Skip to content

Commit

Permalink
Merge branch 'fortra:master' into GetLoggedOn
Browse files Browse the repository at this point in the history
  • Loading branch information
GeisericII authored Nov 27, 2024
2 parents edfe4b2 + ea27e8b commit 0c10b96
Show file tree
Hide file tree
Showing 307 changed files with 2,863 additions and 3,737 deletions.
7 changes: 2 additions & 5 deletions .github/workflows/build_and_test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,11 @@ jobs:
strategy:
fail-fast: false
matrix:
python-version: ["3.7", "3.8", "3.9", "3.10"]
python-version: ["3.8", "3.9", "3.10","3.11"]
experimental: [false]
os: [ubuntu-latest]
include:
- python-version: "3.6"
experimental: false
os: ubuntu-20.04
- python-version: "3.11-dev"
- python-version: "3.12-dev"
experimental: true
os: ubuntu-latest
continue-on-error: ${{ matrix.experimental }}
Expand Down
85 changes: 73 additions & 12 deletions ChangeLog.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,24 @@ Project owner's main page is at www.coresecurity.com.
Complete list of changes can be found at:
https://github.com/fortra/impacket/commits/master

## Impacket v0.12.0-dev:
## Impacket v0.12.0 (Sep 2024):
1. Library improvements
* Fixed broken hRSetServiceObjectSecurity method (@rkivys)
* Removed dsinternals dependency (@anadrianmanrique)
* Fixed srvs.hNetrShareEnum returning erronous shares (@cnotin)

2. Examples improvements
* Fixed lmhash computing to support non standard characters in the password (@anadrianmanrique)
* Assorted fixes when processing Unicode data (@alexisbalbachan)
* Added `[MS-GKDI]` Group Key Distribution Protocol implementation (@zblurx)
* Fixed incorrect padding in SMBSessionSetupAndX_Extended_ResponseData (@rtpt-erikgeiser)
* Upgraded dependency pyreadline -> pyreadline3 (@anadrianmanrique)
* SMB Server:
* Added query information level 0x0109 for smb1 "SMB_QUERY_FILE_STREAM_INFO" (@Adamkadaban)
* Fixed filename encoding in queryPathInformation (@JerAxxxxxxx)
* Fixed NextEntryOffset for large directory listings (@robnanola)
* Fixed server returning an empty folder when cutting and pasting recursive directories (@robnanola)
* DHCP: Fixed encoding issues (@ujwalkomarla)

3. Examples improvements
* [secretsdump.py](examples/secretsdump.py):
* Double DC Sync performance for DCs supporting SID lookups (@tomspencer)
* Added ability to skip dumping of SAM or SECURITY hives when performing remote operations (@RazzburyPi)
Expand All @@ -23,24 +35,73 @@ https://github.com/fortra/impacket/commits/master
* Fix kerberos with remoteHost & add '-target-ip'(@XiaoliChan)
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added the creation of a new machine account through SMB (@BlWasp)
* NTLMRelayX Multirelay fixes for target handling (@alexisbalbachan)
* Writes certificates to file rather than outputting b64 to console (@RazzburyPi)
* NTLMRelayX Multirelay fixes for target handling, added --keep-relaying flag (@alexisbalbachan)
* Logging multirelay status when triggering the example (@gabrielg5)
* Write certificates to file rather than outputting b64 to console (@RazzburyPi)
* Improved ability to continue relaying to ADCS web enrollment endpoint in order to request multiple certificates for different users (@RazzburyPi)
* Fixed compatibility issue with other SMB clients connecting to the SOCKS proxy created by ntlmrelayx (@jfjallid)
* Allow configuration of the SOCKS5 address and port (@rtpt-erikgeiser)
* Fixed implementation of MSSQLShell (@gabrielg5)
* Logging notification of received connections in all relay servers (@gabrielg5)
* Add domain and username to interactive Ldap shell message (@minniear)
* Enhanced MSSQLShell in NTLMRelayX leveraging TcpShell & output messages (@gabrielg5)
* LDAP Attack: Bugfixes when parsing responses (@SAERXCIT)
* [getST.py](examples/getST.py):
* Added -self, -altservice and -u2u for S4U2self abuse, S4U2self+u2u, and service substitution (@ShutdownRepo)
* Added ability to set the RENEW ticket option to renew a TGT (@shikatano)
* Fixed unicode encoding error when using the -impersonate flag (@alexisbalbachan)
* [getTGT.py](examples/getTGT.py):
* Added principalType as new parameter (@DevSpork)
* [reg.py](examples/reg.py):
* Start remote registry as unprivileged user in reg.py (@dadevel)
* [smbclient.py](examples/smbclient.py): Added ability to provide an output file that the smbclient mini shell will write commands and output to (@RazzburyPi)

