Basic NTLMSSP Parsing SchemeLMO TypeNTLMSSP Message

Basic NTLMSSP Parsing Scheme

LMO Type

Field Name

Length

Value

Length

USHORT

Length of the message

Maxlen

USHORT

Maximum length of the message

Offset

DWORD

Offset of the start of the message

NTLMSSP Message

Field Name

Length

Value

NTLMSSP identifier

Fixed: 8

Ascii “NTLMSSP”+0x0

NTLM message Type

DWORD

Lan Manager Response

LMO Type

Binary

NTLM Response

LMO Type

Binary

Domain name

LMO Type

Unicode w/o NULL termination

User name

LMO Type

Unicode w/o NULL termination

Host name

LMO Type

Unicode w/o NULL termination

Session Key

8 Bytes

Flags

DWORD

Leave a Reply