ya-express-ntlm
Version:
55 lines • 2.29 kB
JavaScript
import { AbstractParser } from './AbstractParser';
import { NTLMMessageType } from './parser-interfaces';
import { getFlags, getNtlmEncoding, getNtLmResponseData, getOSVersionStructure, getSecBuf, getSecBufData } from './parser-utils';
import { ntlmFlags } from './flags';
export class NTLMType3Parser extends AbstractParser {
constructor(buffer) {
super(buffer);
}
parse() {
const lmResponse = getSecBuf(this.buffer, 12);
const ntlmResponse = getSecBuf(this.buffer, 20);
const targetName = getSecBuf(this.buffer, 28);
const userName = getSecBuf(this.buffer, 36);
const workstationName = getSecBuf(this.buffer, 44);
const flag = new Uint32Array(this.buffer.slice(60, 64))[0];
const encoding = getNtlmEncoding(flag);
const lmResponseData = getNtLmResponseData(this.buffer, lmResponse);
const ntlmResponseData = getNtLmResponseData(this.buffer, ntlmResponse);
const domain = getSecBufData(this.buffer, targetName, encoding);
const username = getSecBufData(this.buffer, userName, encoding);
const workstation = getSecBufData(this.buffer, workstationName, encoding);
const result = {
messageType: NTLMMessageType.AUTHENTICATE_MESSAGE,
version: 1,
domain,
username,
workstation,
flags: undefined,
sessionKey: undefined,
lmResponse,
ntlmResponse,
targetName,
userName,
workstationName,
lmResponseData,
ntlmResponseData,
};
const firstOffset = Math.min(...[lmResponse, ntlmResponse, targetName, userName, workstationName].map((s) => s.offset));
if (firstOffset !== 52) {
// NTLM version 2
const r2 = result;
r2.version = 2;
r2.sessionKey = getSecBuf(this.buffer, 52);
r2.flags = getFlags(ntlmFlags, flag);
if (firstOffset !== 64) {
// NTLM version 3
const r3 = result;
r3.version = 3;
r3.osVersionStructure = getOSVersionStructure(this.buffer, 64);
}
}
return result;
}
}
//# sourceMappingURL=NTLMType3Parser.js.map