Fixed warnings with Python 3.12 (fortra#1695)

* fixed SyntaxWarnings due to invalid escape sequence

* fixed DeprecationWarning since datetime.datetime.utcnow() is deprecated in Python 3.12+

* fixed DeprecationWarning since datetime.datetime.utcfromtimestamp() is deprecated in Python 3.12+

Author: exploide

examples/GetNPUsers.py

@@ -162,7 +162,7 @@ def getTGT(self, userName, requestPAC=True):
 
         reqBody['realm'] = domain
 
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+        now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
         reqBody['till'] = KerberosTime.to_asn1(now)
         reqBody['rtime'] = KerberosTime.to_asn1(now)
         reqBody['nonce'] = random.getrandbits(31)

examples/addcomputer.py

@@ -357,7 +357,7 @@ def LDAP3KerberosLogin(self, connection, user, password, domain='', lmhash='', n
         authenticator['authenticator-vno'] = 5
         authenticator['crealm'] = domain
         seq_set(authenticator, 'cname', userName.components_to_asn1)
-        now = datetime.datetime.utcnow()
+        now = datetime.datetime.now(datetime.timezone.utc)
 
         authenticator['cusec'] = now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)

examples/dacledit.py

@@ -98,7 +98,7 @@
     'S-1-5-64-14': 'SChannel Authentication',
     'S-1-5-64-21': 'Digest Authority',
     'S-1-5-80': 'NT Service',
-    'S-1-5-83-0': 'NT VIRTUAL MACHINE\Virtual Machines',
+    'S-1-5-83-0': 'NT VIRTUAL MACHINE\\Virtual Machines',
     'S-1-16-0': 'Untrusted Mandatory Level',
     'S-1-16-4096': 'Low Mandatory Level',
     'S-1-16-8192': 'Medium Mandatory Level',
@@ -107,24 +107,24 @@
     'S-1-16-16384': 'System Mandatory Level',
     'S-1-16-20480': 'Protected Process Mandatory Level',
     'S-1-16-28672': 'Secure Process Mandatory Level',
-    'S-1-5-32-554': 'BUILTIN\Pre-Windows 2000 Compatible Access',
-    'S-1-5-32-555': 'BUILTIN\Remote Desktop Users',
-    'S-1-5-32-557': 'BUILTIN\Incoming Forest Trust Builders',
+    'S-1-5-32-554': 'BUILTIN\\Pre-Windows 2000 Compatible Access',
+    'S-1-5-32-555': 'BUILTIN\\Remote Desktop Users',
+    'S-1-5-32-557': 'BUILTIN\\Incoming Forest Trust Builders',
     'S-1-5-32-556': 'BUILTIN\\Network Configuration Operators',
-    'S-1-5-32-558': 'BUILTIN\Performance Monitor Users',
-    'S-1-5-32-559': 'BUILTIN\Performance Log Users',
-    'S-1-5-32-560': 'BUILTIN\Windows Authorization Access Group',
-    'S-1-5-32-561': 'BUILTIN\Terminal Server License Servers',
-    'S-1-5-32-562': 'BUILTIN\Distributed COM Users',
-    'S-1-5-32-569': 'BUILTIN\Cryptographic Operators',
-    'S-1-5-32-573': 'BUILTIN\Event Log Readers',
-    'S-1-5-32-574': 'BUILTIN\Certificate Service DCOM Access',
-    'S-1-5-32-575': 'BUILTIN\RDS Remote Access Servers',
-    'S-1-5-32-576': 'BUILTIN\RDS Endpoint Servers',
-    'S-1-5-32-577': 'BUILTIN\RDS Management Servers',
-    'S-1-5-32-578': 'BUILTIN\Hyper-V Administrators',
-    'S-1-5-32-579': 'BUILTIN\Access Control Assistance Operators',
-    'S-1-5-32-580': 'BUILTIN\Remote Management Users',
+    'S-1-5-32-558': 'BUILTIN\\Performance Monitor Users',
+    'S-1-5-32-559': 'BUILTIN\\Performance Log Users',
+    'S-1-5-32-560': 'BUILTIN\\Windows Authorization Access Group',
+    'S-1-5-32-561': 'BUILTIN\\Terminal Server License Servers',
+    'S-1-5-32-562': 'BUILTIN\\Distributed COM Users',
+    'S-1-5-32-569': 'BUILTIN\\Cryptographic Operators',
+    'S-1-5-32-573': 'BUILTIN\\Event Log Readers',
+    'S-1-5-32-574': 'BUILTIN\\Certificate Service DCOM Access',
+    'S-1-5-32-575': 'BUILTIN\\RDS Remote Access Servers',
+    'S-1-5-32-576': 'BUILTIN\\RDS Endpoint Servers',
+    'S-1-5-32-577': 'BUILTIN\\RDS Management Servers',
+    'S-1-5-32-578': 'BUILTIN\\Hyper-V Administrators',
+    'S-1-5-32-579': 'BUILTIN\\Access Control Assistance Operators',
+    'S-1-5-32-580': 'BUILTIN\\Remote Management Users',
 }
 
