Request aliases for impacket scripts

Impacket is a python project popular in the Information Security community. It provides a collection of python classes for working with network protocols. It is also available as an apt package in Ubuntu under the name python3-impacket which provides access to all the impacket scripts. So, it is requested to grant aliases for all the same impacket scripts available through Impacket snap.

name:      impacket
summary:   Impacket is a collection of Python classes for working with network protocols.
publisher: Jitendra Patro (jitpatro)
store-url: https://snapcraft.io/impacket
contact:   https://jitendrapatro.me
license:   unset
description: |
  Impacket is a collection of Python classes for working with network protocols. Impacket is focused
  on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and
  MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as
  parsed from raw data, and the object-oriented API makes it simple to work with deep hierarchies of
  protocols. The library provides a set of tools as examples of what can be done within the context
  of this library.
  
  **Featured Protocols**
  
  * Ethernet, Linux "Cooked" capture.
  * IP, TCP, UDP, ICMP, IGMP, ARP.
  * IPv4 and IPv6 Support.
  * NMB and SMB1, SMB2 and SMB3 (high-level implementations).
  * MSRPC version 5, over different transports: TCP, SMB/TCP, SMB/NetBIOS and HTTP.*
  * Plain, NTLM and Kerberos authentications, using password/hashes/tickets/keys.
  * Portions of TDS (MSSQL) and LDAP protocol implementations.
  * Portions/full implementation of the following MSRPC interfaces: EPM, DTYPES, LSAD, LSAT, NRPC,
  RRP, SAMR, SRVS, WKST, SCMR, BKRP, DHCPM, EVEN6, MGMT, SASEC, TSCH, DCOM, WMI, OXABREF, NSPI,
  OXNSPI.
commands:
  - impacket.Get-GPPPassword
  - impacket.GetADUsers
  - impacket.GetArch
  - impacket.GetNPUsers
  - impacket.GetUserSPNs
  - impacket.addcomputer
  - impacket.atexec
  - impacket.dcomexec
  - impacket.dpapi
  - impacket.esentutl
  - impacket.exchanger
  - impacket.findDelegation
  - impacket.getPac
  - impacket.getST
  - impacket.getTGT
  - impacket.goldenPac
  - impacket.karmaSMB
  - impacket.keylistattack
  - impacket.kintercept
  - impacket.ldapdomaindump
  - impacket.ldd2bloodhound
  - impacket.ldd2pretty
  - impacket.lookupsid
  - impacket.machine-role
  - impacket.mimikatz
  - impacket.mqtt-check
  - impacket.mssqlclient
  - impacket.mssqlinstance
  - impacket.netview
  - impacket.nmapAnswerMachine
  - impacket.ntfs-read
  - impacket.ntlmrelayx
  - impacket.psexec
  - impacket.raiseChild
  - impacket.rbcd
  - impacket.rdp-check
  - impacket.reg
  - impacket.registry-read
  - impacket.rpcdump
  - impacket.rpcmap
  - impacket.samrdump
  - impacket.secretsdump
  - impacket.services
  - impacket.smbclient
  - impacket.smbexec
  - impacket.smbpasswd
  - impacket.smbrelayx
  - impacket.smbserver
  - impacket.ticketConverter
  - impacket.ticketer
  - impacket.tstool
  - impacket.wmiexec
  - impacket.wmipersist
  - impacket.wmiquery
snap-id:      EH9gpZU9Xu0KALYQP5O6HFiKRBXmraB6
tracking:     latest/stable
refresh-date: yesterday at 19:24 IST
channels:
  latest/stable:    v0.10.1.dev1 2022-09-23 (15) 21MB -
  latest/candidate: v0.10.1.dev1 2022-09-23 (15) 21MB -
  latest/beta:      ↑                                 
  latest/edge:      v0.10.1.dev1 2022-09-23 (13) 21MB -

Pinging… It’s been a week and as per the alias approval process, voting period is one week.

Apologies for the delay in this request - can you please provide the details of the aliases which you are requesting?

The list of details will be very long. You can read about most of the aliases I’ve requested here. The aliases must be the word after “impacket.” :-

Get-GPPPassword     - impacket.Get-GPPPassword
GetADUsers          - impacket.GetADUsers
GetArch             - impacket.GetArch
GetNPUsers          - impacket.GetNPUsers
GetUserSPNs         - impacket.GetUserSPNs

and so on…

 

Also, I forgot to list below impacket tools in the list and need aliases for them too.

sambaPipe - impacket.sambaPipe
sniffer   - impacket.sniffer
sniff     - impacket.sniff

Indeed the list may be very long, but for transparency purposes, we need you to list them all here so they can all be evaluated for suitability - can you please do so?

