ntlm_decoder 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/ntlm_decoder.rb +46 -0
- metadata +45 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: '09f1720dec3f32f464670ff095d4290ea688e39db8878ed97551ec7a731c2529'
|
4
|
+
data.tar.gz: f484f6f30e338273d8a0ce2f12dcbbdddcf99a8f447f5cee26d8959ef655752b
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 6043bd8ea6b0050df838ecfca7f7ce5b20ca8d1def59fe57ef837ed4462161437eef2cbf5e8e74af72b8534764b10a7c3bfed1869fbdc4bcac180505a9753fcf
|
7
|
+
data.tar.gz: 64aeb7d72b78729d74159993c8c7868288969eb14f8afda35766f2e25adb28701830f68ed0487365c5ed2a3fdb75bc6bef2984d80d59714cdf13f30d5c9dcc7c
|
data/lib/ntlm_decoder.rb
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
module NTLMDecoder
|
5
|
+
|
6
|
+
def self.check_for_header(string)
|
7
|
+
true if to_hex(string)[0..6] == "NTLMSSP"
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.decode(string)
|
11
|
+
hex = to_hex(string)
|
12
|
+
tid = hex[60..-1].split("\x00")
|
13
|
+
|
14
|
+
domain_start = tid.index("\x02") + 2
|
15
|
+
domain_end = tid.index("\x01") - 1
|
16
|
+
|
17
|
+
server_start = tid.index("\x01") + 2
|
18
|
+
server_end = tid.index("\x04") - 1
|
19
|
+
|
20
|
+
dns_domain_start = tid.index("\x04") + 2
|
21
|
+
dns_domain_end = tid.index("\x03") - 1
|
22
|
+
|
23
|
+
dns_server_start = tid.index("\x03") + 2
|
24
|
+
|
25
|
+
begin
|
26
|
+
dns_server_end = tid.index("\x05") - 1
|
27
|
+
rescue NoMethodError
|
28
|
+
dns_server_end = -1
|
29
|
+
end
|
30
|
+
|
31
|
+
return {
|
32
|
+
domain: tid[domain_start..domain_end].join,
|
33
|
+
server: tid[server_start..server_end].join,
|
34
|
+
dns: tid[dns_domain_start..dns_domain_end].join,
|
35
|
+
fqdn: tid[dns_server_start..dns_server_end].join
|
36
|
+
}
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
private
|
41
|
+
|
42
|
+
def self.to_hex(string)
|
43
|
+
Base64.decode64(string)
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
metadata
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ntlm_decoder
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Aidan Damerell
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-11-06 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Given an Base64 encoded NTLM type 2 message, return a hash of the data
|
14
|
+
held in the TID.
|
15
|
+
email: aidan.damerell@icloud.com
|
16
|
+
executables: []
|
17
|
+
extensions: []
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
20
|
+
- lib/ntlm_decoder.rb
|
21
|
+
homepage: https://rubygems.org/gems/ntlm_decoder
|
22
|
+
licenses:
|
23
|
+
- MIT
|
24
|
+
metadata: {}
|
25
|
+
post_install_message:
|
26
|
+
rdoc_options: []
|
27
|
+
require_paths:
|
28
|
+
- lib
|
29
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - ">="
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '0'
|
39
|
+
requirements: []
|
40
|
+
rubyforge_project:
|
41
|
+
rubygems_version: 2.7.8
|
42
|
+
signing_key:
|
43
|
+
specification_version: 4
|
44
|
+
summary: Extract Target Information Data from NTLM Type 2
|
45
|
+
test_files: []
|