Impacket

1. Library improvements
* `[MS-TSCH]` - ATSVC, SASec and ITaskSchedulerService Interface implementations
* `[MS-DRSR]` - Directory Replication Service DRSUAPI Interface implementation
* Network Data Representation (NDR) runtime overhaul. Big performance and reliability improvements achieved
* Unicode support (optional) for the SMBv1 stack (by rdubourguais)
* NTLMv2 enforcement option on SMBv1 client stack (by scriptjunkie)
* Kerberos support for TDS (MSSQL)
* Extended present flags support on RadioTap class
* Old DCERPC runtime code removed

2. Examples improvements
* `mssqlclient.py`:
* Added Kerberos authentication support
* `atexec.py`:
* It now uses ITaskSchedulerService interface, adding support for Windows 2012 R2
* `smbrelayx.py`:
* If no file to upload and execute is specified (-E) it just dumps the target user's hashes by default
* Added -c option to execute custom commands in the target (by byt3bl33d3r)
* `secretsdump.py`:
* Active Directory hashes/Kerberos keys are dumped using `[MS-DRSR]` (`IDL_DRSGetNCChanges` method)
by default. VSS method is still available by using the -use-vss switch
* Added `-just-dc` (Extract only NTDS.DIT NTLM Hashes and Kerberos) and
`-just-dc-ntlm` (only NTDS.DIT NTLM Hashes) options
* Added resume capability (only for NTDS in DRSUAPI mode) in case the connection drops.
Use `-resumefile` option.
* Added Primary:CLEARTEXT Property from supplementalCredentials attribute dump (`[MS-SAMR]` `3.1.1.8.11.5`)
* Add support for multiple password encryption keys (PEK) (by s0crat)
* `goldenPac.py`:
* Tests all DCs in domain and adding forest's enterprise admin group inside PAC

3. New examples
* `raiseChild.py`: Child domain to forest privilege escalation exploit. Implements a
child-domain to forest privilegeescalation as [detailed by Sean Metcalf](https://adsecurity.org/?p=1640).
* `netview.py`: Gets a list of the sessions opened at the remote hosts and keep track of them (original idea by mubix)

1. Library improvements
* Kerberos support for SMB and DCERPC featuring:
* `kerberosLogin()` added to SMBConnection (all SMB versions).
* Support for `RPC_C_AUTHN_GSS_NEGOTIATE` at the DCERPC layer. This will
negotiate Kerberos. This also includes DCOM.
* Pass-the-hash, pass-the-ticket and pass-the-key support.
* Ccache support, compatible with Kerberos utilities (kinit, klist, etc).
* Support for `RC4`, `AES128_CTS_HMAC_SHA1_96` and `AES256_CTS_HMAC_SHA1_96` ciphers.
* Support for `RPC_C_AUTHN_LEVEL_PKT_PRIVACY`/`RPC_C_AUTHN_LEVEL_PKT_INTEGRITY`.
* `[MS-SAMR]`: Supplemental Credentials support (used by secretsdump.py)
* SMBSERVER improvements:
* SMB2 (2.002) dialect experimental support.
* Adding capability to export to John The Ripper format files
* Library logging overhaul. Now there's a single logger called `impacket`.

2. Examples improvements
* Added Kerberos support to all modules (incl. pass-the-ticket/key)
* Ported most of the modules to the new dcerpc.v5 runtime.
* `secretsdump.py`:
* Added dumping Kerberos keys when parsing NTDS.DIT
* `smbserver.py`:
* Support for SMB2 (not enabled by default)
* `smbrelayx.py`:
* Added support for MS15-027 exploitation.

3. New examples
* `goldenPac.py`: MS14-068 exploit. Saves the golden ticket and also launches a
psexec session at the target.
* `karmaSMB.py`: SMB Server that answers specific file contents regardless of
the SMB share and pathname requested.
* `wmipersist.py`: Creates persistence over WMI. Adds/Removes WMI Event
Consumers/Filters to execute VBS based on a WQL filter or timer specified.

1. Library improvements
* The following protocols were added based on its standard definition
* `[MS-DCOM]` - Distributed Component Object module Protocol (`dcom.py`)
* `[MS-OAUT]` - OLE Automation Protocol (`dcom/oaut.py`)
* `[MS-WMI]`/`[MS-WMIO]` : Windows Management Instrumentation Remote Protocol (`dcom/wmi.py`)

2. New examples
* `wmiquery.py`: executes WMI queries and get WMI object's descriptions.
* `wmiexec.py`: agent-less, semi-interactive shell using WMI.
* `smbserver.py`: quick an easy way to share files using the SMB protocol.

1. Library improvements
* New RPC and NDR runtime (located at `impacket.dcerpc.v5`, old one still available)
* Support marshaling/unmarshaling for NDR20 and NDR64 (experimental)
* Support for `RPC_C_AUTHN_NETLOGON` (experimental)
* The following interface were developed based on its standard definition:
* `[MS-LSAD]` - Local Security Authority (Domain Policy) Remote Protocol (lsad.py)
* `[MS-LSAT]` - Local Security Authority (Translation Methods) Remote Protocol (lsat.py)
* `[MS-NRPC]` - Netlogon Remote Protocol (nrpc.py)
* `[MS-RRP]` - Windows Remote Registry Protocol (rrp.py)
* `[MS-SAMR]` - Security Account Manager (SAM) Remote Protocol (samr.py)
* `[MS-SCMR]` - Service Control Manager Remote Protocol (scmr.py)
* `[MS-SRVS]` - Server Service Remote Protocol (srvs.py)
* `[MS-WKST]` - Workstation Service Remote Protocol (wkst.py)
* `[MS-RPCE]-C706` - Remote Procedure Call Protocol Extensions (epm.py)
* `[MS-DTYP]` - Windows Data Types (dtypes.py)
* Most of the DCE Calls have helper functions for easier use. Test cases added for
all calls (check the test cases directory)
* ESE parser (Extensive Storage Engine) (ese.py)
* Windows Registry parser (winregistry.py)
* TDS protocol now supports SSL, can be used from mssqlclient
* Support for EAPOL, EAP and WPS decoders
* VLAN tagging (IEEE 802.1Q and 802.1ad) support for ImpactPacket, done by dan.pisi

