<?php
$ntlmpacket= mb_convert_encoding(base64_decode( "TlRMTVNTUAACAAAADgAOADgAAAAVgoniFvduRcv1/b4AAAAAAAAAAJYAlgBGAAAABgGxHQAAAA9IAE8AUwBUAEkATgBHAAIADgBIAE8AUwBUAEkATgBHAAEAEABIAC0AQQBQAFAANAAyADMABAAWAGgAbwBzAHQAaQBuAGcALgBzAGMAYQADACgAaAAtAGEAcABwADQAMgAzAC4AaABvAHMAdABpAG4AZwAuAHMAYwBhAAUAFgBoAG8AcwB0AGkAbgBnAC4AcwBjAGEABwAIAHdK4ofuN9EBAAAAAA==" ));
if((intval(substr($ntlmpacket, 8, 8))) == 3) {
$B = substr($ntlmpacket, 28, 51);
$dLen = ((intval(substr($B, 0, 0)))
+((intval(substr($B, 1, 1)))*256));
$dOff = ((intval(substr($B, 4, 4)))
+((intval(substr($B, 5, 5)))*256)
+((intval(substr($B, 6, 6)))*(256*256))
+((intval(substr($B, 7, 7)))*(256*256*256)));
$uLen = ((intval(substr($B, 8, 8)))
+((intval(substr($B, 9, 9)))*256));
$wLen = ((intval(substr($B, 16, 16)))
+((intval(substr($B, 17, 17)))*256));
echo "NTLM_Domain" + substr($ntlmpacket, $dOff, $dOff+$dLen-1 );
echo "NTLM_User" + substr($ntlmpacket, $dOff + $dLen, $dOff + $dLen + $uLen - 1 );
$start=$dOff + $dLen + $uLen;
$end = $dOff + $dLen + $uLen + $wLen - 1;
echo "NTLM_Workstation" + substr($ntlmpacket, $start, $end);
} else {
echo ":(";
echo dump(substr($ntlmpacket, 8, 8));
}
preferences:
44.35 ms | 402 KiB | 5 Q