Correctly parse SMB NTLMSSP messages

Decide on NTLMv1 vs. NTLMv2 by inspecting the length of the NTLM
response data, not by the presence of LM data. Prior to the patch, if
an LMv2 response was included, Inveigh would output a badly formatted
hash calling it 'NTLMv1'.

Use all four bytes for offset data (just in case).

Simplify string extraction by requiring the use of an offset. Always
used the offsets from the message header instead of assuming a certain
content ordering.

0 files changed, 0 insertions, 0 deletions