ntlm_decoder 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/ntlm_decoder.rb +46 -0
- metadata +45 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: '09f1720dec3f32f464670ff095d4290ea688e39db8878ed97551ec7a731c2529'
|
4
|
+
data.tar.gz: f484f6f30e338273d8a0ce2f12dcbbdddcf99a8f447f5cee26d8959ef655752b
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 6043bd8ea6b0050df838ecfca7f7ce5b20ca8d1def59fe57ef837ed4462161437eef2cbf5e8e74af72b8534764b10a7c3bfed1869fbdc4bcac180505a9753fcf
|
7
|
+
data.tar.gz: 64aeb7d72b78729d74159993c8c7868288969eb14f8afda35766f2e25adb28701830f68ed0487365c5ed2a3fdb75bc6bef2984d80d59714cdf13f30d5c9dcc7c
|
data/lib/ntlm_decoder.rb
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
module NTLMDecoder
|
5
|
+
|
6
|
+
def self.check_for_header(string)
|
7
|
+
true if to_hex(string)[0..6] == "NTLMSSP"
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.decode(string)
|
11
|
+
hex = to_hex(string)
|
12
|
+
tid = hex[60..-1].split("\x00")
|
13
|
+
|
14
|
+
domain_start = tid.index("\x02") + 2
|
15
|
+
domain_end = tid.index("\x01") - 1
|
16
|
+
|
17
|
+
server_start = tid.index("\x01") + 2
|
18
|
+
server_end = tid.index("\x04") - 1
|
19
|
+
|
20
|
+
dns_domain_start = tid.index("\x04") + 2
|
21
|
+
dns_domain_end = tid.index("\x03") - 1
|
22
|
+
|
23
|
+
dns_server_start = tid.index("\x03") + 2
|
24
|
+
|
25
|
+
begin
|
26
|
+
dns_server_end = tid.index("\x05") - 1
|
27
|
+
rescue NoMethodError
|
28
|
+
dns_server_end = -1
|
29
|
+
end
|
30
|
+
|
31
|
+
return {
|
32
|
+
domain: tid[domain_start..domain_end].join,
|
33
|
+
server: tid[server_start..server_end].join,
|
34
|
+
dns: tid[dns_domain_start..dns_domain_end].join,
|
35
|
+
fqdn: tid[dns_server_start..dns_server_end].join
|
36
|
+
}
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
private
|
41
|
+
|
42
|
+
def self.to_hex(string)
|
43
|
+
Base64.decode64(string)
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
metadata
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ntlm_decoder
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Aidan Damerell
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-11-06 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Given an Base64 encoded NTLM type 2 message, return a hash of the data
|
14
|
+
held in the TID.
|
15
|
+
email: aidan.damerell@icloud.com
|
16
|
+
executables: []
|
17
|
+
extensions: []
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
20
|
+
- lib/ntlm_decoder.rb
|
21
|
+
homepage: https://rubygems.org/gems/ntlm_decoder
|
22
|
+
licenses:
|
23
|
+
- MIT
|
24
|
+
metadata: {}
|
25
|
+
post_install_message:
|
26
|
+
rdoc_options: []
|
27
|
+
require_paths:
|
28
|
+
- lib
|
29
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - ">="
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '0'
|
39
|
+
requirements: []
|
40
|
+
rubyforge_project:
|
41
|
+
rubygems_version: 2.7.8
|
42
|
+
signing_key:
|
43
|
+
specification_version: 4
|
44
|
+
summary: Extract Target Information Data from NTLM Type 2
|
45
|
+
test_files: []
|