Remove unsupported target_ip from atexec and dcomexec#96
Conversation
- Remove target_ip parameter from impacket_atexec and impacket_dcomexec — installed impacket 0.13.x doesn't support -target-ip for these scripts, causing unrecognized argument errors. Use the IP directly as target instead. - Enable OpenSSL legacy provider in install script for MD4 support — fixes "unsupported hash type MD4" errors in rbcd, dacledit, owneredit and any NTLM password auth path. - Bump to 2.1.4. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… hack - Remove target_ip from impacket_atexec and impacket_dcomexec — impacket 0.13.x doesn't support -target-ip for these two scripts (wmiexec, psexec, smbexec do support it). - Remove OpenSSL legacy provider hack from install script — impacket uses pycryptodomex for MD4, not OpenSSL. The MD4 errors are caused by the same Python version mismatch (pycryptodomex installed for 3.13, runtime is 3.12), which PR #93's auto-install fix addresses. - Bump to 2.1.4. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adjusts the network-ops Impacket tool wrappers for compatibility with impacket 0.13.x by removing unsupported -target-ip usage from atexec.py/dcomexec.py, and bumps the capability version.
Changes:
- Remove the
target_ipargument fromimpacket_atexecandimpacket_dcomexec, and stop emitting-target-ipfor those scripts. - Update tool docstrings to clarify using an IP directly when DNS resolution isn’t available.
- Bump
capabilities/network-opscapability version.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| capabilities/network-ops/tools/impacket.py | Drops target_ip support specifically for atexec/dcomexec and updates related documentation/flag building. |
| capabilities/network-ops/capability.yaml | Updates the capability version to reflect the change. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| schema: 1 | ||
| name: network-ops | ||
| version: "2.1.3" | ||
| version: "2.1.4" |
There was a problem hiding this comment.
Fixed — updated PR title to match actual changes. MD4 fix was reverted after discovering impacket uses pycryptodomex (not OpenSSL) and the issue resolves with PR #93's auto-install.
| self._build_auth_flags( | ||
| hashes=hashes, kerberos=kerberos, aes_key=aes_key, password=password | ||
| ) | ||
| ) | ||
| args.extend(self._build_connection_flags(dc_ip=dc_ip, target_ip=target_ip)) | ||
| args.extend(self._build_connection_flags(dc_ip=dc_ip)) |
There was a problem hiding this comment.
Won't fix. The fix is removing a parameter, not adding logic. Testing that a deleted param doesn't appear in argv is low value.
Fixes tool argument compatibility issue found during agent testing.
Breaking
impacket_atexecandimpacket_dcomexecno longer accepttarget_ip— impacket 0.13.x doesn't support-target-ipfor these scripts (wmiexec, psexec, smbexec still support it). Use the IP directly astargetinstead.