Impacket

1. Library improvements
* New methods into `CCache` class to import/export kirbi (`KRB-CRED`) formatted tickets (by Zer1t0).
* Add `FSCTL_SRV_ENUMERATE_SNAPSHOTS` functionality to `SMBConnection` (by rxwx).
* Changes in NetBIOS classes in `nmb.py` (`select()` by `poll()` read from socket) (by cnotin).
* Timestamped logging added.
* Interactive shell to perform LDAP operations (by mlefebvre).
* Added two DCE/RPC calls in `tsch.py` (by mohemiv).
* Single-source the version number and standardize on semantic + pre-release + local versioning (by jsherwood0).
* Added implementation for keytab files (by kcirtapw).
* Added SMB 3.1.1 support for Client SMB Connections.

2. Examples improvements
* [smbclient.py](examples/smbclient.py):
* List the VSS snapshots for a specified path (by rxwx).
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Added delegation information associated with accounts (by G0ldenGunSec).
* [dpapi.py](examples/dpapi.py):
* Added more functions to decrypt masterkeys based on SID + hashes/key. Also support supplying hashes instead of the password for decryption(by dirkjanm).
* Pass the hash support for backup key retrieval (by imaibou).
* Added feature to decrypt a user's masterkey using the MS-BKRP (by imaibou).
* [raiseChild.py](examples/raiseChild.py):
* Added a new flag to specify the RID of a user to dump credentials (by 0xdeaddood).
* Added flags to bypass badly made detection use cases (by MaxNad):
* [smbexec.py](examples/smbexec.py):
* Possibility to rename the PSExec uploaded binary name with the `-remote-binary-name` flag.
* [psexec.py](examples/psexec.py):
* Possibility to use another service name with the `-service-name` flag.
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added a flag to use a SID as the escalate user for delegation attacks (by 0xe7).
* Support for dumping LAPS passwords (by praetorian-adam-crosser).
* Added LDAP interactive mode that allow an attacker to manually perform basic operations
like creating a new user, adding a user to a group , dump the AD, etc. (by mlefebvre).
* Support for multiple relays through one SMB connection (by 0xdeaddood).
* Added support for dumping gMSA passwords (by cube0x0).
* [ticketer.py](examples/ticketer.py):
* Added an option to use the SPNs keys from a keytab for a silver ticket(by kcirtapw)

3. New Examples
- [addcomputer.py](examples/addcomputer.py): Allows add a computer to a domain using LDAP
or SAMR (SMB) (by jagotu)
- [ticketConverter.py](examples/ticketConverter.py): This script converts kirbi files,
commonly used by mimikatz, into ccache files used by Impacket, and vice versa (by Zer1t0).
- [findDelegation.py](examples/findDelegation.py): Simple script to quickly list all
delegation relationships (unconstrained, constrained, resource-based constrained) in
an AD environment (by G0ldenGunSec).

As always, thanks a lot to all these contributors that make this library better every day (since last version):

jagotu, Zer1t0 ,rxwx, mpgn, danhph, awsmhacks, slasyz, cnotin, exploide, G0ldenGunSec, dirkjanm, 0xdeaddood, MaxNad, imaibou, BarakSilverfort, 0xe7, mlefebvre, rmaksimov, praetorian-adam-crosser, jsherwood0, mohemiv, justin-p, cube0x0, spinenkoia, kcirtapw, MrAnde7son, fridgehead, MarioVilas.

1. Library improvements
* Python 3.6 support! This is the first release supporting Python 3.x so please issue tickets
whenever you find something not working as expected. Libraries and examples should be fully
functional.
* Test coverage [improvements](https://github.com/SecureAuthCorp/impacket/pull/540) by infinnovation-dev
* Anonymous SMB 2.x Connections are not encrypted anymore (by cnotin)
* Support for [multiple PEKs](https://github.com/SecureAuthCorp/impacket/pull/618) when decrypting Windows 2016 DIT files (by mikeryan)

2. Examples improvements
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* [CVE-2019-1019](https://github.com/SecureAuthCorp/impacket/pull/635): Bypass SMB singing for unpatched (by msimakov)
* Added [POC](https://github.com/SecureAuthCorp/impacket/pull/637) code for CVE-2019-1040 (by dirkjanm)
* Added NTLM relays leveraging [Webdav](https://github.com/SecureAuthCorp/impacket/pull/652) authentications (by salu90)

3. New Examples
* [kintercept.py](examples/kintercept.py): A tool for intercepting krb5 connections and for
testing KDC handling S4U2Self with unkeyed checksum (by iboukris)

As always, thanks a lot to all these contributors that make this library better every day (since last version):

infinnovation-dev, cnotin, mikeryan, SR4ven, cclauss, skorov, msimakov, dirkjanm, franferrax, iboukris, n1ngod, c0d3z3r0, MrAnde7son.

