anadrianmanrique
released this
16 Sep 20:07
·
17 commits
to master
since this release
Impacket 0.12.0:
Project's main page at https://www.coresecurity.com/core-labs/open-source-tools/impacket
ChangeLog for 0.12.0:
-
Library improvements
- Fixed broken hRSetServiceObjectSecurity method (@rkivys)
- Removed dsinternals dependency (@anadrianmanrique)
- Fixed srvs.hNetrShareEnum returning erronous shares (@cnotin)
- Fixed lmhash computing to support non standard characters in the password (@anadrianmanrique)
- Assorted fixes when processing Unicode data (@alexisbalbachan)
- Added
[MS-GKDI]
Group Key Distribution Protocol implementation (@zblurx) - Fixed incorrect padding in SMBSessionSetupAndX_Extended_ResponseData (@rtpt-erikgeiser)
- Upgraded dependency pyreadline -> pyreadline3 (@anadrianmanrique)
- SMB Server:
- Added query information level 0x0109 for smb1 "SMB_QUERY_FILE_STREAM_INFO" (@Adamkadaban)
- Fixed filename encoding in queryPathInformation (@JerAxxxxxxx)
- Fixed NextEntryOffset for large directory listings (@robnanola)
- Fixed server returning an empty folder when cutting and pasting recursive directories (@robnanola)
- DHCP: Fixed encoding issues (@ujwalkomarla)
-
Examples improvements
- secretsdump.py:
- Double DC Sync performance for DCs supporting SID lookups (@tomspencer)
- Added ability to skip dumping of SAM or SECURITY hives when performing remote operations (@RazzburyPi)
- Added ability to specify users to skip when dumping NTDS (@RazzburyPi)
- ticketer.py:
- Support to create Sapphire tickets (@ShutdownRepo)
- GetUserSPNs.py, getTGT.py:
- Support for Kerberoasting without pre-authentication and ST request through AS-REQ (@ShutdownRepo)
- wmiexec.py:
- Fix kerberos with remoteHost & add '-target-ip'(@XiaoliChan)
- ntlmrelayx.py:
- Added the creation of a new machine account through SMB (@BlWasp)
- NTLMRelayX Multirelay fixes for target handling, added --keep-relaying flag (@alexisbalbachan)
- Logging multirelay status when triggering the example (@gabrielg5)
- Write certificates to file rather than outputting b64 to console (@RazzburyPi)
- Improved ability to continue relaying to ADCS web enrollment endpoint in order to request multiple certificates for different users (@RazzburyPi)
- Fixed compatibility issue with other SMB clients connecting to the SOCKS proxy created by ntlmrelayx (@jfjallid)
- Allow configuration of the SOCKS5 address and port (@rtpt-erikgeiser)
- Fixed implementation of MSSQLShell (@gabrielg5)
- Logging notification of received connections in all relay servers (@gabrielg5)
- Add domain and username to interactive Ldap shell message (@minniear)
- Enhanced MSSQLShell in NTLMRelayX leveraging TcpShell & output messages (@gabrielg5)
- LDAP Attack: Bugfixes when parsing responses (@SAERXCIT)
- getST.py:
- Added -self, -altservice and -u2u for S4U2self abuse, S4U2self+u2u, and service substitution (@ShutdownRepo)
- Added ability to set the RENEW ticket option to renew a TGT (@shikatano)
- Fixed unicode encoding error when using the -impersonate flag (@alexisbalbachan)
- getTGT.py:
- Added principalType as new parameter (@DevSpork)
- reg.py:
- smbclient.py:
- Added ability to provide an output file that the smbclient mini shell will write commands and output to (@RazzburyPi)
- Fixed path parse issue when running
tree
command (@trietend)
- smbserver.py:
- Added parameter "-outputfile" to set smbserver log file(gabrielg5)
- DumpNTLMInfo.py:
- Allow execution on non-default ports (@jeffmcjunkin)
- Fixed KeyError exception when running with a Windows 2003 target (@XiaoliChan)
- findDelegation.py:
- Added new column to show if SPN exists (@p0dalirius)
- mssqlclient.py:
- Added
-target-ip
parameter to allow Kerberos authentication without much change in the DNS configuration of the local machine (@Palkovsky)
- Added
- mssqlshell.py:
- Switching back to original DB after running
enum_impersonate
command (@exploide) - Fixed logging in printReplies showing error messages (@gabrielg5)
- Switching back to original DB after running
- registry-read.py:
- Fixed scenario where value name contains backlash (@DidierA)
- net.py:
- Fixed User "Account Active" property value (@marcobarlottini)
- Fixed log messages printing variables in the wrong order (@Cyb3rC3lt)
- rbcd.py:
- Handled SID not found in LDAP error (@ShutdownRepo)
- GetUserSPNs.py:
- Updated the help information for -outputfile to be consistent with -save (@scarvell)
- ntfs-read.py:
- Minor refactor in ntfs-read.py to make it more human-readable (@NtAlexio2)
- ldap_shell.py:
- Added support for dirsync and whoami commands (@nurfed1)
- lookupsid.py:
- Now supports kerberos auth (@A1vinSmith)
- samrdump.py:
- Will fetch AdminComment using MSRPC (@joeldeleep)
- tstool.py:
- Added support for kerberos auth, resolves SIDs (@nopernik)
- secretsdump.py:
-
New examples
- describeTicket.py: Ticket describer and decrypter. (@ShutdownRepo)
- GetADComputers.py: Query's DC via LDAP and returns the COMPUTER objects and the useful attributes such as full dns name, operating system name and version. (@F-Masood)
- GetLAPSPassword.py: Extract LAPS passwords from LDAP (@zblurx and @dru1d-foofus)
- dacledit.py: This script can be used to read, write, remove, backup, restore ACEs (Access Control Entries) in an object DACL (Discretionary Access Control List). (@ShutdownRepo) (@BlWasp_) (@wlayzz)
- owneredit.py: Added this script to abuse WriteOwner (ADS_RIGHT_WRITE_OWNER) access rights. This allows to take ownership of another object, and then edit that object's DACL (@ShutdownRepo) (@BlWasp_)
As always, thanks a lot to all these contributors that make this library better every day (up to now):
@tomspencer @anadrianmanrique @ShutdownRepo @dadevel @gjhami @NtAlexio2 @F-Masood @BlWasp @gabrielg5 @XiaoliChan @omry99 @wlayzz @themaks @alexisbalbachan @RazzburyPi @jeffmcjunkin @p0dalirius @dc3l1ne @jfjallid @Palkovsky @rtpt-erikgeiser @trietend @zblurx @dru1d-foofus @PfiatDe @DidierA @marcobarlottini @PeterGabaldon @m8r1us @5yn @tzuralon @Adamkadaban @scarvell @JerAxxxxxxx @ujwalkomarla @robnanola @SAERXCIT @nurfed1 @A1vinSmith @joeldeleep @nopernik