Impacket 0.11.0:

Project's main page at https://www.coresecurity.com/core-labs/open-source-tools/impacket

ChangeLog for 0.11.0:

1. Library improvements

   • Added new Kerberos error codes (@ly4k).
   • Added [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation (@nopernik).
   • Changed the setting up for new SSL connections (@mpgn, @CT-H00K and @0xdeaddood).
   • Added a callback function to smbserver for incoming authentications (@p0dalirius).
   • Fix crash in winregistry (@laxa)
   • Fixes in IDispatch derived classes in comev implementation (@NtAlexio2)
   • Fix CVE-2020-17049 in ccache.py (@godylockz)
   • Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination (@JerAxxxxxxx)
   • tds: Fixed python3 incompatibility when receiving over TLS socket (@exploide)
   • crypto: Ensure passwords are utf-8 encoded before deriving Kerberos keys (@jojonas)
   • ese: Fixed python3 incompatibility when reading from db (@alexisbalbachan)
   • ldap queries: Escaped characters are now correctly parsed (@alexisbalbachan)
   • Support SASL authentication in ldap protocol (@NtAlexio2)

2. Examples improvements

   • GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and findDelegation.py:
     • Added dc-host option to connect to specific KDC using its FQDN or NetBIOS name (@rmaksimov and @0xdeaddood).
   • GetNPUsers.py
     • Printing TGT in stdout despite -outputfile parameter (@alexisbalbachan and @Zamanry)
     • Fixed output hash format for AES128/256 (etype 17/18) (@erasmusc)
   • GetUserSPNs.py:
     • Added LDAP paged search (@ThePirateWhoSmellsOfSunflowers and @SAERXCIT).
     • Added a -stealth flag to remove the SPN filter from the LDAP query (@clavoillotte).
     • Improved searchFilter (@ShutdownRepo)
     • Use LDAP paged search (@ThePirateWhoSmellsOfSunflowers)
   • psexec.py:
     • Added support for name customization using a custom binary file (@Dramelac).
   • smbexec.py:
     • Security fixes for privilege escalation vulnerabilities (@bugch3ck).
     • Fixed python3 compatibility issues, added workaround TCP over NetBIOS being disabled (@ljrk0)
   • secretsdump.py:
     • Added a new option to extract only NTDS.DIT data for specific users based on an LDAP filter (@snovvcrash).
     • Security fixes for privilege escalation vulnerabilities (@bugch3ck).
   • mssqlclient.py:
     • Added multiple new commands. Now supports xp_dirtree execution (@Mayfly277, @trietend and @TurtleARM).
   • ntlmrelayx.py:
     • Added ability to trigger SQLShell when running ntlmrelayx in interactive mode (@sploutchy).
     • Added filter option to the socks command in ntlmrelayx CLI (@shoxxdj)
     • Added ability to register DNS records through LDAP.
   • addcomputer.py, rbcd.py:
     • Allow weak TLS ciphers for LDAP connections (@AdrianVollmer)
   • Get-GPPPassword.py:
     • Better handling of various XML files in Group Policy Preferences (@p0dalirius)
   • smbclient.py:
     • Added recursive file listing (@Sq00ky)
   • ticketer.py:
     • Ticket duration is now specified in hours instead of days (@Dramelac)
     • Added extra-pac implementation (@Dramelac)

3. New examples

   • net.py Implementation of windows net.exe builtin tool (@NtAlexio2)
   • changepasswd.py New example that allows password changing or reseting through multiple protocols (@Alef-Burzmali, @snovvcrash, @bransh, @api0cradle and @p0dalirius)
   • DumpNTLMInfo.py New example that dumps remote host information in ntlm authentication model, without credentials. For SMB protocols v1, v2 and v3. (@NtAlexio2)

As always, thanks a lot to all these contributors that make this library better every day (up to now):

@ly4k @nopernik @snovvcrash @ShutdownRepo @kiwids0220 @mpgn @CT-H00K @rmaksimov @arossert @aevy-syn @tirkarthi @p0dalirius @Dramelac @Mayfly277 @S3cur3Th1sSh1t @nobbd @AdrianVollmer @trietend @TurtleARM @ThePirateWhoSmellsOfSunflowers @SAERXCIT @clavoillotte @Marshall-Hallenbeck @sploutchy @almandin @rtpt-alexanderneumann @JerAxxxxxxx @NtAlexio2 @laxa @godylockz @exploide @jojonas @Zamanry @erasmusc @bugch3ck @ljrk0 @Sq00ky @shoxxdj @Alef-Burzmali @bransh @api0cradle @alexisbalbachan @0xdeaddood @sanmopre