From db71504529008bdbdd900549f6e4293be2e32c88 Mon Sep 17 00:00:00 2001 From: ThePirateWhoSmellsOfSunflowers Date: Thu, 24 Oct 2024 13:52:37 +0200 Subject: [PATCH 1/2] add LDAP_SERVER_SD_FLAGS enum (#1841) --- impacket/ldap/ldaptypes.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/impacket/ldap/ldaptypes.py b/impacket/ldap/ldaptypes.py index dbf7d8cf5..13b5c6dca 100644 --- a/impacket/ldap/ldaptypes.py +++ b/impacket/ldap/ldaptypes.py @@ -18,6 +18,7 @@ # from struct import unpack, pack from impacket.structure import Structure +from enum import Enum # Global constant if the library should recalculate ACE sizes in objects that are decoded/re-encoded. # This defaults to True, but this causes the ACLs to not match on a binary level @@ -493,3 +494,11 @@ def getData(self): b'user': 'bf967aba-0de6-11d0-a285-00aa003049e2', b'groupPolicyContainer': 'f30e3bc2-9ff0-11d1-b603-0000f80367c1' } + +# https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3888c2b7-35b9-45b7-afeb-b772aa932dd0 +class LDAP_SERVER_SD_FLAGS(Enum): + OWNER_SECURITY_INFORMATION = 0x1 + GROUP_SECURITY_INFORMATION = 0x2 + DACL_SECURITY_INFORMATION = 0x4 + SACL_SECURITY_INFORMATION = 0x8 + From 835e17550b57606ee3c681ae1c3f0edea096ec19 Mon Sep 17 00:00:00 2001 From: Jannik Vieten Date: Thu, 24 Oct 2024 14:00:11 +0200 Subject: [PATCH 2/2] Fixed warnings with Python 3.12 (#1695) * fixed SyntaxWarnings due to invalid escape sequence * fixed DeprecationWarning since datetime.datetime.utcnow() is deprecated in Python 3.12+ * fixed DeprecationWarning since datetime.datetime.utcfromtimestamp() is deprecated in Python 3.12+ --- examples/GetNPUsers.py | 2 +- examples/addcomputer.py | 2 +- examples/dacledit.py | 38 ++++++++++++++++---------------- examples/getPac.py | 4 ++-- examples/getST.py | 12 +++++----- examples/goldenPac.py | 4 ++-- examples/owneredit.py | 38 ++++++++++++++++---------------- examples/raiseChild.py | 2 +- examples/rbcd.py | 2 +- examples/reg.py | 12 +++++----- examples/ticketer.py | 14 ++++++------ impacket/dpapi.py | 6 ++--- impacket/examples/secretsdump.py | 14 ++++++------ impacket/krb5/ccache.py | 8 +++---- impacket/krb5/kerberosv5.py | 14 ++++++------ impacket/krb5/kpasswd.py | 2 +- impacket/ldap/ldap.py | 2 +- impacket/smb.py | 4 ++-- impacket/smb3.py | 2 +- impacket/tds.py | 2 +- 20 files changed, 92 insertions(+), 92 deletions(-) diff --git a/examples/GetNPUsers.py b/examples/GetNPUsers.py index 23d47d9dc..3b718f55c 100755 --- a/examples/GetNPUsers.py +++ b/examples/GetNPUsers.py @@ -162,7 +162,7 @@ def getTGT(self, userName, requestPAC=True): reqBody['realm'] = domain - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['rtime'] = KerberosTime.to_asn1(now) reqBody['nonce'] = random.getrandbits(31) diff --git a/examples/addcomputer.py b/examples/addcomputer.py index 1eb66ccb8..120428bb6 100755 --- a/examples/addcomputer.py +++ b/examples/addcomputer.py @@ -357,7 +357,7 @@ def LDAP3KerberosLogin(self, connection, user, password, domain='', lmhash='', n authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/examples/dacledit.py b/examples/dacledit.py index 225b1d007..00fbb93af 100755 --- a/examples/dacledit.py +++ b/examples/dacledit.py @@ -98,7 +98,7 @@ 'S-1-5-64-14': 'SChannel Authentication', 'S-1-5-64-21': 'Digest Authority', 'S-1-5-80': 'NT Service', - 'S-1-5-83-0': 'NT VIRTUAL MACHINE\Virtual Machines', + 'S-1-5-83-0': 'NT VIRTUAL MACHINE\\Virtual Machines', 'S-1-16-0': 'Untrusted Mandatory Level', 'S-1-16-4096': 'Low Mandatory Level', 'S-1-16-8192': 'Medium Mandatory Level', @@ -107,24 +107,24 @@ 'S-1-16-16384': 'System Mandatory Level', 'S-1-16-20480': 'Protected Process Mandatory Level', 'S-1-16-28672': 'Secure Process Mandatory Level', - 'S-1-5-32-554': 'BUILTIN\Pre-Windows 2000 Compatible Access', - 'S-1-5-32-555': 'BUILTIN\Remote Desktop Users', - 'S-1-5-32-557': 'BUILTIN\Incoming Forest Trust Builders', + 'S-1-5-32-554': 'BUILTIN\\Pre-Windows 2000 Compatible Access', + 'S-1-5-32-555': 'BUILTIN\\Remote Desktop Users', + 'S-1-5-32-557': 'BUILTIN\\Incoming Forest Trust Builders', 'S-1-5-32-556': 'BUILTIN\\Network Configuration Operators', - 'S-1-5-32-558': 'BUILTIN\Performance Monitor Users', - 'S-1-5-32-559': 'BUILTIN\Performance Log Users', - 'S-1-5-32-560': 'BUILTIN\Windows Authorization Access Group', - 'S-1-5-32-561': 'BUILTIN\Terminal Server License Servers', - 'S-1-5-32-562': 'BUILTIN\Distributed COM Users', - 'S-1-5-32-569': 'BUILTIN\Cryptographic Operators', - 'S-1-5-32-573': 'BUILTIN\Event Log Readers', - 'S-1-5-32-574': 'BUILTIN\Certificate Service DCOM Access', - 'S-1-5-32-575': 'BUILTIN\RDS Remote Access Servers', - 'S-1-5-32-576': 'BUILTIN\RDS Endpoint Servers', - 'S-1-5-32-577': 'BUILTIN\RDS Management Servers', - 'S-1-5-32-578': 'BUILTIN\Hyper-V Administrators', - 'S-1-5-32-579': 'BUILTIN\Access Control Assistance Operators', - 'S-1-5-32-580': 'BUILTIN\Remote Management Users', + 'S-1-5-32-558': 'BUILTIN\\Performance Monitor Users', + 'S-1-5-32-559': 'BUILTIN\\Performance Log Users', + 'S-1-5-32-560': 'BUILTIN\\Windows Authorization Access Group', + 'S-1-5-32-561': 'BUILTIN\\Terminal Server License Servers', + 'S-1-5-32-562': 'BUILTIN\\Distributed COM Users', + 'S-1-5-32-569': 'BUILTIN\\Cryptographic Operators', + 'S-1-5-32-573': 'BUILTIN\\Event Log Readers', + 'S-1-5-32-574': 'BUILTIN\\Certificate Service DCOM Access', + 'S-1-5-32-575': 'BUILTIN\\RDS Remote Access Servers', + 'S-1-5-32-576': 'BUILTIN\\RDS Endpoint Servers', + 'S-1-5-32-577': 'BUILTIN\\RDS Management Servers', + 'S-1-5-32-578': 'BUILTIN\\Hyper-V Administrators', + 'S-1-5-32-579': 'BUILTIN\\Access Control Assistance Operators', + 'S-1-5-32-580': 'BUILTIN\\Remote Management Users', } @@ -873,7 +873,7 @@ def ldap3_kerberos_login(connection, target, user, password, domain='', lmhash=' authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/examples/getPac.py b/examples/getPac.py index 6fa2c044b..61d6cb1fc 100755 --- a/examples/getPac.py +++ b/examples/getPac.py @@ -148,7 +148,7 @@ def dump(self): seq_set(authenticator, 'cname', clientName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) @@ -238,7 +238,7 @@ def dump(self): seq_set(reqBody, 'sname', serverName.components_to_asn1) reqBody['realm'] = str(decodedTGT['crealm']) - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = random.getrandbits(31) diff --git a/examples/getST.py b/examples/getST.py index 0240d2d35..c9b0536a7 100755 --- a/examples/getST.py +++ b/examples/getST.py @@ -284,7 +284,7 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey seq_set(authenticator, 