From 0bbd8c1205a6c2e1d02a9d372a32f6b93dd0042257c432acbe0eba149d70928e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Tue, 29 Aug 2023 06:50:55 +0000 Subject: [PATCH] Accepting request 1107803 from home:mnhauke - Update to version 0.11.0 Library improvements * Added new Kerberos error codes. * Added [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation. * Changed the setting up for new SSL connections. * Added a callback function to smbserver for incoming authentications. * Fix crash in winregistry. * Fixes in IDispatch derived classes in comev implementation. * Fix CVE-2020-17049 in ccache.py. * Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination. * tds: Fixed python3 incompatibility when receiving over TLS socket. * crypto: Ensure passwords are utf-8 encoded before deriving Kerberos keys. * ese: Fixed python3 incompatibility when reading from db. * ldap queries: Escaped characters are now correctly parsed. * Support SASL authentication in ldap protocol. Examples improvements * GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and findDelegation.py: + Added dc-host option to connect to specific KDC using its FQDN or NetBIOS name. * GetNPUsers.py + Printing TGT in stdout despite -outputfile parameter. + Fixed output hash format for AES128/256 (etype 17/18). * GetUserSPNs.py: + Added LDAP paged search + Added a -stealth flag to remove the SPN filter from the LDAP OBS-URL: https://build.opensuse.org/request/show/1107803 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-impacket?expand=0&rev=13 --- impacket-0.10.0.tar.gz | 3 - impacket-0.11.0.tar.gz | 3 + python-impacket.changes | 79 ++++++++++++++++- python-impacket.spec | 190 ++++------------------------------------ 4 files changed, 99 insertions(+), 176 deletions(-) delete mode 100644 impacket-0.10.0.tar.gz create mode 100644 impacket-0.11.0.tar.gz diff --git a/impacket-0.10.0.tar.gz b/impacket-0.10.0.tar.gz deleted file mode 100644 index 0be965d..0000000 --- a/impacket-0.10.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b8eb020a2cbb47146669cfe31c64bb2e7d6499d049c493d6418b9716f5c74583 -size 1441120 diff --git a/impacket-0.11.0.tar.gz b/impacket-0.11.0.tar.gz new file mode 100644 index 0000000..36961c5 --- /dev/null +++ b/impacket-0.11.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ee4039b4d2aede8f5f64478bc59faac86036796be24dea8dc18f009fb0905e4a +size 1502931 diff --git a/python-impacket.changes b/python-impacket.changes index 242576e..58f8f6c 100644 --- a/python-impacket.changes +++ b/python-impacket.changes @@ -1,3 +1,81 @@ +------------------------------------------------------------------- +Sun Aug 27 10:04:40 UTC 2023 - Martin Hauke + +- Update to version 0.11.0 + Library improvements + * Added new Kerberos error codes. + * Added [MS-TSTS] Terminal Services Terminal Server Runtime + Interface Protocol implementation. + * Changed the setting up for new SSL connections. + * Added a callback function to smbserver for incoming + authentications. + * Fix crash in winregistry. + * Fixes in IDispatch derived classes in comev implementation. + * Fix CVE-2020-17049 in ccache.py. + * Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination. + * tds: Fixed python3 incompatibility when receiving over TLS + socket. + * crypto: Ensure passwords are utf-8 encoded before deriving + Kerberos keys. + * ese: Fixed python3 incompatibility when reading from db. + * ldap queries: Escaped characters are now correctly parsed. + * Support SASL authentication in ldap protocol. + Examples improvements + * GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and + findDelegation.py: + + Added dc-host option to