On Mon, 2 Sep 2002, Jim McDonough wrote:
>
> >When it comes to the NTLMSSP challenge, apart from the challenge it self,
> >it also contains what looks like an NDR encoded top level ref to the
> >domain, this time in UCS2-LE, and then another NDR encoded top level ref
> >to what looks like another BLOB. This blob seems to contain:
> Richard,
> Please see my previous posting on this:
> http://marc.theaimsgroup.com/?l=samba-technical&m=102942293528502&w=2
> The middle describes the NTLMSSP challenge. The ULONG of zeroes is the end
> of the list (address type 0, length 0).
Yes, thanks. I also noticed the code in head which expresses essentially
the same things.
> It's probably time to gather the info up into one place, so we don't have
> too many people rediscovering the format...you and I are certainly not the
> first ones to do this.
I am interested in whether it look like NDR Encoded stuff as well. I will
probably spend a small amount of time getting the NTLMSSP dissector to
decode it as NDR to see what it looks like.
The list desctription for the BLOB within the BLOB looks spot-on. How did
you figure that one out?
Regards
-
Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