'cname', clientName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) @@ -336,7 +336,7 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey myTicket = ticket.to_asn1(TicketAsn1()) seq_set_iter(reqBody, 'additional-tickets', (myTicket,)) - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = random.getrandbits(31) @@ -377,7 +377,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost) seq_set(authenticator, 'cname', clientName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) @@ -474,7 +474,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost) seq_set(reqBody, 'sname', serverName.components_to_asn1) reqBody['realm'] = str(decodedTGT['crealm']) - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = random.getrandbits(31) @@ -604,7 +604,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost) seq_set(authenticator, 'cname', clientName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) @@ -656,7 +656,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost) myTicket = ticket.to_asn1(TicketAsn1()) seq_set_iter(reqBody, 'additional-tickets', (myTicket,)) - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = random.getrandbits(31) diff --git a/examples/goldenPac.py b/examples/goldenPac.py index 005a644e5..452731e9e 100755 --- a/examples/goldenPac.py +++ b/examples/goldenPac.py @@ -720,7 +720,7 @@ def getKerberosTGS(self, serverName, domain, kdcHost, tgt, cipher, sessionKey, a seq_set(reqBody, 'sname', serverName.components_to_asn1) reqBody['realm'] = decodedTGT['crealm'].prettyPrint() - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = random.SystemRandom().getrandbits(31) @@ -746,7 +746,7 @@ def getKerberosTGS(self, serverName, domain, kdcHost, tgt, cipher, sessionKey, a seq_set(authenticator, 'cname', clientName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/examples/owneredit.py b/examples/owneredit.py index 133cb14f0..fc66733f5 100644 --- a/examples/owneredit.py +++ b/examples/owneredit.py @@ -84,7 +84,7 @@ 'S-1-5-64-14': 'SChannel Authentication', 'S-1-5-64-21': 'Digest Authority', 'S-1-5-80': 'NT Service', - 'S-1-5-83-0': 'NT VIRTUAL MACHINE\Virtual Machines', + 'S-1-5-83-0': 'NT VIRTUAL MACHINE\\Virtual Machines', 'S-1-16-0': 'Untrusted Mandatory Level', 'S-1-16-4096': 'Low Mandatory Level', 'S-1-16-8192': 'Medium Mandatory Level', @@ -93,24 +93,24 @@ 'S-1-16-16384': 'System Mandatory Level', 'S-1-16-20480': 'Protected Process Mandatory Level', 'S-1-16-28672': 'Secure Process Mandatory Level', - 'S-1-5-32-554': 'BUILTIN\Pre-Windows 2000 Compatible Access', - 'S-1-5-32-555': 'BUILTIN\Remote Desktop Users', - 'S-1-5-32-557': 'BUILTIN\Incoming Forest Trust Builders', + 'S-1-5-32-554': 'BUILTIN\\Pre-Windows 2000 Compatible Access', + 'S-1-5-32-555': 'BUILTIN\\Remote Desktop Users', + 'S-1-5-32-557': 'BUILTIN\\Incoming Forest Trust Builders', 'S-1-5-32-556': 'BUILTIN\\Network Configuration Operators', - 'S-1-5-32-558': 'BUILTIN\Performance Monitor Users', - 'S-1-5-32-559': 'BUILTIN\Performance Log Users', - 'S-1-5-32-560': 'BUILTIN\Windows Authorization Access Group', - 'S-1-5-32-561': 'BUILTIN\Terminal Server License Servers', - 'S-1-5-32-562': 'BUILTIN\Distributed COM Users', - 'S-1-5-32-569': 'BUILTIN\Cryptographic Operators', - 'S-1-5-32-573': 'BUILTIN\Event Log Readers', - 'S-1-5-32-574': 'BUILTIN\Certificate