Skip to content

Releases: fortra/impacket

Impacket 0.11.0

03 Aug 17:36
@anadrianmanrique anadrianmanrique
impacket_0_11_0
5af85c2
Compare
Choose a tag to compare
Impacket 0.11.0 Latest
Latest

Impacket 0.11.0:

Project's main page at https://www.coresecurity.com/core-labs/open-source-tools/impacket

ChangeLog for 0.11.0:

  1. Library improvements

    • Added new Kerberos error codes (@ly4k).
    • Added [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation (@nopernik).
    • Changed the setting up for new SSL connections (@mpgn, @CT-H00K and @0xdeaddood).
    • Added a callback function to smbserver for incoming authentications (@p0dalirius).
    • Fix crash in winregistry (@laxa)
    • Fixes in IDispatch derived classes in comev implementation (@NtAlexio2)
    • Fix CVE-2020-17049 in ccache.py (@godylockz)
    • Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination (@JerAxxxxxxx)
    • tds: Fixed python3 incompatibility when receiving over TLS socket (@exploide)
    • crypto: Ensure passwords are utf-8 encoded before deriving Kerberos keys (@jojonas)
    • ese: Fixed python3 incompatibility when reading from db (@alexisbalbachan)
    • ldap queries: Escaped characters are now correctly parsed (@alexisbalbachan)
    • Support SASL authentication in ldap protocol (@NtAlexio2)

  2. Examples improvements

  3. New examples

As always, thanks a lot to all these contributors that make this library better every day (up to now):

@ly4k @nopernik @snovvcrash @ShutdownRepo @kiwids0220 @mpgn @CT-H00K @rmaksimov @arossert @aevy-syn @tirkarthi @p0dalirius @Dramelac @Mayfly277 @S3cur3Th1sSh1t @nobbd @AdrianVollmer @trietend @TurtleARM @ThePirateWhoSmellsOfSunflowers @SAERXCIT @clavoillotte @Marshall-Hallenbeck @sploutchy @almandin @rtpt-alexanderneumann @JerAxxxxxxx @NtAlexio2 @laxa @godylockz @exploide @jojonas @Zamanry @erasmusc @bugch3ck @ljrk0 @Sq00ky @shoxxdj @Alef-Burzmali @bransh @api0cradle @alexisbalbachan @0xdeaddood @Sanmopre

Contributors

trietend, laxa, and 42 other contributors
Assets 3

Impacket 0.10.0

04 May 14:55
@0xdeaddood 0xdeaddood
impacket_0_10_0
7a18ef5
Compare
Choose a tag to compare
Impacket 0.10.0

Project's main page at https://www.secureauth.com/labs/open-source-tools/impacket/

ChangeLog for 0.10.0:

  1. Library improvements

    • Dropped support for Python 2.7.
    • Refactored the testing infrastructure (@martingalloar):
      • Added pytest as the testing framework to organize and mark test cases. Tox remain as the automation framework, and Coverage.py for measuring code coverage.
      • Custom bash scripts were replaced with test cases auto-discovery.
      • Local and remote test cases were marked for easy run and configuration.
      • DCE/RPC endpoint test cases were refactored and moved to a new layout.
      • An initial testing guide with the main steps to prepare a testing environment and run them.
      • Fixed a good amount of DCE/RPC endpoint test cases that were failing.
      • Added tests for [MS-PAR], [MS-RPRN], CCache and DPAPI.
    • Added a function to compute the Netlogon Authenticator at client-side in [MS-NRPC] (@0xdeaddood)
    • Added [MS-DSSP] protocol implementation (@simondotsh)
    • Added GetDriverDirectory functions to [MS-PAR] and [MS-RPRN] (@raithedavion)
    • Refactored the Credential Cache:
      • Added new parseFile function to ccache.py (@rmaksimov)
      • Added support for loading CCache Version 3 (@reznok)
      • Modified fromKRBCRED function used to load a Kirbi file (@0xdeaddood)
      • Fixed Ccache to Kirbi conversion (@ShutdownRepo)
    • Fixed default NTLM server challenge in smbserver (@rtpt-jonaslieb)

  2. Examples improvements

  3. New examples

As always, thanks a lot to all these contributors that make this library better every day (since last version):