1. Library improvements
* [[MS-EVEN]](impacket/dcerpc/v5/even.py) Interface implementation (Initial - by MrAnde7son )

2. Examples improvements
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Socks local admin check (by imaibou)
* Add Resource Based Delegation features (by dirkjanm)
* [smbclient.py](examples/smbclient.py):
* Added ability to create/remove mount points to exploit James Forshaw's
[Abusing Mount Points over the SMB Protocol](https://tyranidslair.blogspot.com/2018/12/abusing-mount-points-over-smb-protocol.html) technique (by Qwokka)
* [GetST.py](examples/getST.py):
* Added resource-based constrained delegation support to S4U (eladshamir)
* [GetNPUsers.py](examples/GetNPUsers.py):
* Added hashcat/john format and users file input (by Zer1t0)

As always, thanks a lot to all these contributors that make this library better every day (since last version):

dirkjanm, MrAnde7son, ibo, franferrax, Qwokka, CaledoniaProject , eladshamir, Zer1t0, martingalloar, muizzk, Petraea, SR4ven, Fist0urs, Zer1t0.

1. Library improvements
* Replace unmaintained PyCrypto for pycryptodome (dirkjanm)
* Using cryptographically secure pseudo-random generators
* Kerberos "no pre-auth and RC4" handling in GetKerberosTGT (by qlemaire)
* Test cases adjustments, travis and flake support (cclauss)
* Python3 test cases fixes (eldipa)
* Adding DPAPI / Vaults related structures and functions to decrypt secrets
* [[MS-RPRN]](impacket/dcerpc/v5/rprn.py) Interface implementation (Initial)

2. Examples improvements
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Optimize ACL enumeration and improve error handling in ntlmrelayx LDAP attack (by dirkjanm)
* [secretsdump.py](examples/secretsdump.py):
* Added dumping of machine account Kerberos keys (dirkjanm). `DPAPI_SYSTEM` LSA Secret is now parsed and key contents are shown.
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Bugfixes and cross-domain support (dirkjanm)

3. New Examples
* [dpapi.py](examples/dpapi.py): Allows decrypting vaults, credentials and masterkeys protected by DPAPI. Domain backup key support added by MrAnde7son

As always, thanks a lot to all these contributors that make this library better every day (since last version):

dirkjanm, MrAnde7son, franferrax, MrRobot86, qlemaire, cauan, eldipa.

1. Library improvements
* New `[MS-PAC]` [Implementation](impacket/krb5/pac.py).
* [LDAP engine](impacket/ldap): Added extensibleMatch string filter parsing, simple
paging support and handling of unsolicited notification (by kacpern)
* [ImpactDecoder](impacket/ImpactDecoder.py): Add `EAPOL`, `BOOTP` and `DHCP` packet
decoders (by Michael Niewoehner)
* [Kerberos engine](impacket/krb5): `DES-CBC-MD5` support to kerberos added (by skelsec)
* [SMB3 engine](https://github.com/SecureAuthCorp/impacket/commit/f62fc5c3946430374f92404e892f8c48943d411c): If target server supports SMB >= 3, encrypt packets by default.
* Initial `[MS-DHCPM]` and `[MS-EVEN6]` Interface implementation by MrAnde7son
* Major improvements to the [NetBIOS layer](https://github.com/SecureAuthCorp/impacket/commit/0808e45b796741aea4162bd756e3f54522e8045b).
More use of [structure.py](impacket/structure.py) in there.
* [MQTT](https://github.com/SecureAuthCorp/impacket/commit/8cef002928ca52be4e9476a87a54d836b5efa81e) Protocol Implementation and example.
* Tox/Coverage Support added, test cases moved to its own directory. Major overhaul.
* Many fixes and improvements in Kerberos, SMB and DCERPC (too much to name in a few lines).

2. Examples improvements
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* `-request-user` parameter added. Requests STs for the SPN associated to the user
specified. Added support for AES Kerberoast tickets (by elitest).
* [services.py](examples/services.py):
* Added port 139 support and related options (by real-datagram).
* [samrdump.py](examples/samrdump.py):
* `-csv` switch to output format in CSV added.
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Major architecture overhaul. Now working mostly through dynamically loaded plugins. SOCKS proxy support for relayed connections. Specific attacks for every protocol and new protocols support (IMAP, POP3, SMTP). Awesome contributions by dirkjanm.
* [secretsdump.py](examples/secretsdump.py):
* AES(128) support for SAM hashes decryption. OldVal parameter dump added to LSA
secrets dump (by Ramzeth).
* [mssqlclient.py](examples/mssqlclient.py):
* Alternative method to execute cmd's on MSSQL (sp_start_job). (by Kayzaks).
* [lsalookupsid.py](examples/lsalookupsid.py):
* Added no-pass and domain-users options (by ropnop).

