Skip to content

@asolino asolino released this Jun 28, 2016 · 813 commits to master since this release

Project's main page at www.coresecurity.com

ChangeLog for 0.9.15:

  1. Library improvements
  • SMB3.create(): define CreateContextsOffset and CreateContextsLength when applicable (by @rrerolle)
  • Retrieve user principal name from CCache file allowing to call any script with -k and just the target system (by @MrTchuss)
  • Packet fragmentation for DCE RPC layer mayor overhaul.
  • Improved pass-the-key attacks scenarios (by @skelsec)
  • Adding a minimalistic LDAP/s implementation (supports PtH/PtT/PtK). Only search is available (and you need to
    build the search filter yourself)
  • IPv6 improvements for DCERPC/LDAP and Kerberos
  1. Examples improvements
    • Adding -dc-ip switch to all examples. It allows to specify what the IP for the domain is. It assumes the DC and KDC
      resides in the same server
    • secretsdump.py
      • Adding support for Win2016 TP4 in LOCAL or -use-vss mode
      • Adding -just-dc-user switch to download just a single user data (DRSUAPI mode only)
      • Support for different ReplEpoch (DRSUAPI only)
      • pwdLastSet is also included in the output file
      • New structures/flags added for 2016 TP5 PAM support
    • wmiquery.py
      • Adding -rpc-auth-level switch (by @gadio)
    • smbrelayx.py
      • Added option to specify authentication status code to be sent to requesting client (by @mgeeky)
      • Added one-shot parameter. After successful authentication, only execute the attack once for each target (per protocol)
  2. New Examples
    • GetUserSPNs.py: This module will try to find Service Principal Names that are associated with normal user account.
      This is part of the kerberoast attack researched by Tim Medin (@timmedin)
    • ntlmrelayx.py: smbrelayx.py on steroids!. NTLM relay attack from/to multiple protocols (HTTP/SMB/LDAP/MSSQL/etc)
      (by @dirkjanm)
Assets 3
You can’t perform that action at this time.