3. New examples
* Allow adding Binary values (@dc3l1ne)
* Add missing Null byte for REG_SZ values (@PfiatDe)
* Support for adding REG_MULTI_SZ values through (@garbrielg5)
* [smbclient.py](examples/smbclient.py):
* Added ability to provide an output file that the smbclient mini shell will write commands and output to (@RazzburyPi)
* Fixed path parse issue when running `tree` command (@trietend)
* [smbserver.py](examples/smbserver.py):
* Added parameter "-outputfile" to set smbserver log file(gabrielg5)
* [DumpNTLMInfo.py](examples/DumpNTLMInfo.py):
* Allow execution on non-default ports (@jeffmcjunkin)
* Fixed KeyError exception when running with a Windows 2003 target (@XiaoliChan)
* [findDelegation.py](examples/findDelegation.py):
* Added new column to show if SPN exists (@p0dalirius)
* [mssqlclient.py](examples/mssqlclient.py):
* Added `-target-ip` parameter to allow Kerberos authentication without much change in the DNS configuration of the local machine (@Palkovsky)
* [mssqlshell.py](examples/mssqlshell.py):
* Switching back to original DB after running `enum_impersonate` command (@exploide)
* Fixed logging in printReplies showing error messages (@gabrielg5)
* [registry-read.py](examples/registry-read.py):
* Fixed scenario where value name contains backlash (@DidierA)
* [net.py](examples/net.py):
* Fixed User "Account Active" property value (@marcobarlottini)
* Fixed log messages printing variables in the wrong order (@Cyb3rC3lt)
* [rbcd.py](examples/rbcd.py):
* Handled SID not found in LDAP error (@ShutdownRepo)
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Updated the help information for -outputfile to be consistent with -save (@scarvell)
* [ntfs-read.py](examples/ntfs-read.py):
* Minor refactor in ntfs-read.py to make it more human-readable (@NtAlexio2)
* [ldap_shell.py](examples/ldap_shell.py):
* Added support for dirsync and whoami commands (@nurfed1)
* [lookupsid.py](examples/lookupsid.py):
* Now supports kerberos auth (@A1vinSmith)
* [samrdump.py](examples/samrdump.py):
* Will fetch AdminComment using MSRPC (@joeldeleep)
* [tstool.py](examples/tstool.py):
* Added support for kerberos auth, resolves SIDs (@nopernik)

4. New examples
* [describeTicket.py](examples/describeTicket.py): Ticket describer and decrypter. (@ShutdownRepo)
* [GetADComputers.py](examples/GetADComputers.py): Query's DC via LDAP and returns the COMPUTER objects and the useful attributes such as full dns name, operating system name and version. (@F-Masood)
* [readLAPS.py](examples/readLAPS.py): Tries to read all the LAPS password from the current domain computers. (@F-Masood)
* [dacledit.py](examples/dacledit.py): This script can be used to read, write, remove, backup, restore ACEs (Access Control Entries) in an object DACL (Discretionary Access Control List). (@_nwodtuhs) (@BlWasp_) (@Wlayzz)
* [GetLAPSPassword.py](examples/GetLAPSPassword.py): Extract LAPS passwords from LDAP (@zblurx and @dru1d-foofus)
* [dacledit.py](examples/dacledit.py): This script can be used to read, write, remove, backup, restore ACEs (Access Control Entries) in an object DACL (Discretionary Access Control List). (@ShutdownRepo) (@BlWasp_) (@Wlayzz)
* [owneredit.py](examples/owneredit.py): Added this script to abuse WriteOwner (ADS_RIGHT_WRITE_OWNER) access rights. This allows to take ownership of another object, and then edit that object's DACL (@ShutdownRepo) (@BlWasp_)

As always, thanks a lot to all these contributors that make this library better every day (up to now):

@tomspencer @anadrianmanrique @ShutdownRepo @dadevel @gjhami @NtAlexio2 @F-Masood @BlWasp @gabrielg5 @XiaoliChan @omry99 @Wlayzz @themaks @alexisbalbachan @RazzburyPi
@tomspencer @anadrianmanrique @ShutdownRepo @dadevel @gjhami @NtAlexio2 @F-Masood @BlWasp @gabrielg5 @XiaoliChan @omry99 @Wlayzz @themaks @alexisbalbachan @RazzburyPi @jeffmcjunkin @p0dalirius @dc3l1ne @jfjallid @Palkovsky @rtpt-erikgeiser @trietend @zblurx @dru1d-foofus @PfiatDe @DidierA @marcobarlottini @PeterGabaldon @m8r1us @5yn @tzuralon @Adamkadaban @scarvell @JerAxxxxxxx @ujwalkomarla @robnanola @SAERXCIT @nurfed1 @A1vinSmith @joeldeleep @nopernik

