Impacket v0.11 releases: collection of Python classes for working with network protocols

What is Impacket?

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object-oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.

A description of some of the tools can be found here.

What protocols are featured?

• Ethernet, Linux “Cooked” capture.
• IP, TCP, UDP, ICMP, IGMP, ARP.
• IPv4 and IPv6 Support.
• NMB and SMB1, SMB2 and SMB3 (high-level implementations).
• MSRPC version 5, over different transports: TCP, SMB/TCP, SMB/NetBIOS, and HTTP.
• Plain, NTLM, and Kerberos authentications, using password/hashes/tickets/keys.
• Portions/full implementation of the following MSRPC interfaces: EPM, DTYPES, LSAD, LSAT, NRPC, RRP, SAMR, SRVS, WKST, SCMR, BKRP, DHCPM, EVEN6, MGMT, SASEC, TSCH, DCOM, WMI, OXABREF, NSPI, OXNSPI.
• Portions of TDS (MSSQL) and LDAP protocol implementations.

Changelog v0.11

1. Library improvements
   • Added new Kerberos error codes (@ly4k).
   • Added [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation (@nopernik).
   • Changed the setting up for new SSL connections (@mpgn, @CT-H00K and @0xdeaddood).
   • Added a callback function to smbserver for incoming authentications (@p0dalirius).
   • Fix crash in winregistry (@laxa)
   • Fixes in IDispatch derived classes in comev implementation (@NtAlexio2)
   • Fix CVE-2020-17049 in ccache.py (@godylockz)
   • Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination (@JerAxxxxxxx)
   • tds: Fixed python3 incompatibility when receiving over TLS socket (@exploide)
   • crypto: Ensure passwords are utf-8 encoded before deriving Kerberos keys (@jojonas)
   • ese: Fixed python3 incompatibility when reading from db (@alexisbalbachan)
   • ldap queries: Escaped characters are now correctly parsed (@alexisbalbachan)
   • Support SASL authentication in ldap protocol (@NtAlexio2)
2. Examples improvements
   • GetADUsers.py, GetNPUsers.py, GetUserSPNs.py and findDelegation.py:
     • Added dc-host option to connect to specific KDC using its FQDN or NetBIOS name (@rmaksimov and @0xdeaddood).
   • GetNPUsers.py
     • Printing TGT in stdout despite -outputfile parameter (@alexisbalbachan and @Zamanry)
     • Fixed output hash format for AES128/256 (etype 17/18) (@erasmusc)
   • GetUserSPNs.py:
     • Added LDAP paged search (@ThePirateWhoSmellsOfSunflowers and @SAERXCIT).
     • Added a -stealth flag to remove the SPN filter from the LDAP query (@clavoillotte).
     • Improved searchFilter (@ShutdownRepo)
     • Use LDAP paged search (@ThePirateWhoSmellsOfSunflowers)
   • psexec.py:
     • Added support for name customization using a custom binary file (@Dramelac).
   • smbexec.py:
     • Security fixes for privilege escalation vulnerabilities (@bugch3ck).
     • Fixed python3 compatibility issues, added workaround TCP over NetBIOS being disabled (@ljrk0)
   • secretsdump.py:
     • Added a new option to extract only NTDS.DIT data for specific users based on an LDAP filter (@snovvcrash).
     • Security fixes for privilege escalation vulnerabilities (@bugch3ck).
   • mssqlclient.py:
     • Added multiple new commands. Now supports xp_dirtree execution (@Mayfly277, @trietend and @TurtleARM).
   • ntlmrelayx.py:
     • Added ability to trigger SQLShell when running ntlmrelayx in interactive mode (@sploutchy).
     • Added filter option to the socks command in ntlmrelayx CLI (@shoxxdj)
     • Added ability to register DNS records through LDAP.
   • addcomputer.py, rbcd.py:
     • Allow weak TLS ciphers for LDAP connections (@AdrianVollmer)
   • Get-GPPPassword.py:
     • Better handling of various XML files in Group Policy Preferences (@p0dalirius)
   • smbclient.py:
     • Added recursive file listing (@Sq00ky)
   • ticketer.py:
     • Ticket duration is now specified in hours instead of days (@Dramelac)
     • Added extra-pac implementation (@Dramelac)
3. New examples
   • net.py Implementation of windows net.exe builtin tool (@NtAlexio2)
   • changepasswd.py New example that allows password changing or reseting through multiple protocols (@Alef-Burzmali, @snovvcrash, @bransh, @api0cradle and @p0dalirius)
   • DumpNTLMInfo.py New example that dumps remote host information in ntlm authentication model, without credentials. For SMB protocols v1, v2 and v3. (@NtAlexio2)

Install & Use