2. New examples
* `rdp_check.py`: tests whether an account (pwd or hashes) is valid against an RDP server
* `esentutl.py`: ESE example to show how to interact with ESE databases (e.g. NTDS.dit)
* `ntfs-read.py`: mini shell for browsing an NTFS volume
* `registry-read.py`: Windows offline registry reader
* `secretsdump.py`: agent-less remote windows secrets dump (SAM, LSA, CDC, NTDS)

1. Library improvements
* SMB version 2 and 3 protocol support (`[MS-SMB2]`). Signing supported, encryption for
SMB3 still pending.
* Added a SMBConnection layer on top of each SMB specific protocol. Much simpler and
SMB version independent. It will pick the best SMB Version when connecting against the
target. Check `smbconnection.py` for a list of available methods across all the protocols.
* Partial TDS implementation (`[MS-TDS]` & `[MC-SQLR]`) so we could talk with MSSQL Servers.
* Unicode support for the smbserver. Newer OSX won't connect to a non unicode SMB Server.
* DCERPC Endpoints' new calls
* EPM: `lookup()`: It can work as a general portmapper, or just to find specific interfaces/objects.

2. New examples
* `mssqlclient.py`: A MS SQL client, allowing to do MS SQL or Windows Authentication (accepts hashes) and then gives
you an SQL prompt for your pleasure.
* `mssqlinstance.py`: Lists the MS SQL instances running on a target machine.
* `rpcdump.py`: Output changed. Hopefully more useful. Parsed all the Windows Protocol Specification looking for the
UUIDs used and that information is included as well. This could be helpful when reading a portmap output and to
develop new functionality to interact against a target interface.
* `smbexec.py`: Another alternative to psexec. Less capabilities but might work on tight AV environments. Based on the
technique described at https://www.optiv.com/blog/owning-computers-without-shell-access. It also
supports instantiating a local smbserver to receive the output of the commandos executed for those situations
where no share is available on the other end.
* `smbrelayx.py`: It now also listens on port 80 and forwards/reflects the credentials accordingly.

And finally tons of fixes :).

1. Library improvements
* Added 802.11 packets encoding/decoding
* Addition of support for IP6, ICMP6 and NDP packets. Addition of `IP6_Address` helper class.
* SMB/DCERPC:
* GSS-API/SPNEGO Support.
* SPN support in auth blob.
* NTLM2 and NTLMv2 support.
* Default SMB port now 445. If `*SMBSERVER` is specified the library will try to resolve the netbios name.
* Pass the hash supported for SMB/DCE-RPC.
* IPv6 support for SMB/NMB/DCERPC.
* DOMAIN support for authentication.
* SMB signing support when server enforces it.
* DCERPC signing/sealing for all NTLM flavours.
* DCERPC transport now accepts an already established SMB connection.
* Basic SMBServer implementation in Python. It allows third-party DCE-RPC servers to handle DCERPC Request (by
forwarding named pipes requests).
* Minimalistic SRVSVC dcerpc server to be used by SMBServer in order to avoid Windows 7 nasty bug when that pipe's
not functional.
* DCERPC Endpoints' new calls:
* `SRVSVC`: `NetrShareEnum(Level1)`, `NetrShareGetInfo(Level2)`, `NetrServerGetInfo(Level2)`,
`NetrRemoteTOD()`, `NetprNameCanonicalize()`.
* `SVCCTL`: `CloseServiceHandle()`, `OpenSCManagerW()`, `CreateServiceW()`, `StartServiceW()`,
`OpenServiceW()`, `OpenServiceA()`, `StopService()`, `DeleteService()`, `EnumServicesStatusW()`,
`QueryServiceStatus()`, `QueryServiceConfigW()`.
* `WKSSVC`: `NetrWkstaTransportEnum()`.
* `SAMR`: `OpenAlias()`, `GetMembersInAlias()`.
* `LSARPC`: `LsarOpenPolicy2()`, `LsarLookupSids()`, `LsarClose()`.

2. New examples
* `ifmap.py`: First, this binds to the MGMT interface and gets a list of interface IDs. It adds to this a large list
of interface UUIDs seen in the wild. It then tries to bind to each interface and reports whether the interface is
listed and/or listening.
* `lookupsid.py`: DCE/RPC lookup sid brute forcer example.
* `opdump.py`: This binds to the given hostname:port and DCERPC interface. Then, it tries to call each of the first
256 operation numbers in turn and reports the outcome of each call.
* `services.py`: SVCCTL services common functions for manipulating services (START/STOP/DELETE/STATUS/CONFIG/LIST).
* `test_wkssvc`: DCE/RPC WKSSVC examples, playing with the functions Implemented.
* `smbrelayx`: Passes credentials to a third party server when doing MiTM.
* `smbserver`: Multiprocess/threading smbserver supporting common file server functions. Authentication all done but
not enforced. Tested under Windows, Linux and MacOS clients.
* `smbclient.py`: now supports history, new commands also added.
* `psexec.py`: Execute remote commands on Windows machines