Service DCOM Access', - 'S-1-5-32-575': 'BUILTIN\RDS Remote Access Servers', - 'S-1-5-32-576': 'BUILTIN\RDS Endpoint Servers', - 'S-1-5-32-577': 'BUILTIN\RDS Management Servers', - 'S-1-5-32-578': 'BUILTIN\Hyper-V Administrators', - 'S-1-5-32-579': 'BUILTIN\Access Control Assistance Operators', - 'S-1-5-32-580': 'BUILTIN\Remote Management Users', + 'S-1-5-32-558': 'BUILTIN\\Performance Monitor Users', + 'S-1-5-32-559': 'BUILTIN\\Performance Log Users', + 'S-1-5-32-560': 'BUILTIN\\Windows Authorization Access Group', + 'S-1-5-32-561': 'BUILTIN\\Terminal Server License Servers', + 'S-1-5-32-562': 'BUILTIN\\Distributed COM Users', + 'S-1-5-32-569': 'BUILTIN\\Cryptographic Operators', + 'S-1-5-32-573': 'BUILTIN\\Event Log Readers', + 'S-1-5-32-574': 'BUILTIN\\Certificate Service DCOM Access', + 'S-1-5-32-575': 'BUILTIN\\RDS Remote Access Servers', + 'S-1-5-32-576': 'BUILTIN\\RDS Endpoint Servers', + 'S-1-5-32-577': 'BUILTIN\\RDS Management Servers', + 'S-1-5-32-578': 'BUILTIN\\Hyper-V Administrators', + 'S-1-5-32-579': 'BUILTIN\\Access Control Assistance Operators', + 'S-1-5-32-580': 'BUILTIN\\Remote Management Users', } class OwnerEdit(object): @@ -404,7 +404,7 @@ def ldap3_kerberos_login(connection, target, user, password, domain='', lmhash=' authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/examples/raiseChild.py b/examples/raiseChild.py index 3a011d6a7..abab970b9 100755 --- a/examples/raiseChild.py +++ b/examples/raiseChild.py @@ -907,7 +907,7 @@ def makeGolden(tgt, originalCipher, sessionKey, ntHash, aesKey, extraSid): encTicketPart = decoder.decode(plainText, asn1Spec = EncTicketPart())[0] # Let's extend the ticket's validity a lil bit - tenYearsFromNow = datetime.datetime.utcnow() + datetime.timedelta(days=365*10) + tenYearsFromNow = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365*10) encTicketPart['endtime'] = KerberosTime.to_asn1(tenYearsFromNow) encTicketPart['renew-till'] = KerberosTime.to_asn1(tenYearsFromNow) #print encTicketPart.prettyPrint() diff --git a/examples/rbcd.py b/examples/rbcd.py index 855b4adc1..0db8be17f 100755 --- a/examples/rbcd.py +++ b/examples/rbcd.py @@ -142,7 +142,7 @@ def ldap3_kerberos_login(connection, target, user, password, domain='', lmhash=' authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/examples/reg.py b/examples/reg.py index de65c6806..ced696373 100755 --- a/examples/reg.py +++ b/examples/reg.py @@ -192,7 +192,7 @@ def run(self, remoteName, remoteHost): elif self.__action == 'SAVE': self.save(dce, self.__options.keyName) elif self.__action == 'BACKUP': - for hive in ["HKLM\SAM", "HKLM\SYSTEM", "HKLM\SECURITY"]: + for hive in ["HKLM\\SAM", "HKLM\\SYSTEM", "HKLM\\SECURITY"]: self.save(dce, hive) else: logging.error('Method %s not implemented yet!' % self.__action) @@ -217,8 +217,8 @@ def triggerWinReg(self): def save(self, dce, keyName): hRootKey, subKey = self.__strip_root_key(dce, keyName) - outputFileName = "%s\%s.save" % (self.__options.outputPath, subKey) - logging.debug("Dumping %s, be patient it can take a while for large hives (e.g. HKLM\SYSTEM)" % keyName) + outputFileName = "%s\\%s.save" % (self.