Posted to tcl by mjanssen at Tue Oct 02 16:14:16 GMT 2007view raw
- # the following proc decodes NTLM messages to aid in debugging
- proc ntlm_decode {buffer} {
- dict set dec signature [string range $buffer 0 7]
- binary scan [string range $buffer 8 11] iu type
- dict set dec type $type
- switch -- $type {
- 1 {
- binary scan [string range $buffer 12 15] iu flags
- }
- 2 {
- binary scan [string range $buffer 20 23] iu flags
- }
- 3 {
- binary scan [string range $buffer 60 63] iu flags
- }
- }
- foreach {value flag} {
- 0x1 {Negotiate Unicode}
- 0x2 {Negotiate OEM}
- 0x4 {Request Target}
- 0x8 {Unknown 0x8}
- 0x10 {Negotiate Sign}
- 0x20 {Negotiate Seal}
- 0x40 {Negotiate Datagram Style}
- 0x80 {Negotiate Lan Manager Key}
- 0x100 {Negotiate Netware}
- 0x200 {Negotiate NTLM}
- 0x400 {Unknown 0x400}
- 0x800 {Negotiate Anonymous}
- 0x1000 {Negotiate Domain Supplied}
- 0x2000 {Negotiate Workstation Supplied}
- 0x4000 {Negotiate Local Call}
- 0x8000 {Negotiate Always Sign}
- 0x10000 {Target Type Domain}
- 0x20000 {Target Type Server}
- 0x40000 {Target Type Share}
- 0x80000 {Negotiate NTLM2 Key}
- 0x100000 {Request Init Response}
- 0x200000 {Request Accept Response}
- 0x400000 {Request Non-NT Session Key}
- 0x800000 {Negotiate Target Info}
- 0x1000000 {Unknown 0x1000000}
- 0x2000000 {Unknown 0x2000000}
- 0x4000000 {Unknown 0x4000000}
- 0x8000000 {Unknown 0x8000000}
- 0x10000000 {Unknown 0x10000000}
- 0x20000000 {Negotiate 128}
- 0x40000000 {Negotiate Key Exchange}
- 0x80000000 {Negotiate 56}
- } {
- if {$flags & $value} {
- dict lappend dec flags $flag
- }
- }
- return $dec
- }