module NTLMDecoder

Public Class Methods

check_for_header(string) click to toggle source

# File lib/ntlm_decoder.rb, line 7
def self.check_for_header(string)
  true if to_hex(string)[0..6] == "NTLMSSP"
end

decode(string) click to toggle source

# File lib/ntlm_decoder.rb, line 11
def self.decode(string)
  hex = to_hex(string)
  tid = hex[60..-1].split("\x00")

  domain_start     = tid.index("\x02") + 2
  domain_end       = tid.index("\x01") - 1

  server_start     = tid.index("\x01") + 2
  server_end       = tid.index("\x04") - 1

  dns_domain_start = tid.index("\x04") + 2
  dns_domain_end   = tid.index("\x03") - 1

  dns_server_start = tid.index("\x03") + 2

  begin
    dns_server_end   = tid.index("\x05") - 1
  rescue NoMethodError
    dns_server_end   = -1
  end

  return {
    domain: tid[domain_start..domain_end].join,
    server: tid[server_start..server_end].join,
    dns:    tid[dns_domain_start..dns_domain_end].join,
    fqdn:   tid[dns_server_start..dns_server_end].join
  }

end

get_from_www_authenticate(url) click to toggle source

# File lib/ntlm_decoder.rb, line 42
def self.get_from_www_authenticate(url)
  response = Faraday.new(url, headers: { 'Authorization' => 'NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' }).get

  self.decode(response['WWW-Authenticate'].split('NTLM ')[1])
end

Private Class Methods

to_hex(string) click to toggle source

# File lib/ntlm_decoder.rb, line 50
def self.to_hex(string)
  Base64.decode64(string)
end