Add winrmexec on behalf of Ozelis (https://github.com/ozelis/winrmexec/blob/main/winrmexec.py)

[Dfte]

This PR adds the winrmexec.py example (written by Ozelis ozelis/winrmexec#2) to Impacket :

Full ReadMe available here https://github.com/ozelis/winrmexec/blob/main/README.md.

Note that the last comit I did switched datetime UTC to datetime.utc for retrocompatibility issue with python prior to 3.11. This is a WIP PR as few things will have to be modified.

[Dfte]

Hello @anadrianmanrique @gabrielg5, I really want to get back to that PR but I'm kinda stuck because of the size of the code. How would you handle that case ? Make a impacket/impacket/winrm.py class that is then used by impacket/example/winrmexec.py ?

Or is it okay to have such a huge example directly ?

[gabrielg5]

Hi @Dfte,
Yes, splitting the example into different classes is the best way to go from here. Also, there are a couple duplicated functions there as well that would be better to reuse from the impacket library itself now. It'd be easier to maintain afterwards...

Let me shoot at it with AI if you want. Seems like something it could easily solve for us.
We can move forward from there

[Dfte]

Yes go for that! Then I'll start working on it :P thx mate!

[gabrielg5]

Ok, let's continue from here.
I've done a quick review on those changes and tested basic auth with some commands / shell like version to see if at least those work - we'll need to do better testing with the other auth methods. And also check if all needed features are there

Main changes:

• added reusable impacket.winrm with WSMan builders/parsers, transports, and WinRSClient
• rewrote examples/winrmexec.py as a thin Impacket-style example with standard logging and -shell-type {cmd,powershell}
• deduplicated the WinRM WSMan request-building used by the relay code
• centralized the TLS server-end-point CBT helper
• added focused WinRM tests

[Dfte]

Exceptional! I'll work on that PR this week end then :)! Hopefully we'll have this great feature fully tested soon!! Thanks dude!

[Dfte]

Alright so here is a few testings:

• Password authentication works (http and https):

• Kerberos with CCACHE works (http and https):

• Kerberos with AES key works (http and https):

• Basic authentication works on http (if Set-WSManInstance -ResourceURI winrm/config/service -ValueSet @{AllowUnencrypted=$true} is run before) and on https:

• NT authentication: there is a bug there:

• Cert authentication: not tested yet.

About ntlmrelay, I have set the winrms endpoint to None in order to allow ntlm relay, looks good as well!

Btw, once this PR is merged I'll move the CBT computing from TDS.py to the Tls.py library as well so that it can be reused as well as we mentionned before @anadrianmanrique :)!

[Dfte]

Latest commit patches the NT hash authentication which was broken:

Last thing to do is to check that cert-pem and cert-pass options work and add a way to pass a pfx file as well. So far I wasn't able to set up a lab to test these options, I always end up with the following 503 error when enabling the certificate authentication: