBlAHIAAQUAAAAAAAUVAAAAfYLdQ77meEeDaGHcUAQAAAAAAAAAABAAAACdvDTDCN5Tv4pdEfgQAAAAX5f52DIs+g6fpOt4EAAAAB1Roz1vchNlfkgfnxAAAAAgJjMR8y4/LpqddGY=
Oops, sorry, it looks like there is a buffer, but its length is 0. My mistake, it turns out to be a false issue, because I don't have another PAC yet. :-(
@krasnovu anyway i've added support for remaining claims (some work is pending on decoding credentials, but other things should work)
Thank you, @oiweiwei ! Once I get a chance to check it out, I'll be sure to leave a feedback .
Greetings, @oiweiwei! I've got a PAC that can't unmarshal. I don't know if I should create a new ishyu or here? I'll put it here.
I'm getting this error:
2024/10/16 15:59:42 Err: unmarshal pac err: unmarshal_pac: headers: buffer overflow for size 3543453139 of array o.Buffers
Can you please see what could be the cause?
AS PAC:
CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAA+NWW1+noW7+55u6hEAAAANE/l7AEzP8GugkCEg==
TGS PAC:
CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAAJ+RTg6B6X3YE3mO6EAAAAE4OoOMxSWM9fU6bqg==
i've added pac-decoder tool in helpers dir:
$ go run examples/helpers/pac.go --format base64 --input CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAAJ+RTg6B6X3YE3mO6EAAAAE4OoOMxSWM9fU6bqg==
{
"version": 0,
"pac_info_buffer": [
{
"type": 1,
"buffer_length": 496,
"offset": 136
},
{
"type": 13,
"buffer_length": 0,
"offset": 632
},
{
"type": 10,
"buffer_length": 16,
"offset": 632
},
{
"type": 12,
"buffer_length": 136,
"offset": 648
},
{
"type": 17,
"buffer_length": 8,
"offset": 784
},
{
"type": 18,
"buffer_length": 28,
"offset": 792
},
{
"type": 6,
"buffer_length": 16,
"offset": 824
},
{
"type": 7,
"buffer_length": 16,
"offset": 840
}
],
"logon_information": {
"logon_time": "2024-10-15T13:59:32.00327888Z",
"logoff_time": "never",
"kick_off_time": "never",
"password_last_set": "2024-10-15T12:52:21.00460186Z",
"password_can_change": "2024-10-16T12:52:21.00460186Z",
"password_must_change": "2024-11-26T12:52:21.00460186Z",
"effective_name": {
"length": 6,
"maximum_length": 6,
"buffer": "sas"
},
"full_name": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"logon_script": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"profile_path": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"home_directory": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"home_directory_drive": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"logon_count": 1,
"bad_password_count": 0,
"user_id": 1103,
"primary_group_id": 513,
"group_count": 1,
"group_ids": [
{
"relative_id": 513,
"attributes": 7
}
],
"user_flags": 32,
"user_session_key": {
"data": [
{
"data": "AAAAAAAAAAA="
},
{
"data": "AAAAAAAAAAA="
}
]
},
"logon_server": {
"length": 24,
"maximum_length": 26,
"buffer": "D-DS-SMBDC01"
},
"logon_domain_name": {
"length": 20,
"maximum_length": 22,
"buffer": "CONTOSOSMB"
},
"logon_domain_id": "S-1-5-21-3198784820-468267185-834356515",
"user_account_control": 16,
"sid_count": 2,
"extra_sids": [
{
"sid": "S-1-18-1",
"attributes": 7
},
{
"sid": "S-1-5-21-0-0-0-497",
"attributes": 7
}
],
"resource_group_domain_sid": null,
"resource_group_count": 0,
"resource_group_ids": null
},
"server_checksum": {
"signature_type": 16,
"signature": "J+RTg6B6X3YE3mO6"
},
"kdc_checksum": {
"signature_type": 16,
"signature": "Tg6g4zFJYz19Tpuq"
},
"client_name_and_ticket_information": {
"client_id": "2024-10-15T14:00:10Z",
"name_length": 6,
"name": "sas"
},
"upn_and_dns_information": {
"upn_length": 36,
"upn_offset": 24,
"dns_domain_name_length": 28,
"dns_domain_name_offset": 64,
"flags": 2,
"raw": "AAAAAHMAYQBzAEAAYwBvAG4AdABvAHMAbwBzAG0AYgAuAGMAbwBtAAAAAABDAE8ATgBUAE8AUwBPAFMATQBCAC4AQwBPAE0AAAAAAHMAYQBzAAEFAAAAAAAFFQAAADSVqb6xMOkbI0W7MU8EAAAAAAAAAAA=",
"sam_name_length": 6,
"sam_name_offset": 96,
"sid_length": 28,
"sid_offset": 102,
"upn": "[email protected]",
"dns_domain_name": "CONTOSOSMB.COM",
"sam_name": "sas",
"sid": "S-1-5-21-3198784820-468267185-834356515-1103"
},
"attributes": {
"flags_length": 2,
"flags": 1
},
"requestor_sid": "S-1-5-21-3198784820-468267185-834356515-1103"
}
$ go run examples/helpers/pac.go --input CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAA+NWW1+noW7+55u6hEAAAANE/l7AEzP8GugkCEg==
{
"version": 0,
"pac_info_buffer": [
{
"type": 1,
"buffer_length": 496,
"offset": 136
},
{
"type": 13,
"buffer_length": 0,
"offset": 632
},
{
"type": 10,
"buffer_length": 16,
"offset": 632
},
{
"type": 12,
"buffer_length": 136,
"offset": 648
},
{
"type": 17,
"buffer_length": 8,
"offset": 784
},
{
"type": 18,
"buffer_length": 28,
"offset": 792
},
{
"type": 6,
"buffer_length": 16,
"offset": 824
},
{
"type": 7,
"buffer_length": 16,
"offset": 840
}
],
"logon_information": {
"logon_time": "2024-10-15T13:59:32.00327888Z",
"logoff_time": "never",
"kick_off_time": "never",
"password_last_set": "2024-10-15T12:52:21.00460186Z",
"password_can_change": "2024-10-16T12:52:21.00460186Z",
"password_must_change": "2024-11-26T12:52:21.00460186Z",
"effective_name": {
"length": 6,
"maximum_length": 6,
"buffer": "sas"
},
"full_name": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"logon_script": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"profile_path": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"home_directory": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"home_directory_drive": {
"length": 0,
"maximum_length": 0,
"buffer": ""
},
"logon_count": 1,
"bad_password_count": 0,
"user_id": 1103,
"primary_group_id": 513,
"group_count": 1,
"group_ids": [
{
"relative_id": 513,
"attributes": 7
}
],
"user_flags": 32,
"user_session_key": {
"data": [
{
"data": "AAAAAAAAAAA="
},
{
"data": "AAAAAAAAAAA="
}
]
},
"logon_server": {
"length": 24,
"maximum_length": 26,
"buffer": "D-DS-SMBDC01"
},
"logon_domain_name": {
"length": 20,
"maximum_length": 22,
"buffer": "CONTOSOSMB"
},
"logon_domain_id": "S-1-5-21-3198784820-468267185-834356515",
"user_account_control": 16,
"sid_count": 2,
"extra_sids": [
{
"sid": "S-1-18-1",
"attributes": 7
},
{
"sid": "S-1-5-21-0-0-0-497",
"attributes": 7
}
],
"resource_group_domain_sid": null,
"resource_group_count": 0,
"resource_group_ids": null
},
"server_checksum": {
"signature_type": 16,
"signature": "+NWW1+noW7+55u6h"
},
"kdc_checksum": {
"signature_type": 16,
"signature": "0T+XsATM/wa6CQIS"
},
"client_name_and_ticket_information": {
"client_id": "2024-10-15T14:00:10Z",
"name_length": 6,
"name": "sas"
},
"upn_and_dns_information": {
"upn_length": 36,
"upn_offset": 24,
"dns_domain_name_length": 28,
"dns_domain_name_offset": 64,
"flags": 2,
"raw": "AAAAAHMAYQBzAEAAYwBvAG4AdABvAHMAbwBzAG0AYgAuAGMAbwBtAAAAAABDAE8ATgBUAE8AUwBPAFMATQBCAC4AQwBPAE0AAAAAAHMAYQBzAAEFAAAAAAAFFQAAADSVqb6xMOkbI0W7MU8EAAAAAAAAAAA=",
"sam_name_length": 6,
"sam_name_offset": 96,
"sid_length": 28,
"sid_offset": 102,
"upn": "[email protected]",
"dns_domain_name": "CONTOSOSMB.COM",
"sam_name": "sas",
"sid": "S-1-5-21-3198784820-468267185-834356515-1103"
},
"attributes": {
"flags_length": 2,
"flags": 1
},
"requestor_sid": "S-1-5-21-3198784820-468267185-834356515-1103"
}
both samples work for me.
@krasnovu perhaps you are trying to use some string encoding (or encrypted bytes) as an input the pac.Unmarshal in your code instead of raw data you've provided here.