def fromString(self, data):
Structure.fromString(self, data)
# [MS-NLMP] page 27
# Payload data can be present in any order within the Payload field,
# with variable-length padding before or after the data
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[domain_offset:domain_end]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[host_offset:host_end]
user_offset = self['user_offset']
user_end = self['user_len'] + user_offset
self['user_name'] = data[user_offset:user_end]
ntlm_offset = self['ntlm_offset']
ntlm_end = self['ntlm_len'] + ntlm_offset
self['ntlm'] = data[ntlm_offset:ntlm_end]
lanman_offset = self['lanman_offset']
lanman_end = self['lanman_len'] + lanman_offset
self['lanman'] = data[lanman_offset:lanman_end]
def fromString(self, data):
self.aces = []
Structure.fromString(self, data)
for i in range(self['AceCount']):
# If we don't have any data left, return
if len(self['Data']) == 0:
raise Exception, "ACL header indicated there are more ACLs to unpack, but there is no more data"
ace = ACE(data=self['Data'])
self.aces.append(ace)
self['Data'] = self['Data'][ace['AceSize']:]
self['Data'] = self.aces
def fromString(self, data):
Structure.fromString(self, data)
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[domain_offset:domain_end]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[host_offset:host_end]
hasOsInfo = self['flags'] & NTLMSSP_NEGOTIATE_VERSION
if len(data) >= 36 and hasOsInfo:
self['os_version'] = data[32:40]
else:
self['os_version'] = ''
def fromString(self, data):
Structure.fromString(self, data)
# All these fields are optional, if the offset is 0 they are empty
# there are also flags indicating if they are present
# TODO: parse those if it adds value
if self['OffsetOwner'] != 0:
self['OwnerSid'] = LDAP_SID(data=data[self['OffsetOwner']:])
else:
self['OwnerSid'] = ''
if self['OffsetGroup'] != 0:
self['GroupSid'] = LDAP_SID(data=data[self['OffsetGroup']:])
else:
self['GroupSid'] = ''
if self['OffsetSacl'] != 0:
self['Sacl'] = ACL(data=data[self['OffsetSacl']:])
else:
self['Sacl'] = ''
if self['OffsetDacl'] != 0:
self['Dacl'] = ACL(data=data[self['OffsetDacl']:])
else:
self['Sacl'] = ''
def fromString(self, data):
Structure.fromString(self, data)
if data is not None:
bioKey = BCRYPT_KEY_DATA_BLOB_HEADER(
unhexlify(self['BioKey'].decode('utf-16le')[:-1]))
self['BioKey'] = bioKey
def fromString(self, data):
Structure.fromString(self, data)
def fromString(self, data):
Structure.fromString(self, data)
self['domain_name'] = data[self['domain_offset']:][:self['domain_len']]
self['TargetInfoFields'] = data[
self['TargetInfoFields_offset']:][:self['TargetInfoFields_len']]
return self
def fromString(self, data):
# This will parse the header
Structure.fromString(self, data)
# Now we parse the ACE body according to its type
self['TypeName'] = ACE_TYPE_MAP[self['AceType']].__name__
self['Ace'] = ACE_TYPE_MAP[self['AceType']](data=self['Ace'])