File python-impacket.changes of Package python-impacket
-------------------------------------------------------------------
Wed Dec 4 18:27:21 UTC 2024 - Martin Hauke <mardnh@gmx.de>
- Skip test tests/SMB_RPC/test_smbserver.py to fix the actual
build failure.
-------------------------------------------------------------------
Tue Sep 17 08:55:05 UTC 2024 - Martin Hauke <mardnh@gmx.de>
- Update to version 0.12.0
Library improvements
* Fixed broken hRSetServiceObjectSecurity method.
* Removed dsinternals dependency.
* Fixed srvs.hNetrShareEnum returning erronous shares.
* Fixed lmhash computing to support non standard characters in
the password.
* Assorted fixes when processing Unicode data.
* Added [MS-GKDI] Group Key Distribution Protocol implementation.
* Fixed incorrect padding in
SMBSessionSetupAndX_Extended_ResponseData.
* Upgraded dependency pyreadline -> pyreadline3.
* SMB Server:
+ Added query information level 0x0109 for smb1
"SMB_QUERY_FILE_STREAM_INFO".
+ Fixed filename encoding in queryPathInformation.
+ Fixed NextEntryOffset for large directory listings.
+ Fixed server returning an empty folder when cutting and
pasting recursive directories.
* DHCP: Fixed encoding issues.
Example Improvements
* multiple improvements, see
https://github.com/fortra/impacket/releases/tag/impacket_0_12_0
New Examples
* describeTicket.py: Ticket describer and decrypter.
* GetADComputers.py: Query's DC via LDAP and returns the COMPUTER
objects and the useful attributes such as full dns name,
operating system name and version.
* GetLAPSPassword.py: Extract LAPS passwords from LDAP.
* dacledit.py: This script can be used to read, write, remove,
backup, restore ACEs (Access Control Entries) in an object
DACL (Discretionary Access Control List).
* owneredit.py: Added this script to abuse WriteOwner
(ADS_RIGHT_WRITE_OWNER) access rights. This allows to take
ownership of another object, and then edit that object's DACL.
- Remove patch:
* remove-future-requirement.patch (was merged upstream)
-------------------------------------------------------------------
Thu Nov 23 20:28:09 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Add python-dsinternals to BuildRequires
-------------------------------------------------------------------
Tue Sep 5 01:47:52 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
- Add patch remove-future-requirement.patch, remove future requirement.
- Switch to pyproject macros.
-------------------------------------------------------------------
Sun Aug 27 10:04:40 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 0.11.0
Library improvements
* Added new Kerberos error codes.
* Added [MS-TSTS] Terminal Services Terminal Server Runtime
Interface Protocol implementation.
* Changed the setting up for new SSL connections.
* Added a callback function to smbserver for incoming
authentications.
* Fix crash in winregistry.
* Fixes in IDispatch derived classes in comev implementation.
* Fix CVE-2020-17049 in ccache.py.
* Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination.
* tds: Fixed python3 incompatibility when receiving over TLS
socket.
* crypto: Ensure passwords are utf-8 encoded before deriving
Kerberos keys.
* ese: Fixed python3 incompatibility when reading from db.
* ldap queries: Escaped characters are now correctly parsed.
* Support SASL authentication in ldap protocol.
Examples improvements
* GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and
findDelegation.py:
+ Added dc-host option to connect to specific KDC using its
FQDN or NetBIOS name.
* GetNPUsers.py
+ Printing TGT in stdout despite -outputfile parameter.
+ Fixed output hash format for AES128/256 (etype 17/18).
* GetUserSPNs.py:
+ Added LDAP paged search
+ Added a -stealth flag to remove the SPN filter from the LDAP
query.
+ Improved searchFilter
+ Use LDAP paged search
* psexec.py:
+ Added support for name customization using a custom binary
file.
* smbexec.py:
+ Security fixes for privilege escalation vulnerabilities.
+ Fixed python3 compatibility issues, added workaround TCP
over NetBIOS being disabled.
* secretsdump.py:
+ Added a new option to extract only NTDS.DIT data for specific
users based on an LDAP filter.
+ Security fixes for privilege escalation vulnerabilities.
* mssqlclient.py:
+ Added multiple new commands. Now supports xp_dirtree execution
* ntlmrelayx.py:
+ Added ability to trigger SQLShell when running ntlmrelayx in
interactive mode.
+ Added filter option to the socks command in ntlmrelayx CLI.
+ Added ability to register DNS records through LDAP.
* addcomputer.py, rbcd.py:
+ Allow weak TLS ciphers for LDAP connections.
* Get-GPPPassword.py:
+ Better handling of various XML files in Group Policy
Preferences.
* smbclient.py:
+ Added recursive file listing.
* ticketer.py:
+ Ticket duration is now specified in hours instead of days.
+ Added extra-pac implementation.
New examples
* net.py
+ Implementation of windows net.exe builtin tool.