connect to specific KDC using its + FQDN or NetBIOS name. + * GetNPUsers.py + + Printing TGT in stdout despite -outputfile parameter. + + Fixed output hash format for AES128/256 (etype 17/18). + * GetUserSPNs.py: + + Added LDAP paged search + + Added a -stealth flag to remove the SPN filter from the LDAP + query. + + Improved searchFilter + + Use LDAP paged search + * psexec.py: + + Added support for name customization using a custom binary + file. + * smbexec.py: + + Security fixes for privilege escalation vulnerabilities. + + Fixed python3 compatibility issues, added workaround TCP + over NetBIOS being disabled. + * secretsdump.py: + + Added a new option to extract only NTDS.DIT data for specific + users based on an LDAP filter. + + Security fixes for privilege escalation vulnerabilities. + * mssqlclient.py: + + Added multiple new commands. Now supports xp_dirtree execution + * ntlmrelayx.py: + + Added ability to trigger SQLShell when running ntlmrelayx in + interactive mode. + + Added filter option to the socks command in ntlmrelayx CLI. + + Added ability to register DNS records through LDAP. + * addcomputer.py, rbcd.py: + + Allow weak TLS ciphers for LDAP connections. + * Get-GPPPassword.py: + + Better handling of various XML files in Group Policy + Preferences. + * smbclient.py: + + Added recursive file listing. + * ticketer.py: + + Ticket duration is now specified in hours instead of days. + + Added extra-pac implementation. + New examples + * net.py + + Implementation of windows net.exe builtin tool. + * changepasswd.py + + New example that allows password changing or reseting through + multiple protocols. + * DumpNTLMInfo.py + + New example that dumps remote host information in ntlm + authentication model, without credentials. + For SMB protocols v1, v2 and v3. +- Optimize spec file + * define a list of all the binaries and loop over this list when + needed. + ------------------------------------------------------------------- Fri Jun 2 09:28:21 UTC 2023 - pgajdos@suse.com @@ -98,7 +176,6 @@ Mon Nov 23 15:13:51 UTC 2020 - Martin Hauke * exchanger.py: A tool for connecting to MS Exchange via RPC over HTTP v2. * rpcmap.py: Scan for listening DCE/RPC interfaces. - ------------------------------------------------------------------- Wed Jul 8 11:47:03 UTC 2020 - Martin Hauke diff --git a/python-impacket.spec b/python-impacket.spec index a62188b..48c4be7 100644 --- a/python-impacket.spec +++ b/python-impacket.spec @@ -2,7 +2,7 @@ # spec file for package python-impacket # # Copyright (c) 2023 SUSE LLC -# Copyright (c) 2020-2021, Martin Hauke +# Copyright (c) 2020-2023, Martin Hauke # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,20 +17,23 @@ # +%define binaries impacket-GetADUsers impacket-Get-GPPPassword impacket-GetNPUsers impacket-GetUserSPNs impacket-DumpNTLMInfo impacket-addcomputer impacket-atexec impacket-changepasswd impacket-dcomexec impacket-dpapi impacket-esentutl impacket-exchanger impacket-findDelegation impacket-getArch impacket-getPac impacket-getST impacket-getTGT impacket-goldenPac impacket-karmaSMB impacket-keylistattack impacket-kintercept impacket-lookupsid impacket-machine_role impacket-mimikatz impacket-mqtt_check impacket-mssqlclient impacket-mssqlinstance impacket-net impacket-netview impacket-nmapAnswerMachine impacket-ntfs-read impacket-ntlmrelayx impacket-ping impacket-ping6 impacket-psexec impacket-raiseChild impacket-rbcd impacket-rdp_check impacket-reg impacket-registry-read impacket-rpcmap impacket-rpcdump impacket-sambaPipe impacket-samrdump impacket-secretsdump impacket-services impacket-smbclient impacket-smbexec impacket-smbpasswd impacket-smbrelayx