 
@@ -873,7 +873,7 @@ def ldap3_kerberos_login(connection, target, user, password, domain='', lmhash='
     authenticator['authenticator-vno'] = 5
     authenticator['crealm'] = domain
     seq_set(authenticator, 'cname', userName.components_to_asn1)
-    now = datetime.datetime.utcnow()
+    now = datetime.datetime.now(datetime.timezone.utc)
 
     authenticator['cusec'] = now.microsecond
     authenticator['ctime'] = KerberosTime.to_asn1(now)

examples/getPac.py

@@ -148,7 +148,7 @@ def dump(self):
 
         seq_set(authenticator, 'cname', clientName.components_to_asn1)
 
-        now = datetime.datetime.utcnow()
+        now = datetime.datetime.now(datetime.timezone.utc)
         authenticator['cusec'] = now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)
 
@@ -238,7 +238,7 @@ def dump(self):
         seq_set(reqBody, 'sname', serverName.components_to_asn1)
         reqBody['realm'] = str(decodedTGT['crealm'])
 
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+        now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
 
         reqBody['till'] = KerberosTime.to_asn1(now)
         reqBody['nonce'] = random.getrandbits(31)

examples/getST.py

@@ -284,7 +284,7 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey
 
             seq_set(authenticator, 'cname', clientName.components_to_asn1)
 
-            now = datetime.datetime.utcnow()
+            now = datetime.datetime.now(datetime.timezone.utc)
             authenticator['cusec'] = now.microsecond
             authenticator['ctime'] = KerberosTime.to_asn1(now)
 
@@ -336,7 +336,7 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey
             myTicket = ticket.to_asn1(TicketAsn1())
             seq_set_iter(reqBody, 'additional-tickets', (myTicket,))
 
-            now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+            now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
 
             reqBody['till'] = KerberosTime.to_asn1(now)
             reqBody['nonce'] = random.getrandbits(31)
@@ -377,7 +377,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
 
         seq_set(authenticator, 'cname', clientName.components_to_asn1)
 
-        now = datetime.datetime.utcnow()
+        now = datetime.datetime.now(datetime.timezone.utc)
         authenticator['cusec'] = now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)
 
@@ -474,7 +474,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
         seq_set(reqBody, 'sname', serverName.components_to_asn1)
         reqBody['realm'] = str(decodedTGT['crealm'])
 
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+        now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
 
         reqBody['till'] = KerberosTime.to_asn1(now)
         reqBody['nonce'] = random.getrandbits(31)
@@ -604,7 +604,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
 
         seq_set(authenticator, 'cname', clientName.components_to_asn1)
 
-        now = datetime.datetime.utcnow()
+        now = datetime.datetime.now(datetime.timezone.utc)
         authenticator['cusec'] = now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)
 
@@ -656,7 +656,7 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
         myTicket = ticket.to_asn1(TicketAsn1())
         seq_set_iter(reqBody, 'additional-tickets', (myTicket,))
 
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+        now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
 
         reqBody['till'] = KerberosTime.to_asn1(now)
         reqBody['nonce'] = random.getrandbits(31)

examples/goldenPac.py

@@ -720,7 +720,7 @@ def getKerberosTGS(self, serverName, domain, kdcHost, tgt, cipher, sessionKey, a
         seq_set(reqBody, 'sname', serverName.components_to_asn1)
         reqBody['realm'] = decodedTGT['crealm'].prettyPrint()
 
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+        now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
 
         reqBody['till'] = KerberosTime.to_asn1(now)
         reqBody['nonce'] = random.SystemRandom().getrandbits(31)
@@ -746,7 +746,7 @@ def getKerberosTGS(self, serverName, domain, kdcHost, tgt, cipher, sessionKey, a
 
         seq_set(authenticator, 'cname', clientName.components_to_asn1)
 