__options.outputPath, subKey) + logging.debug("Dumping %s, be patient it can take a while for large hives (e.g. HKLM\\SYSTEM)" % keyName) try: ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, dwOptions=rrp.REG_OPTION_BACKUP_RESTORE | rrp.REG_OPTION_OPEN_LINK, samDesired=rrp.KEY_READ) rrp.hBaseRegSaveKey(dce, ans2['phkResult'], outputFileName) @@ -594,11 +594,11 @@ def __parse_lp_data(valueType, valueData): help='Specifies the full path of the subkey. The ' 'keyName must include a valid root key. Valid root keys for the local computer are: HKLM,' ' HKU, HKCU, HKCR.') - save_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\share', required=True, help='Output UNC path the target system must export the registry saves to') + save_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\\share', required=True, help='Output UNC path the target system must export the registry saves to') # A special backup command to save HKLM\SAM, HKLM\SYSTEM and HKLM\SECURITY - backup_parser = subparsers.add_parser('backup', help='(special command) Backs up HKLM\SAM, HKLM\SYSTEM and HKLM\SECURITY to a specified file.') - backup_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\share', required=True, + backup_parser = subparsers.add_parser('backup', help='(special command) Backs up HKLM\\SAM, HKLM\\SYSTEM and HKLM\\SECURITY to a specified file.') + backup_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\\share', required=True, help='Output UNC path the target system must export the registry saves to') # A load command diff --git a/examples/ticketer.py b/examples/ticketer.py index 836c0be9e..9ac6ca055 100755 --- a/examples/ticketer.py +++ b/examples/ticketer.py @@ -138,7 +138,7 @@ def createBasicValidationInfo(self): # 1) KERB_VALIDATION_INFO kerbdata = KERB_VALIDATION_INFO() - aTime = timegm(datetime.datetime.utcnow().timetuple()) + aTime = timegm(datetime.datetime.now(datetime.timezone.utc).timetuple()) unixTime = self.getFileTime(aTime) kerbdata['LogonTime']['dwLowDateTime'] = unixTime & 0xffffffff @@ -487,7 +487,7 @@ def getKerberosS4U2SelfU2U(self): seq_set(authenticator, 'cname', clientName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) @@ -576,7 +576,7 @@ def getKerberosS4U2SelfU2U(self): seq_set(reqBody, 'sname', serverName.components_to_asn1) reqBody['realm'] = str(decodedTGT['crealm']) - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = random.getrandbits(31) @@ -597,7 +597,7 @@ def getKerberosS4U2SelfU2U(self): def customizeTicket(self, kdcRep, pacInfos): logging.info('Customizing ticket for %s/%s' % (self.__domain, self.__target)) - ticketDuration = datetime.datetime.utcnow() + datetime.timedelta(hours=int(self.__options.duration)) + ticketDuration = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(hours=int(self.__options.duration)) if self.__options.impersonate: # Doing Sapphire Ticket @@ -715,8 +715,8 @@ def customizeTicket(self, kdcRep, pacInfos): encTicketPart['transited'] = noValue encTicketPart['transited']['tr-type'] = 0 encTicketPart['transited']['contents'] = '' - encTicketPart['authtime'] = KerberosTime.to_asn1(datetime.datetime.utcnow()) - encTicketPart['starttime'] = KerberosTime.to_asn1(datetime.datetime.utcnow()) + encTicketPart['authtime'] = KerberosTime.to_asn1(datetime.datetime.now(datetime.timezone.utc)) + encTicketPart['starttime'] = KerberosTime.to_asn1(datetime.datetime.now(datetime.timezone.utc)) # Let's extend the ticket's validity