impacket-smbserver impacket-sniff impacket-sniffer impacket-split impacket-ticketConverter impacket-ticketer impacket-tstool impacket-wmiexec impacket-wmipersist impacket-wmiquery + Name: python-impacket -Version: 0.10.0 +Version: 0.11.0 Release: 0 Summary: Python3 module to easily build and dissect network protocols # License: modified Apache-1.1 (see file LICENSE) License: Apache-1.1 Group: Development/Languages/Python URL: https://www.secureauth.com/labs/open-source-tools/impacket +#Git-Clone: https://github.com/fortra/impacket.git Source: https://files.pythonhosted.org/packages/source/i/impacket/impacket-%{version}.tar.gz BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros Requires: python-Flask >= 1.0 -Requires: python-chardet +Requires: python-charset-normalizer Requires: python-future Requires: python-ldap3 >= 2.5 Requires: python-ldapdomaindump >= 0.9.0 @@ -77,63 +80,9 @@ sed -e '/^#!\//, 1d' -i \ %install %python_install %python_expand cd %{buildroot}%{_bindir} && find . -name "*.py" -exec sh -c 'mv $0 impacket-`basename "$0" .py`' '{}' \; - -%python_clone -a %{buildroot}%{_bindir}/impacket-GetADUsers -%python_clone -a %{buildroot}%{_bindir}/impacket-Get-GPPPassword -%python_clone -a %{buildroot}%{_bindir}/impacket-GetNPUsers -%python_clone -a %{buildroot}%{_bindir}/impacket-GetUserSPNs -%python_clone -a %{buildroot}%{_bindir}/impacket-addcomputer -%python_clone -a %{buildroot}%{_bindir}/impacket-atexec -%python_clone -a %{buildroot}%{_bindir}/impacket-dcomexec -%python_clone -a %{buildroot}%{_bindir}/impacket-dpapi -%python_clone -a %{buildroot}%{_bindir}/impacket-esentutl -%python_clone -a %{buildroot}%{_bindir}/impacket-exchanger -%python_clone -a %{buildroot}%{_bindir}/impacket-findDelegation -%python_clone -a %{buildroot}%{_bindir}/impacket-getArch -%python_clone -a %{buildroot}%{_bindir}/impacket-getPac -%python_clone -a %{buildroot}%{_bindir}/impacket-getST -%python_clone -a %{buildroot}%{_bindir}/impacket-getTGT -%python_clone -a %{buildroot}%{_bindir}/impacket-goldenPac -%python_clone -a %{buildroot}%{_bindir}/impacket-karmaSMB -%python_clone -a %{buildroot}%{_bindir}/impacket-keylistattack -%python_clone -a %{buildroot}%{_bindir}/impacket-kintercept -%python_clone -a %{buildroot}%{_bindir}/impacket-lookupsid -%python_clone -a %{buildroot}%{_bindir}/impacket-machine_role -%python_clone -a %{buildroot}%{_bindir}/impacket-mimikatz -%python_clone -a %{buildroot}%{_bindir}/impacket-mqtt_check -%python_clone -a %{buildroot}%{_bindir}/impacket-mssqlclient -%python_clone -a %{buildroot}%{_bindir}/impacket-mssqlinstance -%python_clone -a %{buildroot}%{_bindir}/impacket-netview -%python_clone -a %{buildroot}%{_bindir}/impacket-nmapAnswerMachine -%python_clone -a %{buildroot}%{_bindir}/impacket-ntfs-read -%python_clone -a %{buildroot}%{_bindir}/impacket-ntlmrelayx -%python_clone -a %{buildroot}%{_bindir}/impacket-ping -%python_clone -a %{buildroot}%{_bindir}/impacket-ping6 -%python_clone -a %{buildroot}%{_bindir}/impacket-psexec -%python_clone -a %{buildroot}%{_bindir}/impacket-raiseChild -%python_clone -a %{buildroot}%{_bindir}/impacket-rbcd -%python_clone -a %{buildroot}%{_bindir}/impacket-rdp_check -%python_clone -a %{buildroot}%{_bindir}/impacket-reg -%python_clone -a %{buildroot}%{_bindir}/impacket-registry-read -%python_clone -a %{buildroot}%{_bindir}/impacket-rpcmap -%python_clone -a %{buildroot}%{_bindir}/impacket-rpcdump -%python_clone -a %{buildroot}%{_bindir}/impacket-sambaPipe -%python_clone -a %{buildroot}%{_bindir}/impacket-samrdump -%python_clone -a %{buildroot}%{_bindir}/impacket-secretsdump -%python_clone -a %{buildroot}%{_bindir}/impacket-services -%python_clone -a %{buildroot}%{_bindir}/impacket-smbclient -%python_clone -a %{buildroot}%{_bindir}/impacket-smbexec -%python_clone -a %{buildroot}%{_bindir}/impacket-smbpasswd -%python_clone -a %{buildroot}%{_bindir}/impacket-smbrelayx -%python_clone -a %{buildroot}%{_bindir}/impacket-smbserver -%python_clone -a %{buildroot}%{_bindir}/impacket-sniff -%python_clone -a %{buildroot}%{_bindir}/impacket-sniffer -%python_clone -a %{buildroot}%{_bindir}/impacket-split -%python_clone -a %{buildroot}%{_bindir}/impacket-ticketConverter -%python_clone -a %{buildroot}%{_bindir}/impacket-ticketer -%python_clone -a %{buildroot}%{_bindir}/impacket-wmiexec -%python_clone -a %{buildroot}%{_bindir}/impacket-wmipersist -%python_clone -a %{buildroot}%{_bindir}/impacket-wmiquery +for b in %{binaries}; do + %python_clone -a %{buildroot}%{_bindir}/$b +done # %python_expand rm -f %{buildroot}%{_datadir}/doc/impacket/LICENSE %python_expand rm -f %{buildroot}%{_datadir}/doc/impacket/README.md @@ -142,64 +91,14 @@ sed -e '/^#!\//, 1d' -i \ %python_expand rm %{buildroot}%{_bindir}/_current_flavor %post -%python_install_alternative impacket-GetADUsers -%python_install_alternative impacket-GetNPUsers -%python_install_alternative impacket-Get-GPPPassword -%python_install_alternative impacket-GetUserSPNs -%python_install_alternative impacket-addcomputer -%python_install_alternative impacket-atexec -%python_install_alternative impacket-dcomexec -%python_install_alternative impacket-dpapi -%python_install_alternative impacket-esentutl -%python_install_alternative impacket-exchanger -%python_install_alternative impacket-findDelegation -%python_install_alternative impacket-getArch -%python_install_alternative impacket-getPac -%python_install_alternative impacket-getST -%python_install_alternative impacket-getTGT -%python_install_alternative impacket-goldenPac -%python_install_alternative impacket-karmaSMB -%python_install_alternative impacket-keylistattack -%python_install_alternative impacket-kintercept -%python_install_alternative impacket-lookupsid -%python_install_alternative impacket-machine_role +%{lua:for b in rpm.expand("%{binaries}"):gmatch("%S+") do + print(rpm.expand("%python_install_alternative " .. b .. "\n")) +end} %postun -%python_uninstall_alternative impacket-mimikatz -%python_uninstall_alternative impacket-mqtt_check -%python_uninstall_alternative impacket-mssqlclient -%python_uninstall_alternative impacket-mssqlinstance -%python_uninstall_alternative impacket-netview -%python_uninstall_alternative impacket-nmapAnswerMachine -%python_uninstall_alternative impacket-ntfs-read -%python_uninstall_alternative impacket-ntlmrelayx -%python_uninstall_alternative impacket-ping -%python_uninstall_alternative impacket-ping6 -%python_uninstall_alternative impacket-psexec -%python_uninstall_alternative impacket-raiseChild -%python_uninstall_alternative impacket-rbcd -%python_uninstall_alternative impacket-rdp_check -%python_uninstall_alternative impacket-reg -%python_uninstall_alternative impacket-registry-read -%python_uninstall_alternative impacket-rpcmap -%python_uninstall_alternative impacket-rpcdump -%python_uninstall_alternative impacket-sambaPipe -%python_uninstall_alternative impacket-samrdump -%python_uninstall_alternative impacket-secretsdump -%python_uninstall_alternative impacket-services -%python_uninstall_alternative impacket-smbclient -%python_uninstall_alternative impacket-smbexec -%python_uninstall_alternative impacket-smbrelayx -%python_uninstall_alternative impacket-smbpasswd -%python_uninstall_alternative impacket-smbserver -%python_uninstall_alternative impacket-sniff -%python_uninstall_alternative