-        now = datetime.datetime.utcnow() 
+        now = datetime.datetime.now(datetime.timezone.utc)
         authenticator['cusec'] =  now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)
 

examples/owneredit.py

@@ -84,7 +84,7 @@
     'S-1-5-64-14': 'SChannel Authentication',
     'S-1-5-64-21': 'Digest Authority',
     'S-1-5-80': 'NT Service',
-    'S-1-5-83-0': 'NT VIRTUAL MACHINE\Virtual Machines',
+    'S-1-5-83-0': 'NT VIRTUAL MACHINE\\Virtual Machines',
     'S-1-16-0': 'Untrusted Mandatory Level',
     'S-1-16-4096': 'Low Mandatory Level',
     'S-1-16-8192': 'Medium Mandatory Level',
@@ -93,24 +93,24 @@
     'S-1-16-16384': 'System Mandatory Level',
     'S-1-16-20480': 'Protected Process Mandatory Level',
     'S-1-16-28672': 'Secure Process Mandatory Level',
-    'S-1-5-32-554': 'BUILTIN\Pre-Windows 2000 Compatible Access',
-    'S-1-5-32-555': 'BUILTIN\Remote Desktop Users',
-    'S-1-5-32-557': 'BUILTIN\Incoming Forest Trust Builders',
+    'S-1-5-32-554': 'BUILTIN\\Pre-Windows 2000 Compatible Access',
+    'S-1-5-32-555': 'BUILTIN\\Remote Desktop Users',
+    'S-1-5-32-557': 'BUILTIN\\Incoming Forest Trust Builders',
     'S-1-5-32-556': 'BUILTIN\\Network Configuration Operators',
-    'S-1-5-32-558': 'BUILTIN\Performance Monitor Users',
-    'S-1-5-32-559': 'BUILTIN\Performance Log Users',
-    'S-1-5-32-560': 'BUILTIN\Windows Authorization Access Group',
-    'S-1-5-32-561': 'BUILTIN\Terminal Server License Servers',
-    'S-1-5-32-562': 'BUILTIN\Distributed COM Users',
-    'S-1-5-32-569': 'BUILTIN\Cryptographic Operators',
-    'S-1-5-32-573': 'BUILTIN\Event Log Readers',
-    'S-1-5-32-574': 'BUILTIN\Certificate Service DCOM Access',
-    'S-1-5-32-575': 'BUILTIN\RDS Remote Access Servers',
-    'S-1-5-32-576': 'BUILTIN\RDS Endpoint Servers',
-    'S-1-5-32-577': 'BUILTIN\RDS Management Servers',
-    'S-1-5-32-578': 'BUILTIN\Hyper-V Administrators',
-    'S-1-5-32-579': 'BUILTIN\Access Control Assistance Operators',
-    'S-1-5-32-580': 'BUILTIN\Remote Management Users',
+    'S-1-5-32-558': 'BUILTIN\\Performance Monitor Users',
+    'S-1-5-32-559': 'BUILTIN\\Performance Log Users',
+    'S-1-5-32-560': 'BUILTIN\\Windows Authorization Access Group',
+    'S-1-5-32-561': 'BUILTIN\\Terminal Server License Servers',
+    'S-1-5-32-562': 'BUILTIN\\Distributed COM Users',
+    'S-1-5-32-569': 'BUILTIN\\Cryptographic Operators',
+    'S-1-5-32-573': 'BUILTIN\\Event Log Readers',
+    'S-1-5-32-574': 'BUILTIN\\Certificate Service DCOM Access',
+    'S-1-5-32-575': 'BUILTIN\\RDS Remote Access Servers',
+    'S-1-5-32-576': 'BUILTIN\\RDS Endpoint Servers',
+    'S-1-5-32-577': 'BUILTIN\\RDS Management Servers',
+    'S-1-5-32-578': 'BUILTIN\\Hyper-V Administrators',
+    'S-1-5-32-579': 'BUILTIN\\Access Control Assistance Operators',
+    'S-1-5-32-580': 'BUILTIN\\Remote Management Users',
 }
 
 class OwnerEdit(object):
@@ -404,7 +404,7 @@ def ldap3_kerberos_login(connection, target, user, password, domain='', lmhash='
     authenticator['authenticator-vno'] = 5
     authenticator['crealm'] = domain
     seq_set(authenticator, 'cname', userName.components_to_asn1)
-    now = datetime.datetime.utcnow()
+    now = datetime.datetime.now(datetime.timezone.utc)
 
     authenticator['cusec'] = now.microsecond
     authenticator['ctime'] = KerberosTime.to_asn1(now)

examples/raiseChild.py

@@ -907,7 +907,7 @@ def makeGolden(tgt, originalCipher, sessionKey, ntHash, aesKey, extraSid):
         encTicketPart = decoder.decode(plainText, asn1Spec = EncTicketPart())[0]
 