a lil bit encTicketPart['endtime'] = KerberosTime.to_asn1(ticketDuration) encTicketPart['renew-till'] = KerberosTime.to_asn1(ticketDuration) @@ -840,7 +840,7 @@ def customizeTicket(self, kdcRep, pacInfos): encRepPart['last-req'] = noValue encRepPart['last-req'][0] = noValue encRepPart['last-req'][0]['lr-type'] = 0 - encRepPart['last-req'][0]['lr-value'] = KerberosTime.to_asn1(datetime.datetime.utcnow()) + encRepPart['last-req'][0]['lr-value'] = KerberosTime.to_asn1(datetime.datetime.now(datetime.timezone.utc)) encRepPart['nonce'] = 123456789 encRepPart['key-expiration'] = KerberosTime.to_asn1(ticketDuration) flags = [] diff --git a/impacket/dpapi.py b/impacket/dpapi.py index 1e2bbd966..8342ac6a5 100644 --- a/impacket/dpapi.py +++ b/impacket/dpapi.py @@ -29,7 +29,7 @@ import sys from struct import unpack -from datetime import datetime +from datetime import datetime, timezone from binascii import unhexlify, hexlify from struct import pack from hashlib import pbkdf2_hmac @@ -779,7 +779,7 @@ def __init__(self, data = None, alignment = 0): def dump(self): print("[VCRD]") print("SchemaGuid : %s" % bin_to_string(self['SchemaGuid'])) - print("LastWritten : %s" % (datetime.utcfromtimestamp(getUnixTime(self['LastWritten'])))) + print("LastWritten : %s" % (datetime.fromtimestamp(getUnixTime(self['LastWritten']), tz=timezone.utc))) print("FriendlyName: %s" % (self['FriendlyName'].decode('utf-16le'))) print() for i,entry in enumerate(self.mapEntries): @@ -1077,7 +1077,7 @@ def __init__(self, data = None, alignment = 0): def dump(self): print("[CREDENTIAL]") - print("LastWritten : %s" % (datetime.utcfromtimestamp(getUnixTime(self['LastWritten'])))) + print("LastWritten : %s" % (datetime.fromtimestamp(getUnixTime(self['LastWritten']), tz=timezone.utc))) print("Flags : 0x%.8x (%s)" % (self['Flags'], getFlags(CREDENTIAL_FLAGS, self['Flags']))) print("Persist : 0x%.8x (%s)" % (self['Persist'], CREDENTIAL_PERSIST(self['Persist']).name)) print("Type : 0x%.8x (%s)" % (self['Type'], CREDENTIAL_TYPE(self['Type']).name)) diff --git a/impacket/examples/secretsdump.py b/impacket/examples/secretsdump.py index 1d97516c3..43b776218 100644 --- a/impacket/examples/secretsdump.py +++ b/impacket/examples/secretsdump.py @@ -61,7 +61,7 @@ import time from binascii import unhexlify, hexlify from collections import OrderedDict -from datetime import datetime, timedelta +from datetime import datetime, timedelta, timezone from struct import unpack, pack from six import b, PY2 @@ -1652,7 +1652,7 @@ def dumpCachedHashes(self): userName = plainText[:record['UserLength']].decode('utf-16le') plainText = plainText[self.__pad(record['UserLength']) + self.__pad(record['DomainNameLength']):] domainLong = plainText[:self.__pad(record['DnsDomainNameLength'])].decode('utf-16le') - timestamp = datetime.utcfromtimestamp(getUnixTime(record['LastWrite'])) + timestamp = datetime.fromtimestamp(getUnixTime(record['LastWrite']), tz=timezone.utc) if self.