## Impacket v0.11.0 (Aug 2023):
Expand Down Expand Up @@ -661,7 +722,7 @@ As always, thanks a lot to all these contributors that make this library better
UUIDs used and that information is included as well. This could be helpful when reading a portmap output and to
develop new functionality to interact against a target interface.
* `smbexec.py`: Another alternative to psexec. Less capabilities but might work on tight AV environments. Based on the
technique described at https://www.optiv.com/blog/owning-computers-without-shell-access. It also
technique described at https://web.archive.org/web/20190515131124/https://www.optiv.com/blog/owning-computers-without-shell-access. It also
supports instantiating a local smbserver to receive the output of the commandos executed for those situations
where no share is available on the other end.
* `smbrelayx.py`: It now also listens on port 80 and forwards/reflects the credentials accordingly.
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Impacket
[![Latest Version](https://img.shields.io/pypi/v/impacket.svg)](https://pypi.python.org/pypi/impacket/)
[![Build and test Impacket](https://github.com/fortra/impacket/actions/workflows/build_and_test.yml/badge.svg)](https://github.com/fortra/impacket/actions/workflows/build_and_test.yml)

FORTRA. Copyright (C) 2023 Fortra. All rights reserved.
Copyright Fortra, LLC and its affiliated companies. All rights reserved.

Impacket was originally created by [SecureAuth](https://www.secureauth.com/labs/open-source-tools/impacket), and now maintained by Fortra's Core Security.

Expand Down Expand Up @@ -50,17 +50,17 @@ Getting Impacket

### Latest version

* Impacket v0.11.0
* Impacket v0.12.0

[![Python versions](https://img.shields.io/pypi/pyversions/impacket.svg)](https://pypi.python.org/pypi/impacket/)

[Current and past releases](https://github.com/fortra/impacket/releases)

### Development version

* Impacket v0.12.0-dev (**[master branch](https://github.com/fortra/impacket/tree/master)**)
* Impacket v0.13.0-dev (**[master branch](https://github.com/fortra/impacket/tree/master)**)

[![Python versions](https://img.shields.io/badge/python-3.6%20|%203.7%20|%203.8%20|%203.9%20|%203.10-blue.svg)](https://github.com/fortra/impacket/tree/master)
[![Python versions](https://img.shields.io/badge/python-3.8%20|%203.9%20|%203.10%20|%203.11%20|%203.12-blue.svg)](https://github.com/fortra/impacket/tree/master)


Setup
Expand Down
4 changes: 3 additions & 1 deletion examples/DumpNTLMInfo.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
4 changes: 3 additions & 1 deletion examples/Get-GPPPassword.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python3
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
4 changes: 3 additions & 1 deletion examples/GetADComputers.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2024 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
4 changes: 3 additions & 1 deletion examples/GetADUsers.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
4 changes: 3 additions & 1 deletion examples/GetLAPSPassword.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
6 changes: 4 additions & 2 deletions examples/GetNPUsers.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down Expand Up @@ -160,7 +162,7 @@ def getTGT(self, userName, requestPAC=True):

reqBody['realm'] = domain

now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
reqBody['till'] = KerberosTime.to_asn1(now)
reqBody['rtime'] = KerberosTime.to_asn1(now)
reqBody['nonce'] = random.getrandbits(31)
Expand Down
4 changes: 3 additions & 1 deletion examples/GetUserSPNs.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
6 changes: 4 additions & 2 deletions examples/addcomputer.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down Expand Up @@ -355,7 +357,7 @@ def LDAP3KerberosLogin(self, connection, user, password, domain='', lmhash='', n
authenticator['authenticator-vno'] = 5
authenticator['crealm'] = domain
seq_set(authenticator, 'cname', userName.components_to_asn1)
now = datetime.datetime.utcnow()
now = datetime.datetime.now(datetime.timezone.utc)