impacket-sniffer -%python_uninstall_alternative impacket-split -%python_uninstall_alternative impacket-ticketConverter -%python_uninstall_alternative impacket-ticketer -%python_uninstall_alternative impacket-wmiexec -%python_uninstall_alternative impacket-wmipersist -%python_uninstall_alternative impacket-wmiquery +%{lua:for b in rpm.expand("%{binaries}"):gmatch("%S+") do + print(rpm.expand("%python_uninstall_alternative " .. b .. "\n")) +end} %check # Don't run tests that require online connections @@ -239,62 +138,9 @@ rm tests/misc/test_structure.py %files %{python_files} %license LICENSE %doc ChangeLog.md README.md -%python_alternative %{_bindir}/impacket-GetADUsers -%python_alternative %{_bindir}/impacket-Get-GPPPassword -%python_alternative %{_bindir}/impacket-GetNPUsers -%python_alternative %{_bindir}/impacket-GetUserSPNs -%python_alternative %{_bindir}/impacket-addcomputer -%python_alternative %{_bindir}/impacket-atexec -%python_alternative %{_bindir}/impacket-dcomexec -%python_alternative %{_bindir}/impacket-dpapi -%python_alternative %{_bindir}/impacket-esentutl -%python_alternative %{_bindir}/impacket-exchanger -%python_alternative %{_bindir}/impacket-findDelegation -%python_alternative %{_bindir}/impacket-getArch -%python_alternative %{_bindir}/impacket-getPac -%python_alternative %{_bindir}/impacket-getST -%python_alternative %{_bindir}/impacket-getTGT -%python_alternative %{_bindir}/impacket-goldenPac -%python_alternative %{_bindir}/impacket-karmaSMB -%python_alternative %{_bindir}/impacket-keylistattack -%python_alternative %{_bindir}/impacket-kintercept -%python_alternative %{_bindir}/impacket-lookupsid -%python_alternative %{_bindir}/impacket-machine_role -%python_alternative %{_bindir}/impacket-mimikatz -%python_alternative %{_bindir}/impacket-mqtt_check -%python_alternative %{_bindir}/impacket-mssqlclient -%python_alternative %{_bindir}/impacket-mssqlinstance -%python_alternative %{_bindir}/impacket-netview -%python_alternative %{_bindir}/impacket-nmapAnswerMachine -%python_alternative %{_bindir}/impacket-ntfs-read -%python_alternative %{_bindir}/impacket-ntlmrelayx -%python_alternative %{_bindir}/impacket-ping -%python_alternative %{_bindir}/impacket-ping6 -%python_alternative %{_bindir}/impacket-psexec -%python_alternative %{_bindir}/impacket-raiseChild -%python_alternative %{_bindir}/impacket-rbcd -%python_alternative %{_bindir}/impacket-rdp_check -%python_alternative %{_bindir}/impacket-reg -%python_alternative %{_bindir}/impacket-registry-read -%python_alternative %{_bindir}/impacket-rpcmap -%python_alternative %{_bindir}/impacket-rpcdump -%python_alternative %{_bindir}/impacket-sambaPipe -%python_alternative %{_bindir}/impacket-samrdump -%python_alternative %{_bindir}/impacket-secretsdump -%python_alternative %{_bindir}/impacket-services -%python_alternative %{_bindir}/impacket-smbclient -%python_alternative %{_bindir}/impacket-smbexec -%python_alternative %{_bindir}/impacket-smbrelayx -%python_alternative %{_bindir}/impacket-smbpasswd -%python_alternative %{_bindir}/impacket-smbserver -%python_alternative %{_bindir}/impacket-sniff -%python_alternative %{_bindir}/impacket-sniffer -%python_alternative %{_bindir}/impacket-split -%python_alternative %{_bindir}/impacket-ticketConverter -%python_alternative %{_bindir}/impacket-ticketer -%python_alternative %{_bindir}/impacket-wmiexec -%python_alternative %{_bindir}/impacket-wmipersist -%python_alternative %{_bindir}/impacket-wmiquery +%{lua:for b in rpm.expand("%{binaries}"):gmatch("%S+") do + print(rpm.expand("%python_alternative %{_bindir}/" .. b .. "\n")) +end} %{python_sitelib}/impacket* %changelog