Impacket 0.11.0:
Project's main page at https://www.coresecurity.com/core-labs/open-source-tools/impacket
ChangeLog for 0.11.0:
-
Library improvements
- Added new Kerberos error codes (@ly4k).
- Added
[MS-TSTS]Terminal Services Terminal Server Runtime Interface Protocol implementation (@nopernik). - Changed the setting up for new SSL connections (@mpgn, @CT-H00K and @0xdeaddood).
- Added a callback function to smbserver for incoming authentications (@p0dalirius).
- Fix crash in winregistry (@laxa)
- Fixes in IDispatch derived classes in comev implementation (@NtAlexio2)
- Fix CVE-2020-17049 in ccache.py (@godylockz)
- Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination (@JerAxxxxxxx)
- tds: Fixed python3 incompatibility when receiving over TLS socket (@exploide)
- crypto: Ensure passwords are utf-8 encoded before deriving Kerberos keys (@jojonas)
- ese: Fixed python3 incompatibility when reading from db (@alexisbalbachan)
- ldap queries: Escaped characters are now correctly parsed (@alexisbalbachan)
- Support SASL authentication in ldap protocol (@NtAlexio2)
-
Examples improvements
- GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and findDelegation.py:
- Added dc-host option to connect to specific KDC using its FQDN or NetBIOS name (@rmaksimov and @0xdeaddood).
- GetNPUsers.py
- Printing TGT in stdout despite -outputfile parameter (@alexisbalbachan and @Zamanry)
- Fixed output hash format for AES128/256 (etype 17/18) (@erasmusc)
- GetUserSPNs.py:
- Added LDAP paged search (@ThePirateWhoSmellsOfSunflowers and @SAERXCIT).
- Added a -stealth flag to remove the SPN filter from the LDAP query (@clavoillotte).
- Improved searchFilter (@ShutdownRepo)
- Use LDAP paged search (@ThePirateWhoSmellsOfSunflowers)
- psexec.py:
- Added support for name customization using a custom binary file (@Dramelac).
- smbexec.py:
- secretsdump.py:
- Added a new option to extract only NTDS.DIT data for specific users based on an LDAP filter (@snovvcrash).
- Security fixes for privilege escalation vulnerabilities (@bugch3ck).
- mssqlclient.py:
- Added multiple new commands. Now supports xp_dirtree execution (@Mayfly277, @trietend and @TurtleARM).
- ntlmrelayx.py:
- Added ability to trigger SQLShell when running ntlmrelayx in interactive mode (@sploutchy).
- Added filter option to the socks command in ntlmrelayx CLI (@shoxxdj)
- Added ability to register DNS records through LDAP.
- addcomputer.py, rbcd.py:
- Allow weak TLS ciphers for LDAP connections (@AdrianVollmer)
- Get-GPPPassword.py:
- Better handling of various XML files in Group Policy Preferences (@p0dalirius)
- smbclient.py:
- Added recursive file listing (@Sq00ky)
- ticketer.py:
- GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and findDelegation.py:
-
New examples
- net.py Implementation of windows net.exe builtin tool (@NtAlexio2)
- changepasswd.py New example that allows password changing or reseting through multiple protocols (@Alef-Burzmali, @snovvcrash, @bransh, @api0cradle and @p0dalirius)
- DumpNTLMInfo.py New example that dumps remote host information in ntlm authentication model, without credentials. For SMB protocols v1, v2 and v3. (@NtAlexio2)
As always, thanks a lot to all these contributors that make this library better every day (up to now):
@ly4k @nopernik @snovvcrash @ShutdownRepo @kiwids0220 @mpgn @CT-H00K @rmaksimov @arossert @aevy-syn @tirkarthi @p0dalirius @Dramelac @Mayfly277 @S3cur3Th1sSh1t @nobbd @AdrianVollmer @trietend @TurtleARM @ThePirateWhoSmellsOfSunflowers @SAERXCIT @clavoillotte @Marshall-Hallenbeck @sploutchy @almandin @rtpt-alexanderneumann @JerAxxxxxxx @NtAlexio2 @laxa @godylockz @exploide @jojonas @Zamanry @erasmusc @bugch3ck @ljrk0 @Sq00ky @shoxxdj @Alef-Burzmali @bransh @api0cradle @alexisbalbachan @0xdeaddood @Sanmopre