fortra/impacket impacket_0_9_21

impacket 0.9.21

on GitHub

Project's main page at www.secureauth.com

ChangeLog for 0.9.21:

1. Library improvements

   • New methods into CCache class to import/export kirbi (KRB-CRED) formatted tickets (by @zer1t0).
   • Add FSCTL_SRV_ENUMERATE_SNAPSHOTS functionality to SMBConnection (by @rxwx).
   • Changes in NetBIOS classes in nmb.py (select() by poll() read from socket) (by @cnotin).
   • Timestamped logging added.
   • Interactive shell to perform LDAP operations (by @mlefebvre).
   • Added two DCE/RPC calls in tsch.py (by @mohemiv).
   • Single-source the version number and standardize on symantic + pre-release + local versioning (by @jsherwood0).
   • Added implementation for keytab files (by @kcirtapw).
   • Added SMB 3.1.1 support for Client SMB Connections.

2. Examples improvements

   • smbclient.py: List the VSS snapshots for a specified path (by @rxwx).
   • GetUserSPNs.py: Added delegation information associated with accounts (by @G0ldenGunSec).
   • dpapi.py:
     • Added more functions to decrypt masterkeys based on SID + hashes/key. Also support supplying hashes instead of the password for decryption(by @dirkjanm).
     • Pass the hash support for backup key retrieval (by @imaibou).
     • Added feature to decrypt a user's masterkey using the MS-BKRP (by @imaibou).
   • raiseChild.py: Added a new flag to specify the RID of a user to dump credentials (by @0xdeaddood).
   • Added flags to bypass badly made detection use cases (by @MaxNad):
     • smbexec.py: Possibility to rename the PSExec uploaded binary name with the -remote-binary-name flag.
     • psexec.py: Possibility to use another service name with the -service-name flag.
   • ntlmrelayx.py:
     • Added a flag to use a SID as the escalate user for delegation attacks(by @0xe7).
     • Support for dumping LAPS passwords (by @praetorian-adam-crosser).
     • Added LDAP interactive mode that allow an attacker to manually perform basic operations like creating a new user, adding a user to a group , dump the AD, etc. (by @mlefebvre).
     • Support for multiple relays through one SMB connection (by @0xdeaddood).
     • Added support for dumping gMSA passwords (by @cube0x0).
   • ticketer.py: Added an option to use the SPNs keys from a keytab for a silver ticket.(by @kcirtapw)

3. New Examples

   • addcomputer.py: Allows add a computer to a domain using LDAP or SAMR (SMB) (by @jagotu)
   • ticketConverter.py: This script converts kirbi files, commonly used by mimikatz, into ccache files used by Impacket, and vice versa (by @zer1t0).
   • findDelegation.py: Simple script to quickly list all delegation relationships (unconstrained, constrained, resource-based constrained) in an AD environment (by @G0ldenGunSec).

As always, thanks a lot to all these contributors that make this library better every day (since last version):

@jagotu, @zer1t0 ,@rxwx, @mpgn, @danhph, @awsmhacks, @slasyz, @cnotin, @exploide, @G0ldenGunSec, @dirkjanm, @0xdeaddood, @MaxNad, @imaibou, @BarakSilverfort, @0xe7, @mlefebvre, @rmaksimov, @praetorian-adam-crosser, @jsherwood0, @mohemiv, @justin-p, @cube0x0, @spinenkoia, @kcirtapw, @MrAnde7son, @fridgehead, @MarioVilas.