@rmaksimov @simondotsh @CCob @raithedavion @SAERXCIT @Maltemo @dirkjanm @reznok @ShutdownRepo @scopedsecurity @Tw1sm @nodauf @p0dalirius @zblurx @hugo-syn @capnkrunchy @mohemiv @mpgn @rtpt-jonaslieb @snovvcrash @Alef-Burzmali @ThePirateWhoSmellsOfSunflowers @jlvcm

Contributors

Alef-Burzmali, jlvcm, and 22 other contributors
Assets 3

Impacket 0.9.24

27 Oct 15:29
@0xdeaddood 0xdeaddood
impacket_0_9_24
265ce17
Compare
Choose a tag to compare
Impacket 0.9.24

Project's main page at https://www.secureauth.com/labs/open-source-tools/impacket/

ChangeLog for 0.9.24:

  1. Library improvements

    • Fixed WMI objects parsing (@franferrax)
    • Added the RpcAddPrinterDriverEx method and related structures to [MS-RPRN]: Print System Remote Protocol (@cube0x0)
    • Initial implementation of [MS-PAR]: Print System Asynchronous Remote Protocol (@cube0x0)
    • Complying MS-RPCH with HTTP/1.1 (@mohemiv)
    • Added return of server time in case of Kerberos error (@ShutdownRepo and @Hackndo)

  2. Examples improvements

  3. New examples

As always, thanks a lot to all these contributors that make this library better every day (since last version):

@deadjakk @franferrax @cube0x0 @w0rmh013 @skelsec @mohemiv @LZD-TMoreggia @exploide @ShutdownRepo @Hackndo @snovvcrash @rmaksimov @Gifts @Rcarnus @ExAndroidDev @ly4k @p0dalirius

Contributors

Gifts, rmaksimov, and 19 other contributors
Assets 3

Impacket 0.9.23

09 Jun 15:07
@0xdeaddood 0xdeaddood
impacket_0_9_23
090cf0c
Compare
Choose a tag to compare
Impacket 0.9.23

Project's main page at https://www.secureauth.com/labs/open-source-tools/impacket/

ChangeLog for 0.9.23:

  1. Library improvements

    • Support connect timeout with SMBTransport (@vruello)
    • Speeding up DcSync (@mohemiv)
    • Fixed Python3 issue when serving SOCKS5 requests (@agsolino)
    • Moved docker container to Python 3.8 (@mgallo)
    • Added basic GitHub Actions workflow (@mgallo)
    • Fixed Path Traversal vulnerabilities in smbserver.py - CVE-2021-31800 (@omriinbar AppSec Researcher at CheckMarx)
    • Fixed POST request processing in httprelayserver.py (@Rcarnus)
    • Added cat command to smbclient.py (@mxrch)
    • Added new features to the LDAP Interactive Shell to facilitate AD exploitation (@adamcrosser)
    • Python 3.9 support (@meeuw and @cclauss)

  2. Examples improvements

  3. New examples

    • Get-GPPPassword.py: This example extracts and decrypts Group Policy Preferences passwords using streams for treating files instead of mounting shares. Additionally, it can parse GPP XML files offline (@ShutdownRepo and @p0dalirius)
    • smbpasswd.py: This script is an alternative to smbpasswd tool and intended to be used for changing expired passwords remotely over SMB (MSRPC-SAMR) (@snovvcrash)

As always, thanks a lot to all these contributors that make this library better every day (since last version):

@mpgn @vruello @mohemiv @jagotu @jakekarnes42 @snovvcrash @zexusx26 @omriinbar @Rcarnus @nuschpl @mxrch @ShutdownRepo @p0dalirius @adamcrosser @franferrax @meeuw and @cclauss

Contributors

meeuw, mgallo, and 18 other contributors
Assets 3

impacket 0.9.22

23 Nov 14:43
@asolino asolino
impacket_0_9_22
2438fb6
Compare
Choose a tag to compare
impacket 0.9.22

Project's main page at https://www.secureauth.com/labs/impacket/

ChangeLog for 0.9.22:

  1. Library improvements

    • Added implementation of RPC over HTTP v2 protocol (by @mohemiv).
    • Added MS-NSPI, MS-OXNSPI and MS-OXABREF protocol implementations (by @mohemiv).
    • Improved the multi-page results in LDAP queries (by @ThePirateWhoSmellsOfSunflowers).
    • NDR parser optimization (by @mohemiv).
    • Improved serialization of WMI method parameters (by @tshmul).
    • Introduce the MS-NLMP 2.2.2.10 VERSION structure in NTLMAuthNegotiate messages (by @franferrax).
    • Added some NETLOGON structs for NetrServerPasswordSet2 (by @dirkjanm).
    • Python 3.8 support.

