2024-12-04 22:13:10 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 4 18:27:21 UTC 2024 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Skip test tests/SMB_RPC/test_smbserver.py to fix the actual
|
|
|
|
|
build failure.
|
|
|
|
|
|
2024-09-17 12:26:51 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 17 08:55:05 UTC 2024 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.12.0
|
|
|
|
|
Library improvements
|
|
|
|
|
* Fixed broken hRSetServiceObjectSecurity method.
|
|
|
|
|
* Removed dsinternals dependency.
|
|
|
|
|
* Fixed srvs.hNetrShareEnum returning erronous shares.
|
|
|
|
|
* Fixed lmhash computing to support non standard characters in
|
|
|
|
|
the password.
|
|
|
|
|
* Assorted fixes when processing Unicode data.
|
|
|
|
|
* Added [MS-GKDI] Group Key Distribution Protocol implementation.
|
|
|
|
|
* Fixed incorrect padding in
|
|
|
|
|
SMBSessionSetupAndX_Extended_ResponseData.
|
|
|
|
|
* Upgraded dependency pyreadline -> pyreadline3.
|
|
|
|
|
* SMB Server:
|
|
|
|
|
+ Added query information level 0x0109 for smb1
|
|
|
|
|
"SMB_QUERY_FILE_STREAM_INFO".
|
|
|
|
|
+ Fixed filename encoding in queryPathInformation.
|
|
|
|
|
+ Fixed NextEntryOffset for large directory listings.
|
|
|
|
|
+ Fixed server returning an empty folder when cutting and
|
|
|
|
|
pasting recursive directories.
|
|
|
|
|
* DHCP: Fixed encoding issues.
|
|
|
|
|
Example Improvements
|
|
|
|
|
* multiple improvements, see
|
|
|
|
|
https://github.com/fortra/impacket/releases/tag/impacket_0_12_0
|
|
|
|
|
New Examples
|
|
|
|
|
* describeTicket.py: Ticket describer and decrypter.
|
|
|
|
|
* GetADComputers.py: Query's DC via LDAP and returns the COMPUTER
|
|
|
|
|
objects and the useful attributes such as full dns name,
|
|
|
|
|
operating system name and version.
|
|
|
|
|
* GetLAPSPassword.py: Extract LAPS passwords from LDAP.
|
|
|
|
|
* dacledit.py: This script can be used to read, write, remove,
|
|
|
|
|
backup, restore ACEs (Access Control Entries) in an object
|
|
|
|
|
DACL (Discretionary Access Control List).
|
|
|
|
|
* owneredit.py: Added this script to abuse WriteOwner
|
|
|
|
|
(ADS_RIGHT_WRITE_OWNER) access rights. This allows to take
|
|
|
|
|
ownership of another object, and then edit that object's DACL.
|
|
|
|
|
- Remove patch:
|
|
|
|
|
* remove-future-requirement.patch (was merged upstream)
|
|
|
|
|
|
2023-11-24 06:30:22 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 23 20:28:09 UTC 2023 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Add python-dsinternals to BuildRequires
|
|
|
|
|
|
2023-09-05 01:48:28 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 5 01:47:52 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
|
|
|
|
|
|
|
|
|
|
- Add patch remove-future-requirement.patch, remove future requirement.
|
|
|
|
|
- Switch to pyproject macros.
|
|
|
|
|
|
2023-08-29 06:50:55 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Aug 27 10:04:40 UTC 2023 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.11.0
|
|
|
|
|
Library improvements
|
|
|
|
|
* Added new Kerberos error codes.
|
|
|
|
|
* Added [MS-TSTS] Terminal Services Terminal Server Runtime
|
|
|
|
|
Interface Protocol implementation.
|
|
|
|
|
* Changed the setting up for new SSL connections.
|
|
|
|
|
* Added a callback function to smbserver for incoming
|
|
|
|
|
authentications.
|
|
|
|
|
* Fix crash in winregistry.
|
|
|
|
|
* Fixes in IDispatch derived classes in comev implementation.
|
|
|
|
|
* Fix CVE-2020-17049 in ccache.py.
|
|
|
|
|
* Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination.
|
|
|
|
|
* tds: Fixed python3 incompatibility when receiving over TLS
|
|
|
|
|
socket.
|
|
|
|
|
* crypto: Ensure passwords are utf-8 encoded before deriving
|
|
|
|
|
Kerberos keys.
|
|
|
|
|
* ese: Fixed python3 incompatibility when reading from db.
|
|
|
|
|
* ldap queries: Escaped characters are now correctly parsed.
|
|
|
|
|
* Support SASL authentication in ldap protocol.
|
|
|
|
|
Examples improvements
|
|
|
|
|
* GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and
|
|
|
|
|
findDelegation.py:
|
|
|
|
|
+ Added dc-host option to connect to specific KDC using its
|
|
|
|
|
FQDN or NetBIOS name.