This is the entire list as requested by @alexmurray.

Get-GPPPassword      - impacket.Get-GPPPassword
GetADUsers           - impacket.GetADUsers
GetArch              - impacket.GetArch
GetNPUsers           - impacket.GetNPUsers
GetUserSPNs          - impacket.GetUserSPNs
addcomputer          - impacket.addcomputer
atexec               - impacket.atexec
dcomexec             - impacket.dcomexec
dpapi                - impacket.dpapi
esentutl             - impacket.esentutl
exchanger            - impacket.exchanger
findDelegation       - impacket.findDelegation
getPac               - impacket.getPac
getST                - impacket.getST
getTGT               - impacket.getTGT
goldenPac            - impacket.goldenPac
karmaSMB             - impacket.karmaSMB
keylistattack        - impacket.keylistattack
kintercept           - impacket.kintercept
ldapdomaindump       - impacket.ldapdomaindump
ldd2bloodhound       - impacket.ldd2bloodhound
ldd2pretty           - impacket.ldd2pretty
lookupsid            - impacket.lookupsid
machine-role         - impacket.machine-role
mimikatz             - impacket.mimikatz
mqtt-check           - impacket.mqtt-check
mssqlclient          - impacket.mssqlclient
mssqlinstance        - impacket.mssqlinstance
netview              - impacket.netview
nmapAnswerMachine    - impacket.nmapAnswerMachine
ntfs-read            - impacket.ntfs-read
ntlmrelayx           - impacket.ntlmrelayx
psexec               - impacket.psexec
raiseChild           - impacket.raiseChild
rbcd                 - impacket.rbcd
rdp-check            - impacket.rdp-check
reg                  - impacket.reg
registry-read        - impacket.registry-read
rpcdump              - impacket.rpcdump
rpcmap               - impacket.rpcmap
sambaPipe            - impacket.sambaPipe
samrdump             - impacket.samrdump
secretsdump          - impacket.secretsdump
services             - impacket.services
smbclient            - impacket.smbclient
smbexec              - impacket.smbexec
smbpasswd            - impacket.smbpasswd
smbrelayx            - impacket.smbrelayx
smbserver            - impacket.smbserver
sniff                - impacket.sniff
sniffer              - impacket.sniffer
ticketConverter      - impacket.ticketConverter
ticketer             - impacket.ticketer
tstool               - impacket.tstool
wmiexec              - impacket.wmiexec
wmipersist           - impacket.wmipersist
wmiquery             - impacket.wmiquery

@phoenix is this correct?

Yes, it’s correct. Thanks, @sokovsky.

@alexmurray everything you need is listed above.

Hi @phoenix,

Apologize for this long delay. In general I am +1 for most of the aliases requested. The only issues I see is with ldd2pretty, ldd2bloodhound and ldd2bloodhound commands which are provided by the python3-ldapdomaindump package in Ubuntu. Having the snap command name spaced by the snap name could avoid conflicts in a given host having this package installed.

Can other @reviewers please vote?

I see a bunch of possible conflicts. Smbclient, for instance, is a standard linux tool. the same goes for smbpasswd. I would kindly ask to verify the existence of these commands on at least ubuntu, debian, fedora, and opensuse systems, make sure there are no conflicts with repo-provided utilities or system binaries, and then have them granted only where there are no clashes.

Alternatively, you could prefix all commands with imp, say impservices, impsmbclient, etc, and that ought to resolve any possible conflicts.

Thanks guys for taking the time. Actually, recently this snap got close to 200 installs, so I revised and found that it is actually convenient in a way to use it as it is now. This snap is targeted specifically towards InfoSec community, i.e. people who’re technically skilled to know how to use this snap and would still use it because it’s reliable. (:

 

P.S:- it took me only 2-3 hours to build this snap and I only built this because I wanted a better replacement for the impacket scripts provided by distro repos which are mostly broken and thus unreliable, for e.g, in a Pentesting engagement.

@alexmurray @emitorino @Igor It’d be better if you guys approve this request, which has no conflicts.

I am removing this request from our review queue then.

Yes, sure.

You know, I thought about this and then realized that the /snap/bin path is always added to the end of PATH environment variable. So, the repo provided packages will always be executed first. I’m confused on where the conflicts are?