* changepasswd.py
+ New example that allows password changing or reseting through
multiple protocols.
* DumpNTLMInfo.py
+ New example that dumps remote host information in ntlm
authentication model, without credentials.
For SMB protocols v1, v2 and v3.
- Optimize spec file
* define a list of all the binaries and loop over this list when
needed.
-------------------------------------------------------------------
Fri Jun 2 09:28:21 UTC 2023 - pgajdos@suse.com
- update to version 0.10.0
* Dropped support for Python 2.7.
* Refactored the testing infrastructure (@martingalloar):
* Added `pytest` as the testing framework to organize and mark test
cases. `Tox` remain as the automation framework, and `Coverage.py`
for measuring code coverage.
* Custom bash scripts were replaced with test cases auto-discovery.
* Local and remote test cases were marked for easy run and configuration.
* DCE/RPC endpoint test cases were refactored and moved to a new layout.
* An initial testing guide with the main steps to prepare a testing environment and run them.
* Fixed a good amount of DCE/RPC endpoint test cases that were failing.
* Added tests for `[MS-PAR]`, `[MS-RPRN]`, CCache and DPAPI.
* Added a function to compute the Netlogon Authenticator at client-side in `[MS-NRPC]` (@0xdeaddood)
* Added `[MS-DSSP]` protocol implementation (@simondotsh)
* Added GetDriverDirectory functions to `[MS-PAR]` and `[MS-RPRN]` (@raithedavion)
* Refactored the Credential Cache:
* Added new parseFile function to ccache.py (@rmaksimov)
* Added support for loading CCache Version 3 (@reznok)
* Modified fromKRBCRED function used to load a Kirbi file (@0xdeaddood)
* Fixed Ccache to Kirbi conversion (@ShutdownRepo)
* Fixed default NTLM server challenge in smbserver (@rtpt-jonaslieb)
* Fixed WMI objects parsing (@franferrax)
* Added the RpcAddPrinterDriverEx method and related structures to `[MS-RPRN]`: Print System Remote Protocol (@cube0x0)
* Initial implementation of `[MS-PAR]`: Print System Asynchronous Remote Protocol (@cube0x0)
* Complying `[MS-RPCH]` with HTTP/1.1 (@mohemiv)
* Added return of server time in case of Kerberos error (@ShutdownRepo and @Hackndo)
-------------------------------------------------------------------
Wed Jun 9 17:17:37 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 0.9.23
Library improvements
* Support connect timeout with SMBTransport.
* Speeding up DcSync.
* Fixed Python3 issue when serving SOCKS5 requests.
* Fixed Path Traversal vulnerabilities in smbserver.py .
CVE-2021-31800
* Fixed POST request processing in httprelayserver.py .
* Added cat command to smbclient.py .
* Added new features to the LDAP Interactive Shell to facilitate
AD exploitation.
* Python 3.9 support
- Drop not longer needed patch:
* 1054.patch
-------------------------------------------------------------------
Sat Apr 24 15:41:05 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Python 3.9 is not supported yet - skip builds for now
-------------------------------------------------------------------
Mon Mar 1 19:38:00 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Fix TW build
-------------------------------------------------------------------
Mon Nov 23 15:13:51 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 0.9.22
Library improvements
* Added implementation of RPC over HTTP v2 protocol.
* Added MS-NSPI, MS-OXNSPI and MS-OXABREF protocol
implementations.
* Improved the multi-page results in LDAP queries.
* NDR parser optimization.
* Improved serialization of WMI method parameters.
* Introduce the MS-NLMP 2.2.2.10 VERSION structure in
NTLMAuthNegotiate messages.
* Added some NETLOGON structs for NetrServerPasswordSet2.
* Python 3.8 support.
Examples improvements
* atexec.py: Fixed after MS patches related to RPC attacks.
* dpapi.py: Added -no-pass, pass-the-hash and AES Key support
for backup subcommand.
* GetNPUsers.py: Added ability to enumerate targets with
Kerberos KRB5CC.
* GetUserSPNs.py: Added new features for kerberoasting.
* ntlmrelayx.py:
+ Added ability to relay on new Windows versions that have
SMB guest access disabled by default.
+ Added option to specify the NTLM Server Challenge used
when receiving a connection.
+ Added relaying to RPC support.
+ Implemented WCFRelayServer.
+ Added Zerologon DCSync Relay Client.
+ Fixed issue in ldapattack.py when relaying and creating
computer in CN=Computers.
+ rpcdump.py: Added RPC over HTTP v2 support.
+ secretsdump.py:
- Added ability to specifically delete a shadow based on
its ID.
- Dump plaintext machine account password when dumping the
local registry secrets.
New examples
* exchanger.py: A tool for connecting to MS Exchange via RPC
over HTTP v2.
* rpcmap.py: Scan for listening DCE/RPC interfaces.
-------------------------------------------------------------------
Wed Jul 8 11:47:03 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Initial package, version 0.9.21