__vistaStyle is True: answer = "%s/%s:$DCC2$%s#%s#%s: (%s)" % (domainLong, userName, iterationCount, userName, hexlify(encHash).decode('utf-8'), timestamp) @@ -2996,10 +2996,10 @@ def createPartialTGT(self, userName): encTicketPart['transited'] = noValue encTicketPart['transited']['tr-type'] = 0 encTicketPart['transited']['contents'] = '' - encTicketPart['authtime'] = KerberosTime.to_asn1(datetime.utcnow()) - encTicketPart['starttime'] = KerberosTime.to_asn1(datetime.utcnow()) + encTicketPart['authtime'] = KerberosTime.to_asn1(datetime.now(timezone.utc)) + encTicketPart['starttime'] = KerberosTime.to_asn1(datetime.now(timezone.utc)) # Let's extend the ticket's validity a lil bit - ticketDuration = datetime.utcnow() + timedelta(days=int(120)) + ticketDuration = datetime.now(timezone.utc) + timedelta(days=int(120)) encTicketPart['endtime'] = KerberosTime.to_asn1(ticketDuration) encTicketPart['renew-till'] = KerberosTime.to_asn1(ticketDuration) # We don't need PAC @@ -3035,7 +3035,7 @@ def getFullTGT(self, userName, partialTGT, sessionKey): seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.utcnow() + now = datetime.now(timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) @@ -3073,7 +3073,7 @@ def getFullTGT(self, userName, partialTGT, sessionKey): reqBody['sname']['name-string'][1] = self.__domain reqBody['realm'] = self.__domain - now = datetime.utcnow() + timedelta(days=1) + now = datetime.now(timezone.utc) + timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = rand.getrandbits(31) diff --git a/impacket/krb5/ccache.py b/impacket/krb5/ccache.py index 5965542a9..c3d460663 100644 --- a/impacket/krb5/ccache.py +++ b/impacket/krb5/ccache.py @@ -20,7 +20,7 @@ # from __future__ import division from __future__ import print_function -from datetime import datetime +from datetime import datetime, timezone import os from struct import pack, unpack, calcsize from six import b, PY2 @@ -736,9 +736,9 @@ def toKRBCRED(self): krbCredInfo['flags'] = credential['tktflags'] - krbCredInfo['starttime'] = KerberosTime.to_asn1(datetime.utcfromtimestamp(credential['time']['starttime'])) - krbCredInfo['endtime'] = KerberosTime.to_asn1(datetime.utcfromtimestamp(credential['time']['endtime'])) - krbCredInfo['renew-till'] = KerberosTime.to_asn1(datetime.utcfromtimestamp(credential['time']['renew_till'])) + krbCredInfo['starttime'] = KerberosTime.to_asn1(datetime.fromtimestamp(credential['time']['starttime'], tz=timezone.utc)) + krbCredInfo['endtime'] = KerberosTime.to_asn1(datetime.fromtimestamp(credential['time']['endtime'], tz=timezone.utc)) + krbCredInfo['renew-till'] = KerberosTime.to_asn1(datetime.fromtimestamp(credential['time']['renew_till'], tz=timezone.utc)) krbCredInfo['srealm'] = credential['server'].realm.fields['data'] diff --git a/impacket/krb5/kerberosv5.py b/impacket/krb5/kerberosv5.py index 99dd0b721..7f45b4dc3 100644 --- a/impacket/krb5/kerberosv5.py +++ b/impacket/krb5/kerberosv5.py @@ -155,7 +155,7 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH reqBody['realm'] = domain - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['rtime'] = KerberosTime.to_asn1(now) reqBody['nonce'] = rand.getrandbits(31) @@ -266,7 +266,7 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH # Let's build the timestamp timeStamp = PA_ENC_TS_ENC() - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) timeStamp['patimestamp'] = KerberosTime.to_asn1(now) timeStamp['pausec'] = now.microsecond @@ -312,7 +312,7 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH reqBody['realm'] = domain - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['rtime'] = KerberosTime.to_asn1(now) reqBody['nonce'] = rand.getrandbits(31) @@ -396,7 +396,7 @@ def getKerberosTGS(serverName, domain, kdcHost, tgt, cipher, sessionKey, renew = seq_set(authenticator, 'cname', clientName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) @@ -438,7 +438,7 @@ def getKerberosTGS(serverName, domain, kdcHost, tgt, cipher, sessionKey, renew = seq_set(reqBody, 'sname', serverName.components_to_asn1) reqBody['realm'] = domain - now = datetime.datetime.utcnow() + datetime.timedelta(days=1) + now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1) reqBody['till'] = KerberosTime.to_asn1(now) reqBody['nonce'] = rand.getrandbits(31) @@ -519,7 +519,7 @@ def getKerberosType3(cipher, sessionKey, auth_data): encAPRepPart['subkey'].clear() encAPRepPart = encAPRepPart.clone() - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) encAPRepPart['cusec'] = now.microsecond encAPRepPart['ctime'] = KerberosTime.to_asn1(now) encAPRepPart['seq-number'] = sequenceNumber @@ -645,7 +645,7 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/impacket/krb5/kpasswd.py b/impacket/krb5/kpasswd.py index c53d1d8da..0df42f128 100644 --- a/impacket/krb5/kpasswd.py +++ b/impacket/krb5/kpasswd.py @@ -129,7 +129,7 @@ def createKPasswdRequest(principal, domain, newPasswd, tgs, cipher, sessionKey, sequenceNumber = int.from_bytes(get_random_bytes(4), "big") if now is None: - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) if not isinstance(newPasswd, bytes): newPasswd = newPasswd.encode("utf-8") diff --git a/impacket/ldap/ldap.py b/impacket/ldap/ldap.py index 4100d6e5f..73b638066 100644 --- a/impacket/ldap/ldap.py +++ b/impacket/ldap/ldap.py @@ -215,7 +215,7 @@ def kerberosLogin(self, user, password, domain='', lmhash='', nthash='', aesKey= authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/impacket/smb.py b/impacket/smb.py index da8f158c9..99f8e3d4c 100644 --- a/impacket/smb.py +++ b/impacket/smb.py @@ -2883,7 +2883,7 @@ def get_server_time(self): timestamp |= self._dialects_parameters['LowDateTime'] timestamp -= 116444736000000000 timestamp //= 10000000 - d = datetime.datetime.utcfromtimestamp(timestamp) + d = datetime.datetime.fromtimestamp(timestamp, tz=datetime.timezone.utc) return d.strftime("%a, %d %b %Y %H:%M:%S GMT") def disconnect_tree(self, tid): @@ -3251,7 +3251,7 @@ def kerberos_login(self, user, password, domain = '', lmhash = '', nthash = '', authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/impacket/smb3.py b/impacket/smb3.py index 34e4ddd41..8f50339d9 100644 --- a/impacket/smb3.py +++ b/impacket/smb3.py @@ -797,7 +797,7 @@ def kerberosLogin(self, user, password, domain = '', lmhash = '', nthash = '', a authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now) diff --git a/impacket/tds.py b/impacket/tds.py index f1da9171f..2cbb20330 100644 --- a/impacket/tds.py +++ b/impacket/tds.py @@ -818,7 +818,7 @@ def kerberosLogin(self, database, username, password='', domain='', hashes=None, authenticator['authenticator-vno'] = 5 authenticator['crealm'] = domain seq_set(authenticator, 'cname', userName.components_to_asn1) - now = datetime.datetime.utcnow() + now = datetime.datetime.now(datetime.timezone.utc) authenticator['cusec'] = now.microsecond authenticator['ctime'] = KerberosTime.to_asn1(now)