ya-express-ntlm/dist/cjs/src/ntlm-parser/NTLMType2Parser.js

ya-express-ntlm

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.NTLMType2Parser = void 0;
const AbstractParser_1 = require("./AbstractParser");
const parser_utils_1 = require("./parser-utils");
const parser_interfaces_1 = require("./parser-interfaces");
const flags_1 = require("./flags");
const fileTimeToDate = (fileTime) => new Date(fileTime / 10000 - 11644473600000);
const getTargetInfo = (buffer, secBuf) => {
    const dataView = new DataView(buffer, secBuf.offset, secBuf.length);
    const targetInfoData = [];
    let offset = 0;
    let domain;
    while (offset < secBuf.length) {
        const type = dataView.getUint16(offset, true);
        const length = dataView.getUint16(offset + 2, true);
        const item = {
            type,
            length,
            content: '',
        };
        if (type <= 5) {
            item.content = Buffer.from(buffer.slice(secBuf.offset + offset + 4, secBuf.offset + offset + 4 + length)).toString('ucs2');
            if (type === 2) {
                domain = item.content;
            }
        }
        if (type === 7) {
            // fileTime.
            const low = dataView.getUint32(offset + 4, true);
            const high = dataView.getUint32(offset + 8, true);
            const date = fileTimeToDate(high * 2 ** 32 + low);
            item.content = date.toISOString();
        }
        targetInfoData.push(item);
        offset += 2 + 2 + length;
    }
    return { targetInfoData, domain };
};
class NTLMType2Parser extends AbstractParser_1.AbstractParser {
    constructor(buffer) {
        super(buffer);
    }
    parse() {
        const targetNameSecBuf = (0, parser_utils_1.getSecBuf)(this.buffer, 12);
        const flag = new Uint32Array(this.buffer.slice(20, 24))[0];
        const result = {
            messageType: parser_interfaces_1.NTLMMessageType.CHALLENGE_MESSAGE,
            targetNameSecBuf,
            flags: (0, parser_utils_1.getFlags)(flags_1.ntlmFlags, flag),
            challenge: Buffer.from(this.buffer.slice(24, 32)).toString('hex'),
            targetNameData: (0, parser_utils_1.getSecBufData)(this.buffer, targetNameSecBuf, (0, parser_utils_1.getNtlmEncoding)(flag)),
        };
        if (result.targetNameData) {
            result.domain = result.targetNameData;
        }
        if (targetNameSecBuf.offset !== 32) {
            // NTLM v2
            result.context = Buffer.from(this.buffer.slice(32, 40)).toString('hex');
            result.targetInfoSecBuf = (0, parser_utils_1.getSecBuf)(this.buffer, 40);
            const { targetInfoData, domain } = getTargetInfo(this.buffer, result.targetInfoSecBuf);
            result.targetInfoData = targetInfoData;
            if (domain) {
                result.domain = domain;
            }
        }
        if (targetNameSecBuf.offset !== 48) {
            // NTLM version 3: OS Version structure.
            result.osVersionStructure = (0, parser_utils_1.getOSVersionStructure)(this.buffer, 48);
        }
        return result;
    }
}
exports.NTLMType2Parser = NTLMType2Parser;
//# sourceMappingURL=NTLMType2Parser.js.map