  2. Examples improvements

    • atexec.py: Fixed after MS patches related to RPC attacks (by @mohemiv).
    • dpapi.py: Added -no-pass, pass-the-hash and AES Key support for backup subcommand.
    • GetNPUsers.py: Added ability to enumerate targets with Kerberos KRB5CC (by @rmaksimov).
    • GetUserSPNs.py: Added new features for kerberoasting (by @mohemiv).
    • ntlmrelayx.py:
      • Added ability to relay on new Windows versions that have SMB guest access disabled by default.
      • Added option to specify the NTLM Server Challenge used when receiving a connection.
      • Added relaying to RPC support (by @mohemiv).
      • Implemented WCFRelayServer (by @cnotin).
      • Added Zerologon DCSync Relay Client (by @dirkjanm).
      • Fixed issue in ldapattack.py when relaying and creating computer in CN=Computers (by @Hackndo).
    • rpcdump.py: Added RPC over HTTP v2 support (by @mohemiv).
    • secretsdump.py:
      • Added ability to specifically delete a shadow based on its ID (by @phefley).
      • Dump plaintext machine account password when dumping the local registry secrets(by @dirkjanm).

  3. New examples

As always, thanks a lot to all these contributors that make this library better every day (since last version):
@mohemiv @mpgn @Romounet @ThePirateWhoSmellsOfSunflowers @rmaksimov @fuzzKitty @tshmul @spinenkoia @AaronRobson @ABCIFOGeowi40 @cclauss @cnotin @5alt @franferrax @Dliv3 @dirkjanm @Mr-Gag @vbersier @phefley @Hackndo

Assets 3

impacket 0.9.21

26 Mar 20:10
@asolino asolino
impacket_0_9_21
039087d
Compare
Choose a tag to compare
impacket 0.9.21

Project's main page at www.secureauth.com

ChangeLog for 0.9.21:

  1. Library improvements

    • New methods into CCache class to import/export kirbi (KRB-CRED) formatted tickets (by @zer1t0).
    • Add FSCTL_SRV_ENUMERATE_SNAPSHOTS functionality to SMBConnection (by @rxwx).
    • Changes in NetBIOS classes in nmb.py (select() by poll() read from socket) (by @cnotin).
    • Timestamped logging added.
    • Interactive shell to perform LDAP operations (by @mlefebvre).
    • Added two DCE/RPC calls in tsch.py (by @mohemiv).
    • Single-source the version number and standardize on symantic + pre-release + local versioning (by @jsherwood0).
    • Added implementation for keytab files (by @kcirtapw).
    • Added SMB 3.1.1 support for Client SMB Connections.

  2. Examples improvements

    • smbclient.py: List the VSS snapshots for a specified path (by @rxwx).
    • GetUserSPNs.py: Added delegation information associated with accounts (by @G0ldenGunSec).
    • dpapi.py:
      • Added more functions to decrypt masterkeys based on SID + hashes/key. Also support supplying hashes instead of the password for decryption(by @dirkjanm).
      • Pass the hash support for backup key retrieval (by @imaibou).
      • Added feature to decrypt a user's masterkey using the MS-BKRP (by @imaibou).
    • raiseChild.py: Added a new flag to specify the RID of a user to dump credentials (by @0xdeaddood).
    • Added flags to bypass badly made detection use cases (by @MaxNad):
      • smbexec.py: Possibility to rename the PSExec uploaded binary name with the -remote-binary-name flag.
      • psexec.py: Possibility to use another service name with the -service-name flag.
    • ntlmrelayx.py:
      • Added a flag to use a SID as the escalate user for delegation attacks(by @0xe7).
      • Support for dumping LAPS passwords (by @praetorian-adam-crosser).
      • Added LDAP interactive mode that allow an attacker to manually perform basic operations like creating a new user, adding a user to a group , dump the AD, etc. (by @mlefebvre).
      • Support for multiple relays through one SMB connection (by @0xdeaddood).
      • Added support for dumping gMSA passwords (by @cube0x0).
    • ticketer.py: Added an option to use the SPNs keys from a keytab for a silver ticket.(by @kcirtapw)