         # Let's extend the ticket's validity a lil bit
-        tenYearsFromNow = datetime.datetime.utcnow() + datetime.timedelta(days=365*10)
+        tenYearsFromNow = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365*10)
         encTicketPart['endtime'] = KerberosTime.to_asn1(tenYearsFromNow)
         encTicketPart['renew-till'] = KerberosTime.to_asn1(tenYearsFromNow)
         #print encTicketPart.prettyPrint()

examples/rbcd.py

@@ -142,7 +142,7 @@ def ldap3_kerberos_login(connection, target, user, password, domain='', lmhash='
     authenticator['authenticator-vno'] = 5
     authenticator['crealm'] = domain
     seq_set(authenticator, 'cname', userName.components_to_asn1)
-    now = datetime.datetime.utcnow()
+    now = datetime.datetime.now(datetime.timezone.utc)
 
     authenticator['cusec'] = now.microsecond
     authenticator['ctime'] = KerberosTime.to_asn1(now)

examples/reg.py

@@ -192,7 +192,7 @@ def run(self, remoteName, remoteHost):
             elif self.__action == 'SAVE':
                 self.save(dce, self.__options.keyName)
             elif self.__action == 'BACKUP':
-                for hive in ["HKLM\SAM", "HKLM\SYSTEM", "HKLM\SECURITY"]:
+                for hive in ["HKLM\\SAM", "HKLM\\SYSTEM", "HKLM\\SECURITY"]:
                     self.save(dce, hive)
             else:
                 logging.error('Method %s not implemented yet!' % self.__action)
@@ -217,8 +217,8 @@ def triggerWinReg(self):
 
     def save(self, dce, keyName):
         hRootKey, subKey = self.__strip_root_key(dce, keyName)
-        outputFileName = "%s\%s.save" % (self.__options.outputPath, subKey)
-        logging.debug("Dumping %s, be patient it can take a while for large hives (e.g. HKLM\SYSTEM)" % keyName)
+        outputFileName = "%s\\%s.save" % (self.__options.outputPath, subKey)
+        logging.debug("Dumping %s, be patient it can take a while for large hives (e.g. HKLM\\SYSTEM)" % keyName)
         try:
             ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, dwOptions=rrp.REG_OPTION_BACKUP_RESTORE | rrp.REG_OPTION_OPEN_LINK, samDesired=rrp.KEY_READ)
             rrp.hBaseRegSaveKey(dce, ans2['phkResult'], outputFileName)
@@ -594,11 +594,11 @@ def __parse_lp_data(valueType, valueData):
                                help='Specifies the full path of the subkey. The '
                                     'keyName must include a valid root key. Valid root keys for the local computer are: HKLM,'
                                     ' HKU, HKCU, HKCR.')
-    save_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\share', required=True, help='Output UNC path the target system must export the registry saves to')
+    save_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\\share', required=True, help='Output UNC path the target system must export the registry saves to')
 
     # A special backup command to save HKLM\SAM, HKLM\SYSTEM and HKLM\SECURITY
-    backup_parser = subparsers.add_parser('backup', help='(special command) Backs up HKLM\SAM, HKLM\SYSTEM and HKLM\SECURITY to a specified file.')
-    backup_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\share', required=True,
+    backup_parser = subparsers.add_parser('backup', help='(special command) Backs up HKLM\\SAM, HKLM\\SYSTEM and HKLM\\SECURITY to a specified file.')
+    backup_parser.add_argument('-o', dest='outputPath', action='store', metavar='\\\\192.168.0.2\\share', required=True,
                              help='Output UNC path the target system must export the registry saves to')
 
     # A load command

examples/ticketer.py

@@ -138,7 +138,7 @@ def createBasicValidationInfo(self):
         # 1) KERB_VALIDATION_INFO
         kerbdata = KERB_VALIDATION_INFO()
 
-        aTime = timegm(datetime.datetime.utcnow().timetuple())
+        aTime = timegm(datetime.datetime.now(datetime.timezone.utc).timetuple())
         unixTime = self.getFileTime(aTime)
 
         kerbdata['LogonTime']['dwLowDateTime'] = unixTime & 0xffffffff
@@ -487,7 +487,7 @@ def getKerberosS4U2SelfU2U(self):
 
         seq_set(authenticator, 'cname', clientName.components_to_asn1)
 