|
|
|
|
|
* GetNPUsers.py
|
|
|
|
|
+ Printing TGT in stdout despite -outputfile parameter.
|
|
|
|
|
+ Fixed output hash format for AES128/256 (etype 17/18).
|
|
|
|
|
* GetUserSPNs.py:
|
|
|
|
|
+ Added LDAP paged search
|
|
|
|
|
+ Added a -stealth flag to remove the SPN filter from the LDAP
|
|
|
|
|
query.
|
|
|
|
|
+ Improved searchFilter
|
|
|
|
|
+ Use LDAP paged search
|
|
|
|
|
* psexec.py:
|
|
|
|
|
+ Added support for name customization using a custom binary
|
|
|
|
|
file.
|
|
|
|
|
* smbexec.py:
|
|
|
|
|
+ Security fixes for privilege escalation vulnerabilities.
|
|
|
|
|
+ Fixed python3 compatibility issues, added workaround TCP
|
|
|
|
|
over NetBIOS being disabled.
|
|
|
|
|
* secretsdump.py:
|
|
|
|
|
+ Added a new option to extract only NTDS.DIT data for specific
|
|
|
|
|
users based on an LDAP filter.
|
|
|
|
|
+ Security fixes for privilege escalation vulnerabilities.
|
|
|
|
|
* mssqlclient.py:
|
|
|
|
|
+ Added multiple new commands. Now supports xp_dirtree execution
|
|
|
|
|
* ntlmrelayx.py:
|
|
|
|
|
+ Added ability to trigger SQLShell when running ntlmrelayx in
|
|
|
|
|
interactive mode.
|
|
|
|
|
+ Added filter option to the socks command in ntlmrelayx CLI.
|
|
|
|
|
+ Added ability to register DNS records through LDAP.
|
|
|
|
|
* addcomputer.py, rbcd.py:
|
|
|
|
|
+ Allow weak TLS ciphers for LDAP connections.
|
|
|
|
|
* Get-GPPPassword.py:
|
|
|
|
|
+ Better handling of various XML files in Group Policy
|
|
|
|
|
Preferences.
|
|
|
|
|
* smbclient.py:
|
|
|
|
|
+ Added recursive file listing.
|
|
|
|
|
* ticketer.py:
|
|
|
|
|
+ Ticket duration is now specified in hours instead of days.
|
|
|
|
|
+ Added extra-pac implementation.
|
|
|
|
|
New examples
|
|
|
|
|
* net.py
|
|
|
|
|
+ Implementation of windows net.exe builtin tool.
|
|
|
|
|
* changepasswd.py
|
|
|
|
|
+ New example that allows password changing or reseting through
|
|
|
|
|
multiple protocols.
|
|
|
|
|
* DumpNTLMInfo.py
|
|
|
|
|
+ New example that dumps remote host information in ntlm
|
|
|
|
|
authentication model, without credentials.
|
|
|
|
|
For SMB protocols v1, v2 and v3.
|
|
|
|
|
- Optimize spec file
|
|
|
|
|
* define a list of all the binaries and loop over this list when
|
|
|
|
|
needed.
|
|
|
|
|
|
2023-06-02 21:16:35 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 2 09:28:21 UTC 2023 - pgajdos@suse.com
|
|
|
|
|
|
|
|
|
|
- update to version 0.10.0
|
|
|
|
|
* Dropped support for Python 2.7.
|
|
|
|
|
* Refactored the testing infrastructure (@martingalloar):
|
|
|
|
|
* Added `pytest` as the testing framework to organize and mark test
|
|
|
|
|
cases. `Tox` remain as the automation framework, and `Coverage.py`
|
|
|
|
|
for measuring code coverage.
|
|
|
|
|
* Custom bash scripts were replaced with test cases auto-discovery.
|
|
|
|
|
* Local and remote test cases were marked for easy run and configuration.
|
|
|
|
|
* DCE/RPC endpoint test cases were refactored and moved to a new layout.
|
|
|
|
|
* An initial testing guide with the main steps to prepare a testing environment and run them.
|
|
|
|
|
* Fixed a good amount of DCE/RPC endpoint test cases that were failing.
|
|
|
|
|
* Added tests for `[MS-PAR]`, `[MS-RPRN]`, CCache and DPAPI.
|
|
|
|
|
* Added a function to compute the Netlogon Authenticator at client-side in `[MS-NRPC]` (@0xdeaddood)
|
|
|
|
|
* Added `[MS-DSSP]` protocol implementation (@simondotsh)
|
|
|
|
|
* Added GetDriverDirectory functions to `[MS-PAR]` and `[MS-RPRN]` (@raithedavion)
|
|
|
|
|
* Refactored the Credential Cache:
|
|
|
|
|
* Added new parseFile function to ccache.py (@rmaksimov)
|
|
|
|
|
* Added support for loading CCache Version 3 (@reznok)
|
|
|
|
|
* Modified fromKRBCRED function used to load a Kirbi file (@0xdeaddood)
|
|
|
|
|
* Fixed Ccache to Kirbi conversion (@ShutdownRepo)
|
|
|
|
|
* Fixed default NTLM server challenge in smbserver (@rtpt-jonaslieb)
|
|
|
|
|
* Fixed WMI objects parsing (@franferrax)
|
|
|
|
|
* Added the RpcAddPrinterDriverEx method and related structures to `[MS-RPRN]`: Print System Remote Protocol (@cube0x0)
|
|
|
|
|
* Initial implementation of `[MS-PAR]`: Print System Asynchronous Remote Protocol (@cube0x0)
|
|
|
|
|
* Complying `[MS-RPCH]` with HTTP/1.1 (@mohemiv)
|
|
|
|
|
* Added return of server time in case of Kerberos error (@ShutdownRepo and @Hackndo)
|
|
|
|
|
|
2021-06-10 08:21:32 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 9 17:17:37 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.9.23
|
|
|
|
|
Library improvements
|
|
|
|
|
* Support connect timeout with SMBTransport.
|
|
|
|
|
* Speeding up DcSync.
|
|
|
|
|
* Fixed Python3 issue when serving SOCKS5 requests.
|
|
|
|
|
* Fixed Path Traversal vulnerabilities in smbserver.py .
|
|
|
|
|
CVE-2021-31800
|
|
|
|
|
* Fixed POST request processing in httprelayserver.py .
|
|
|
|
|
* Added cat command to smbclient.py .
|
|
|
|
|
* Added new features to the LDAP Interactive Shell to facilitate
|
|
|
|
|
AD exploitation.
|
|
|
|
|
* Python 3.9 support
|
|
|
|
|
- Drop not longer needed patch:
|
|
|
|
|
* 1054.patch
|
|
|
|
|
|
2021-03-03 08:46:11 +00:00
|
|
|
-------------------------------------------------------------------
|
2021-04-26 10:12:17 +00:00
|
|
|
Sat Apr 24 15:41:05 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Python 3.9 is not supported yet - skip builds for now
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-03-03 08:46:11 +00:00
|
|
|
Mon Mar 1 19:38:00 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Fix TW build
|
|
|
|
|
|
2020-11-25 16:43:50 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 23 15:13:51 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.9.22
|
|
|
|
|
Library improvements
|
|
|
|
|
* Added implementation of RPC over HTTP v2 protocol.
|
|
|
|
|
* Added MS-NSPI, MS-OXNSPI and MS-OXABREF protocol
|
|
|
|
|
implementations.
|
|
|
|
|
* Improved the multi-page results in LDAP queries.
|
|
|
|
|
* NDR parser optimization.
|
|
|
|
|
* Improved serialization of WMI method parameters.
|
|
|
|
|
* Introduce the MS-NLMP 2.2.2.10 VERSION structure in
|
|
|
|
|
NTLMAuthNegotiate messages.
|
|
|
|
|
* Added some NETLOGON structs for NetrServerPasswordSet2.
|
|
|
|
|
* Python 3.8 support.
|
|
|
|
|
Examples improvements
|
|
|
|
|
* atexec.py: Fixed after MS patches related to RPC attacks.
|
|
|
|
|
* dpapi.py: Added -no-pass, pass-the-hash and AES Key support
|
|
|
|
|
for backup subcommand.
|
|
|
|
|
* GetNPUsers.py: Added ability to enumerate targets with
|
|
|
|
|
Kerberos KRB5CC.
|
|
|
|
|
* GetUserSPNs.py: Added new features for kerberoasting.
|
|
|
|
|
* ntlmrelayx.py:
|
|
|
|
|
+ Added ability to relay on new Windows versions that have
|
|
|
|
|
SMB guest access disabled by default.
|
|
|
|
|
+ Added option to specify the NTLM Server Challenge used
|
|
|
|
|
when receiving a connection.
|
|
|
|
|
+ Added relaying to RPC support.
|
|
|
|
|
+ Implemented WCFRelayServer.
|
|
|
|
|
+ Added Zerologon DCSync Relay Client.
|
|
|
|
|
+ Fixed issue in ldapattack.py when relaying and creating
|
|
|
|
|
computer in CN=Computers.
|
|
|
|
|
+ rpcdump.py: Added RPC over HTTP v2 support.
|
|
|
|
|
+ secretsdump.py:
|
|
|
|
|
- Added ability to specifically delete a shadow based on
|
|
|
|
|
its ID.
|
|
|
|
|
- Dump plaintext machine account password when dumping the
|
|
|
|
|
local registry secrets.
|
|
|
|
|
New examples
|
|
|
|
|
* exchanger.py: A tool for connecting to MS Exchange via RPC
|
|
|
|
|
over HTTP v2.
|
|
|
|
|
* rpcmap.py: Scan for listening DCE/RPC interfaces.
|
2020-08-26 12:00:52 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 8 11:47:03 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
|
|
|
|
|
|
- Initial package, version 0.9.21
|