3. New Examples
* [ticketer.py](examples/ticketer.py): Create Golden/Silver tickets from scratch or
based on a template (legally requested from the KDC) allowing you to customize
some of the parameters set inside the `PAC_LOGON_INFO` structure, in particular the
groups, extrasids, duration, etc. Silver tickets creation by machosec and bransh.
* [GetADUsers.py](examples/GetADUsers.py): Gathers data about the domain's users and
their corresponding email addresses. It will also include some extra information
about last logon and last password set attributes.
* [getPac.py](examples/getPac.py): Gets the PAC (Privilege Attribute Certificate)
structure of the specified target user just having a normal authenticated user
credentials. It does so by using a mix of `[MS-SFU]`'s `S4USelf` + User to User
Kerberos Authentication.
* [getArch.py](examples/getArch.py): Will connect against a target (or list of targets)
machine/s and gather the OS architecture type installed by (ab)using a documented MSRPC feature.
* [mimikatz.py](examples/mimikatz.py): Mini shell to control a remote mimikatz RPC
server developed by gentilkiwi.
* [sambaPipe.py](examples/sambaPipe.py): Will exploit CVE-2017-7494, uploading and
executing the shared library specified by the user through the `-so` parameter.
* [dcomexec.py](examples/dcomexec.py): A semi-interactive shell similar to `wmiexec.py`,
but using different DCOM endpoints. Currently supports `MMC20.Application`, `ShellWindows` and
`ShellBrowserWindow` objects. (contributions by byt3bl33d3r).
* [getTGT.py](examples/getTGT.py): Given a password, hash or aesKey, this script will
request a TGT and save it as ccache.
* [getST.py](examples/getST.py): Given a password, hash, aesKey or TGT in ccache, this
script will request a Service Ticket and save it as ccache. If the account has constrained
delegation (with protocol transition) privileges you will be able to use the `-impersonate`
switch to request the ticket on behalf other user.

As always, thanks a lot to all these contributors that make this library better every day (since last version):

dirkjanm, real-datagram, kacpern, martinuy, xelphene, blark, the-useless-one, contactr2m, droc, martingalloar, skelsec, franferrax, Fr0stbyt3, ropnop, MrAnde7son, machosec, federicoemartinez, elitest, symeonp, Kanda-Motohiro, Ramzeth, mohemiv, arch4ngel, derekchentrendmicro, Kayzaks, donwayo, bao7uo, byt3bl33d3r, xambroz, luzpaz, TheNaterz, Mikkgn, derUnbekannt.

1. Library improvements
* `SMB3.create`: define `CreateContextsOffset` and `CreateContextsLength` when applicable (by rrerolle)
* Retrieve user principal name from `CCache` file allowing to call any script with `-k` and just the target system (by MrTchuss)
* Packet fragmentation for DCE RPC layer mayor overhaul.
* Improved pass-the-key attacks scenarios (by skelsec)
* Adding a minimalistic LDAP/s implementation (supports PtH/PtT/PtK). Only search is available (and you need to
build the search filter yourself)
* IPv6 improvements for DCERPC/LDAP and Kerberos

2. Examples improvements
* Adding `-dc-ip` switch to all examples. It allows specifying what the IP for the domain is.
It assumes the DC and KDC resides in the same server.
* `secretsdump.py`:
* Adding support for Win2016 TP4 in LOCAL or `-use-vss` mode
* Adding `-just-dc-user` switch to download just a single user data (DRSUAPI mode only)
* Support for different ReplEpoch (DRSUAPI only)
* pwdLastSet is also included in the output file
* New structures/flags added for 2016 TP5 PAM support
* `wmiquery.py`:
* Adding `-rpc-auth-level` switch (by gadio)
* `smbrelayx.py`:
* Added option to specify authentication status code to be sent to requesting client (by mgeeky)
* Added one-shot parameter. After successful authentication, only execute the attack once for each target (per protocol)

3. New Examples
* `GetUserSPNs.py`: This module will try to find Service Principal Names that are associated with normal user account.
This is part of the kerberoast attack researched by Tim Medin (timmedin)
* `ntlmrelayx.py`: `smbrelayx.py` on steroids!. NTLM relay attack from/to multiple protocols (HTTP/SMB/LDAP/MSSQL/etc)
(by dirkjanm)