Skip to content

Commit

Permalink
Merge branch 'fortra:master' into GetLoggedOn
Browse files Browse the repository at this point in the history
  • Loading branch information
GeisericII authored May 29, 2024
2 parents b89ef4e + 15eff88 commit edfe4b2
Show file tree
Hide file tree
Showing 55 changed files with 5,609 additions and 368 deletions.
38 changes: 38 additions & 0 deletions ChangeLog.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,44 @@ Project owner's main page is at www.coresecurity.com.
Complete list of changes can be found at:
https://github.com/fortra/impacket/commits/master

## Impacket v0.12.0-dev:
1. Library improvements
* Removed dsinternals dependency (@anadrianmanrique)
* Fixed srvs.hNetrShareEnum returning erronous shares (@cnotin)

2. Examples improvements
* [secretsdump.py](examples/secretsdump.py):
* Double DC Sync performance for DCs supporting SID lookups (@tomspencer)
* Added ability to skip dumping of SAM or SECURITY hives when performing remote operations (@RazzburyPi)
* Added ability to specify users to skip when dumping NTDS (@RazzburyPi)
* [ticketer.py](examples/ticketer.py):
* Support to create Sapphire tickets (@ShutdownRepo)
* [GetUserSPNs.py](examples/GetUserSPNs.py), [getTGT.py](examples/getTGT.py):
* Support for Kerberoasting without pre-authentication and ST request through AS-REQ (@ShutdownRepo)
* [wmiexec.py](examples/wmiexec.py):
* Fix kerberos with remoteHost & add '-target-ip'(@XiaoliChan)
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added the creation of a new machine account through SMB (@BlWasp)
* NTLMRelayX Multirelay fixes for target handling (@alexisbalbachan)
* Writes certificates to file rather than outputting b64 to console (@RazzburyPi)
* Improved ability to continue relaying to ADCS web enrollment endpoint in order to request multiple certificates for different users (@RazzburyPi)
* [getST.py](examples/getST.py):
* Added -self, -altservice and -u2u for S4U2self abuse, S4U2self+u2u, and service substitution (@ShutdownRepo)
* [reg.py](examples/reg.py):
* Start remote registry as unprivileged user in reg.py (@dadevel)
* [smbclient.py](examples/smbclient.py): Added ability to provide an output file that the smbclient mini shell will write commands and output to (@RazzburyPi)

3. New examples
* [describeTicket.py](examples/describeTicket.py): Ticket describer and decrypter. (@ShutdownRepo)
* [GetADComputers.py](examples/GetADComputers.py): Query's DC via LDAP and returns the COMPUTER objects and the useful attributes such as full dns name, operating system name and version. (@F-Masood)
* [readLAPS.py](examples/readLAPS.py): Tries to read all the LAPS password from the current domain computers. (@F-Masood)
* [dacledit.py](examples/dacledit.py): This script can be used to read, write, remove, backup, restore ACEs (Access Control Entries) in an object DACL (Discretionary Access Control List). (@_nwodtuhs) (@BlWasp_) (@Wlayzz)

As always, thanks a lot to all these contributors that make this library better every day (up to now):

@tomspencer @anadrianmanrique @ShutdownRepo @dadevel @gjhami @NtAlexio2 @F-Masood @BlWasp @gabrielg5 @XiaoliChan @omry99 @Wlayzz @themaks @alexisbalbachan @RazzburyPi

## Impacket v0.11.0 (Aug 2023):
1. Library improvements
* Added new Kerberos error codes (@ly4k).
Expand Down
28 changes: 21 additions & 7 deletions examples/DumpNTLMInfo.py
Original file line number Diff line number Diff line change
Expand Up @@ -479,16 +479,17 @@ def _get_my_name(self):


class DumpNtlm:
def __init__(self, ip, hostname, port) -> None:
def __init__(self, ip, hostname, port, protocol) -> None:
self.target = ip
self.hostname = hostname
self._sess_port = int(port)
self._protocol = protocol
self._timeout = 60

def DisplayInfo(self):
if self._sess_port in [139, 445]:
if self._protocol == 'SMB':
self.DisplaySmbInfo()
elif self._sess_port in [135]:
elif self._protocol == 'RPC':
self.DisplayRpcInfo()

def DisplayRpcInfo(self):
Expand Down Expand Up @@ -636,15 +637,27 @@ def __convert_size(self, size_bytes):
parser.add_argument('-target-ip', action='store', metavar="ip address",
help='IP Address of the target machine. If omitted it will use whatever was specified as target. '
'This is useful when target is the NetBIOS name and you cannot resolve it')
parser.add_argument('-port', choices=['135', '139', '445'], nargs='?', default='445', metavar="destination port",
help='Destination port to connect to SMB/RPC Server')
parser.add_argument('-port', type=int, default=445, metavar="destination port",
help='Destination port to connect to SMB/RPC Server')
parser.add_argument('-protocol', choices=['SMB', 'RPC'], nargs='?', metavar="protocol",
help='Protocol to use (SMB or RPC). Default is SMB, port 135 uses RPC normally.')

if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)

options = parser.parse_args()

if options.port == 135:
if not options.protocol:
options.protocol = 'RPC'
logging.info("Port 135 specified; using RPC protocol by default. Use `-protocol SMB` to force SMB protocol.")
elif options.protocol == 'SMB':
logging.info("Port 135 specified with SMB protocol. Are you sure you don't want `-protocol RPC`?")
elif not options.protocol:
options.protocol = 'SMB'
logging.info("Defaulting to SMB protocol.")

if options.debug is True:
logging.getLogger().setLevel(logging.DEBUG)
logging.debug(version.getInstallationPath())
Expand All @@ -653,9 +666,10 @@ def __convert_size(self, size_bytes):

try:
if options.target_ip is not None:
dumper = DumpNtlm(options.target_ip, options.target, int(options.port))
dumper = DumpNtlm(options.target_ip, options.target, int(options.port), options.protocol)
else:
dumper = DumpNtlm(options.target, options.target, int(options.port))
dumper = DumpNtlm(options.target, options.target, int(options.port), options.protocol)
logging.info("Using target: %s, IP: %s, Port: %d, Protocol: %s" % (options.target, options.target_ip or options.target, options.port, options.protocol) )
dumper.DisplayInfo()
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
Expand Down
Loading

0 comments on commit edfe4b2

Please sign in to comment.