-        now = datetime.datetime.utcnow()
+        now = datetime.datetime.now(datetime.timezone.utc)
         authenticator['cusec'] = now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)
 
@@ -576,7 +576,7 @@ def getKerberosS4U2SelfU2U(self):
         seq_set(reqBody, 'sname', serverName.components_to_asn1)
         reqBody['realm'] = str(decodedTGT['crealm'])
 
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+        now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
 
         reqBody['till'] = KerberosTime.to_asn1(now)
         reqBody['nonce'] = random.getrandbits(31)
@@ -597,7 +597,7 @@ def getKerberosS4U2SelfU2U(self):
     def customizeTicket(self, kdcRep, pacInfos):
         logging.info('Customizing ticket for %s/%s' % (self.__domain, self.__target))
 
-        ticketDuration = datetime.datetime.utcnow() + datetime.timedelta(hours=int(self.__options.duration))
+        ticketDuration = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(hours=int(self.__options.duration))
 
         if self.__options.impersonate:
             # Doing Sapphire Ticket
@@ -715,8 +715,8 @@ def customizeTicket(self, kdcRep, pacInfos):
             encTicketPart['transited'] = noValue
             encTicketPart['transited']['tr-type'] = 0
             encTicketPart['transited']['contents'] = ''
-            encTicketPart['authtime'] = KerberosTime.to_asn1(datetime.datetime.utcnow())
-            encTicketPart['starttime'] = KerberosTime.to_asn1(datetime.datetime.utcnow())
+            encTicketPart['authtime'] = KerberosTime.to_asn1(datetime.datetime.now(datetime.timezone.utc))
+            encTicketPart['starttime'] = KerberosTime.to_asn1(datetime.datetime.now(datetime.timezone.utc))
             # Let's extend the ticket's validity a lil bit
             encTicketPart['endtime'] = KerberosTime.to_asn1(ticketDuration)
             encTicketPart['renew-till'] = KerberosTime.to_asn1(ticketDuration)
@@ -840,7 +840,7 @@ def customizeTicket(self, kdcRep, pacInfos):
         encRepPart['last-req'] = noValue
         encRepPart['last-req'][0] = noValue
         encRepPart['last-req'][0]['lr-type'] = 0
-        encRepPart['last-req'][0]['lr-value'] = KerberosTime.to_asn1(datetime.datetime.utcnow())
+        encRepPart['last-req'][0]['lr-value'] = KerberosTime.to_asn1(datetime.datetime.now(datetime.timezone.utc))
         encRepPart['nonce'] = 123456789
         encRepPart['key-expiration'] = KerberosTime.to_asn1(ticketDuration)
         flags = []

impacket/dpapi.py

@@ -29,7 +29,7 @@
 import sys
 
 from struct import unpack
-from datetime import datetime
+from datetime import datetime, timezone
 from binascii import unhexlify, hexlify
 from struct import pack
 from hashlib import pbkdf2_hmac
@@ -779,7 +779,7 @@ def __init__(self, data = None, alignment = 0):
     def dump(self):
         print("[VCRD]")
         print("SchemaGuid  : %s" % bin_to_string(self['SchemaGuid']))
-        print("LastWritten : %s" % (datetime.utcfromtimestamp(getUnixTime(self['LastWritten']))))
+        print("LastWritten : %s" % (datetime.fromtimestamp(getUnixTime(self['LastWritten']), tz=timezone.utc)))
         print("FriendlyName: %s" % (self['FriendlyName'].decode('utf-16le')))
         print()
         for i,entry in enumerate(self.mapEntries):
@@ -1077,7 +1077,7 @@ def __init__(self, data = None, alignment = 0):
 
     def dump(self):
         print("[CREDENTIAL]")
-        print("LastWritten : %s" % (datetime.utcfromtimestamp(getUnixTime(self['LastWritten']))))
+        print("LastWritten : %s" % (datetime.fromtimestamp(getUnixTime(self['LastWritten']), tz=timezone.utc)))
         print("Flags       : 0x%.8x (%s)" % (self['Flags'], getFlags(CREDENTIAL_FLAGS, self['Flags'])))
         print("Persist     : 0x%.8x (%s)" % (self['Persist'], CREDENTIAL_PERSIST(self['Persist']).name))
         print("Type        : 0x%.8x (%s)" % (self['Type'], CREDENTIAL_TYPE(self['Type']).name))