  3. New Examples

    • addcomputer.py: Allows add a computer to a domain using LDAP or SAMR (SMB) (by @jagotu)
    • ticketConverter.py: This script converts kirbi files, commonly used by mimikatz, into ccache files used by Impacket, and vice versa (by @zer1t0).
    • findDelegation.py: Simple script to quickly list all delegation relationships (unconstrained, constrained, resource-based constrained) in an AD environment (by @G0ldenGunSec).

As always, thanks a lot to all these contributors that make this library better every day (since last version):

@jagotu, @zer1t0 ,@rxwx, @mpgn, @danhph, @awsmhacks, @slasyz, @cnotin, @exploide, @G0ldenGunSec, @dirkjanm, @0xdeaddood, @MaxNad, @imaibou, @BarakSilverfort, @0xe7, @mlefebvre, @rmaksimov, @praetorian-adam-crosser, @jsherwood0, @mohemiv, @justin-p, @cube0x0, @spinenkoia, @kcirtapw, @MrAnde7son, @fridgehead, @MarioVilas.

Assets 3

impacket 0.9.20

25 Sep 17:47
@asolino asolino
impacket_0_9_20
647d7be
Compare
Choose a tag to compare
impacket 0.9.20

Project's main page at www.secureauth.com

ChangeLog for 0.9.20:

  1. Library improvements

    • Python 3.6 support! This is the first release supporting Python 3.x so please issue tickets whenever you find something not working as expected. Libraries and examples should be fully functional.
    • Test coverage improvements by @infinnovation-dev
    • Anonymous SMB 2.x Connections are not encrypted anymore (by @cnotin)
    • Support for multiple PEKs when decrypting Windows 2016 DIT files (by @mikeryan)

  2. Examples improvements

  3. New Examples

    • kintercept.py: A tool for intercepting krb5 connections and for testing KDC handling S4U2Self with unkeyed checksum (by @iboukris)

As always, thanks a lot to all these contributors that make this library better every day (since last version):
@infinnovation-dev, @cnotin, @mikeryan, @SR4ven, @cclauss, @skorov, @msimakov, @dirkjanm, @franferrax, @iboukris, @n1ngod, @c0d3z3r0, @MrAnde7son.

Assets 3

impacket 0.9.19

01 Apr 17:47
@asolino asolino
impacket_0_9_19
621fd66
Compare
Choose a tag to compare
impacket 0.9.19

Project's main page at www.secureauth.com

ChangeLog for 0.9.19:

  1. Library improvements

  2. Examples improvements

As always, thanks a lot to all these contributors that make this library better every day (since last version):
@dirkjanm, @MrAnde7son, @ibo, @franferrax, @Qwokka, @CaledoniaProject , @eladshamir, @zer1t0, @martingalloar, @muizzk, @Petraea, @SR4ven, @Fist0urs, @zer1t0

Assets 3

impacket 0.9.18

05 Dec 19:08
@asolino asolino
impacket_0_9_18
462449c
Compare
Choose a tag to compare
impacket 0.9.18

Project's main page at www.secureauth.com

ChangeLog for 0.9.18:

  1. Library improvements

    • Replace unmaintained PyCrypto for pycryptodome (@dirkjanm)
    • Using cryptographically secure pseudo-random generators
    • Kerberos "no pre-auth and RC4" handling in GetKerberosTGT (by @qlemaire)
    • Test cases adjustments, travis and flake support (@cclauss)
    • Python3 test cases fixes (@eldipa)
    • Adding DPAPI / Vaults related structures and functions to decrypt secrets.
    • [MS-RPRN] Interface implementation (Initial)

  2. Examples improvements

  3. New Examples

    • dpapi.py: Allows decrypting vaults, credentials and masterkeys protected by DPAPI. Domain backup key support added by @MrAnde7son

As always, thanks a lot to all these contributors that make this library better every day (since last version):
@dirkjanm, @MrAnde7son, @franferrax, @MrRobot86, @qlemaire, @cauan, @eldipa

Assets 3

impacket 0.9.17

30 May 21:47
@asolino asolino
impacket_0_9_17
e7fd42a
Compare
Choose a tag to compare
impacket 0.9.17

Project's main page at www.coresecurity.com

ChangeLog for 0.9.17:

  1. Library improvements

    • New [MS-PAC] Implementation.
    • LDAP engine: Added extensibleMatch string filter parsing, simple paging support and handling of unsolicited notification (by @kacpern)
    • ImpactDecoder: Add EAPOL, BOOTP and DHCP packet decoders (by Michael Niewoehner)
    • Kerberos engine: DES-CBC-MD5 support to kerberos added (by @skelsec)
    • SMB3 engine: If target server supports SMB >= 3, encrypt packets by default.
    • Initial [MS-DHCPM] and [MS-EVEN6] Interface implementation by @MrAnde7son
    • Major improvements to the NetBIOS layer. More use of structure.py in there.
    • MQTT Protocol Implementation and example.
    • Tox/Coverage Support added, test cases moved to its own directory. Major overhaul.
    • Many fixes and improvements in Kerberos, SMB and DCERPC (too much to name in a few lines).

  2. Examples improvements

    • GetUserSPNs.py: -request-user parameter added. Requests STs for the SPN associated to the user specified. Added support for AES Kerberoast tickets (by @elitest).
    • services.py: added port 139 support and related options (by @real-datagram).
    • samrdump.py: -csv switch to output format in CSV added.
    • ntlmrelayx.py: Major architecture overhaul. Now working mostly through dynamically loaded plugins. SOCKS proxy support for relayed connections. Specific attacks for every protocol and new protocols support (IMAP, POP3, SMTP). Awesome contributions by @dirkjanm.
    • secretsdump.py : AES(128) support for SAM hashes decryption. OldVal parameter dump added to LSA secrets dump (by @Ramzeth).
    • mssqlclient.py: Alternative method to execute cmd's on MSSQL (sp_start_job). (by @Kayzaks).
    • lsalookupsid.py: added no-pass and domain-users options (by @ropnop).

  3. New Examples

    • ticketer.py: Create Golden/Silver tickets from scratch or based on a template (legally requested from the KDC) allowing you to customize some of the parameters set inside the PAC_LOGON_INFO structure, in particular the groups, extrasids, duration, etc. Silver tickets creation by @machosec and @bransh.
    • GetADUsers.py: Gathers data about the domain's users and their corresponding email addresses. It will also include some extra information about last logon and last password set attributes.
    • getPac.py: Gets the PAC (Privilege Attribute Certificate) structure of the specified target user just having a normal authenticated user credentials. It does so by using a mix of [MS-SFU]'s S4USelf + User to User Kerberos Authentication.
    • getArch.py: Will connect against a target (or list of targets) machine/s and gather the OS architecture type installed by (ab)using a documented MSRPC feature.
    • mimikatz.py: Mini shell to control a remote mimikatz RPC server developed by @gentilkiwi.
    • sambaPipe.py: Will exploit CVE-2017-7494, uploading and executing the shared library specified by the user through the -so parameter.
    • dcomexec.py: A semi-interactive shell similar to wmiexec.py, but using different DCOM endpoints. Currently supports MMC20.Application, ShellWindows and ShellBrowserWindow objects. (contributions by @byt3bl33d3r).
    • getTGT.py: Given a password, hash or aesKey, this script will request a TGT and save it as ccache.
    • getST.py: Given a password, hash, aesKey or TGT in ccache, this script will request a Service Ticket and save it as ccache. If the account has constrained delegation (with protocol transition) privileges you will be able to use the -impersonate switch to request the ticket on behalf other user.

As always, thanks a lot to all these contributors that make this library better every day (since last version):
@dirkjanm, @real-datagram, @kacpern, @martinuy, @xelphene, @blark, @the-useless-one, @contactr2m, @droc, @martingalloar, @skelsec, @franferrax, @FR0STBYT3, @ropnop, @MrAnde7son, @machosec, @federicoemartinez, @elitest, @symeonp, @Kanda-Motohiro, @Ramzeth, @mohemiv, @Arch4ngel, @derekchentrendmicro, @Kayzaks, @donwayo, @bao7uo, @byt3bl33d3r, @xambroz, @luzpaz, @TheNaterz, @Mikkgn, @derUnbekannt.

Assets 2