ntlm-parser/build/src/ntlm/ntlm-utils.js

Check and understand the content of a NTLM message

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getNtlmResponseData = exports.getLmResponseData = exports.getTargetInfo = exports.getNtlmEncoding = exports.getSecBufData = exports.getOSVersionStructure = exports.getSecBuf = void 0;
function getSecBuf(buffer, offset) {
    const dataView = new DataView(buffer, offset);
    return {
        length: dataView.getInt16(0, true),
        allocated: dataView.getInt16(2, true),
        offset: dataView.getInt32(4, true),
    };
}
exports.getSecBuf = getSecBuf;
function getOSVersionStructure(buffer, offset) {
    const dataView = new DataView(buffer, offset);
    return {
        majorVersion: dataView.getInt8(0),
        minorVersion: dataView.getInt8(1),
        buildNumber: dataView.getInt16(2, true),
        unknown: dataView.getInt32(4, false),
    };
}
exports.getOSVersionStructure = getOSVersionStructure;
function getSecBufData(buffer, secBuf, encoding) {
    const buf = buffer.slice(secBuf.offset, secBuf.offset + secBuf.length);
    return Buffer.from(buf).toString(encoding);
}
exports.getSecBufData = getSecBufData;
function getNtlmEncoding(flag) {
    const unicode = 0x1; // NTLMSSP_NEGOTIATE_UNICODE
    if (flag | unicode) {
        return 'ucs2';
    }
    return 'utf8';
}
exports.getNtlmEncoding = getNtlmEncoding;
function getTargetInfo(buffer, secBuf) {
    const dataView = new DataView(buffer, secBuf.offset, secBuf.length);
    const result = [];
    let offset = 0;
    while (offset < secBuf.length) {
        const type = dataView.getUint16(offset + 0, true);
        const length = dataView.getUint16(offset + 2, true);
        const item = {
            type,
            length,
            content: '',
        };
        if (type <= 5) {
            item.content = Buffer.from(buffer.slice(secBuf.offset + offset + 4, secBuf.offset + offset + 4 + length)).toString('ucs2');
        }
        if (type === 7) {
            // filetime.
            const low = dataView.getUint32(offset + 4, true);
            const high = dataView.getUint32(offset + 8, true);
            const date = fileTimeToDate(high * 2 ** 32 + low);
            item.content = date.toISOString();
        }
        result.push(item);
        offset += 2 + 2 + length;
    }
    return result;
}
exports.getTargetInfo = getTargetInfo;
function fileTimeToDate(fileTime) {
    return new Date(fileTime / 10000 - 11644473600000);
}
function getLmResponseData(buffer, secBuf) {
    const buf = buffer.slice(secBuf.offset, secBuf.offset + secBuf.length);
    const str = Buffer.from(buf).toString('hex');
    return { hex: str };
}
exports.getLmResponseData = getLmResponseData;
function getNtlmResponseData(buffer, secBuf) {
    const buf = buffer.slice(secBuf.offset, secBuf.offset + secBuf.length);
    const str = Buffer.from(buf).toString('hex');
    return { hex: str };
}
exports.getNtlmResponseData = getNtlmResponseData;
//# sourceMappingURL=ntlm-utils.js.map