Module: NTLMDecoder

Defined in:
lib/ntlm_decoder.rb

Class Method Summary collapse

Class Method Details

.check_for_header(string) ⇒ Object 



7
8
9
 
# File 'lib/ntlm_decoder.rb', line 7

def self.check_for_header(string)
  true if to_hex(string)[0..6] == "NTLMSSP"
end

.decode(string) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/ntlm_decoder.rb', line 11

def self.decode(string)
  hex = to_hex(string)
  tid = hex[60..-1].split("\x00")

  domain_start     = tid.index("\x02") + 2
  domain_end       = tid.index("\x01") - 1

  server_start     = tid.index("\x01") + 2
  server_end       = tid.index("\x04") - 1

  dns_domain_start = tid.index("\x04") + 2
  dns_domain_end   = tid.index("\x03") - 1

  dns_server_start = tid.index("\x03") + 2

  begin
    dns_server_end   = tid.index("\x05") - 1
  rescue NoMethodError
    dns_server_end   = -1
  end

  return {
    domain: tid[domain_start..domain_end].join,
    server: tid[server_start..server_end].join,
    dns:    tid[dns_domain_start..dns_domain_end].join,
    fqdn:   tid[dns_server_start..dns_server_end].join
  }

end

.get_from_www_authenticate(url) ⇒ Object 



42
43
44
45
46
 
# File 'lib/ntlm_decoder.rb', line 42

def self.get_from_www_authenticate(url)
  response = Faraday.new(url, headers: { 'Authorization' => 'NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' }).get

  self.decode(response['WWW-Authenticate'].split('NTLM ')[1])
end