authenticator['cusec'] = now.microsecond
authenticator['ctime'] = KerberosTime.to_asn1(now)
Expand Down
4 changes: 3 additions & 1 deletion examples/atexec.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
4 changes: 3 additions & 1 deletion examples/changepasswd.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
42 changes: 22 additions & 20 deletions examples/dacledit.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python3
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2024 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down Expand Up @@ -96,7 +98,7 @@
'S-1-5-64-14': 'SChannel Authentication',
'S-1-5-64-21': 'Digest Authority',
'S-1-5-80': 'NT Service',
'S-1-5-83-0': 'NT VIRTUAL MACHINE\Virtual Machines',
'S-1-5-83-0': 'NT VIRTUAL MACHINE\\Virtual Machines',
'S-1-16-0': 'Untrusted Mandatory Level',
'S-1-16-4096': 'Low Mandatory Level',
'S-1-16-8192': 'Medium Mandatory Level',
Expand All @@ -105,24 +107,24 @@
'S-1-16-16384': 'System Mandatory Level',
'S-1-16-20480': 'Protected Process Mandatory Level',
'S-1-16-28672': 'Secure Process Mandatory Level',
'S-1-5-32-554': 'BUILTIN\Pre-Windows 2000 Compatible Access',
'S-1-5-32-555': 'BUILTIN\Remote Desktop Users',
'S-1-5-32-557': 'BUILTIN\Incoming Forest Trust Builders',
'S-1-5-32-554': 'BUILTIN\\Pre-Windows 2000 Compatible Access',
'S-1-5-32-555': 'BUILTIN\\Remote Desktop Users',
'S-1-5-32-557': 'BUILTIN\\Incoming Forest Trust Builders',
'S-1-5-32-556': 'BUILTIN\\Network Configuration Operators',
'S-1-5-32-558': 'BUILTIN\Performance Monitor Users',
'S-1-5-32-559': 'BUILTIN\Performance Log Users',
'S-1-5-32-560': 'BUILTIN\Windows Authorization Access Group',
'S-1-5-32-561': 'BUILTIN\Terminal Server License Servers',
'S-1-5-32-562': 'BUILTIN\Distributed COM Users',
'S-1-5-32-569': 'BUILTIN\Cryptographic Operators',
'S-1-5-32-573': 'BUILTIN\Event Log Readers',
'S-1-5-32-574': 'BUILTIN\Certificate Service DCOM Access',
'S-1-5-32-575': 'BUILTIN\RDS Remote Access Servers',
'S-1-5-32-576': 'BUILTIN\RDS Endpoint Servers',
'S-1-5-32-577': 'BUILTIN\RDS Management Servers',
'S-1-5-32-578': 'BUILTIN\Hyper-V Administrators',
'S-1-5-32-579': 'BUILTIN\Access Control Assistance Operators',
'S-1-5-32-580': 'BUILTIN\Remote Management Users',
'S-1-5-32-558': 'BUILTIN\\Performance Monitor Users',
'S-1-5-32-559': 'BUILTIN\\Performance Log Users',
'S-1-5-32-560': 'BUILTIN\\Windows Authorization Access Group',
'S-1-5-32-561': 'BUILTIN\\Terminal Server License Servers',
'S-1-5-32-562': 'BUILTIN\\Distributed COM Users',
'S-1-5-32-569': 'BUILTIN\\Cryptographic Operators',
'S-1-5-32-573': 'BUILTIN\\Event Log Readers',
'S-1-5-32-574': 'BUILTIN\\Certificate Service DCOM Access',
'S-1-5-32-575': 'BUILTIN\\RDS Remote Access Servers',
'S-1-5-32-576': 'BUILTIN\\RDS Endpoint Servers',
'S-1-5-32-577': 'BUILTIN\\RDS Management Servers',
'S-1-5-32-578': 'BUILTIN\\Hyper-V Administrators',
'S-1-5-32-579': 'BUILTIN\\Access Control Assistance Operators',
'S-1-5-32-580': 'BUILTIN\\Remote Management Users',
}


Expand Down Expand Up @@ -871,7 +873,7 @@ def ldap3_kerberos_login(connection, target, user, password, domain='', lmhash='
authenticator['authenticator-vno'] = 5
authenticator['crealm'] = domain
seq_set(authenticator, 'cname', userName.components_to_asn1)
now = datetime.datetime.utcnow()
now = datetime.datetime.now(datetime.timezone.utc)

authenticator['cusec'] = now.microsecond
authenticator['ctime'] = KerberosTime.to_asn1(now)
Expand Down
4 changes: 3 additions & 1 deletion examples/dcomexec.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright (C) 2023 Fortra. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
4 changes: 3 additions & 1 deletion examples/describeTicket.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env python3
# Impacket - Collection of Python classes for working with network protocols.
#
# SECUREAUTH LABS. Copyright (C) 2021 SecureAuth Corporation. All rights reserved.
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
Expand Down
Loading

0 comments on commit 0c10b96

Please sign in to comment.