Merge branch 'main' into module_ggp_privs

Author: NeffIsBack

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,24 +1,20 @@
 ## Description
 
 Please include a summary of the change and which issue is fixed, or what the enhancement does.
-Please also include relevant motivation and context.
 List any dependencies that are required for this change.
 
 ## Type of change
-Please delete options that are not relevant.
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
 - [ ] This change requires a documentation update
 - [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)
 
-## How Has This Been Tested?
-Please describe the tests that you ran to verify your changes (e2e, single commands, etc)
-Please also list any relevant details for your test configuration, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions
-
-If you are using poetry, you can easily run tests via:
-`poetry run python tests/e2e_tests.py -t $TARGET -u $USER -p $PASSWORD`
-There are additional options like `--errors` to display ALL errors (some may not be failures), `--poetry` (output will include the poetry run prepended), `--line-num $START-$END $SINGLE` for only running a subset
+## Setup guide for the review
+Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
+In particular:
+- Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
+- Added Feature/Enhancement: Please specify what setup is needed in order to test the changes. E.g. is additional software needed? GPO changes required? Specific registry settings that need to be changed?
 
 ## Screenshots (if appropriate):
 Screenshots are always nice to have and can give a visual representation of the change.
@@ -29,8 +25,7 @@ If appropriate include before and after screenshot(s) to show which results are
 - [ ] I have ran Ruff against my changes (via poetry: `poetry run python -m ruff check . --preview`, use `--fix` to automatically fix what it can)
 - [ ] I have added or updated the tests/e2e_commands.txt file if necessary
 - [ ] New and existing e2e tests pass locally with my changes
-- [ ] My code follows the style guidelines of this project (should be covered by Ruff above)
-- [ ] If reliant on third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
+- [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas
 - [ ] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

.github/workflows/build-binaries.yml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        python-version: ["3.12"]
+        python-version: ["3.13"]
         #python-version: ["3.8", "3.9", "3.10", "3.11"] # for binary builds we only need one version
     steps:
     - uses: actions/checkout@v4
@@ -20,7 +20,7 @@ jobs:
         python-version: ${{ matrix.python-version }}
     - name: Build Native Binary
       run: |
-        pip install pyinstaller
+        pip install pyinstaller pillow
         pip install .
         pyinstaller netexec.spec
     - name: Upload Windows Binary

.github/workflows/build-zipapps.yml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        python-version: ["3.10", "3.11", "3.12"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
     steps:
     - uses: actions/checkout@v4
     - name: NetExec set up python on ${{ matrix.os }}

.github/workflows/lint.yml

@@ -4,12 +4,14 @@ name: Lint Python code with ruff
 on:
   push:
   workflow_dispatch:
+  pull_request_review:
+    types: [submitted]
 
 jobs:
   lint:
     runs-on: ubuntu-latest
     if:
-      github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
+      github.event_name == 'push' || github.event.review.state == 'APPROVED' || github.event_name == 'workflow_dispatch'
 
     steps:
       - uses: actions/checkout@v4
@@ -19,7 +21,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.12
+          python-version: 3.13
           cache: poetry
           cache-dependency-path: poetry.lock
       - name: Install dependencies with dev group

.github/workflows/test.yml

@@ -8,18 +8,20 @@ on:
 jobs:
   build:
     name: Test for Py${{ matrix.python-version }}
-    if: github.event.review.state == 'APPROVED'
+    if: github.event.review.state == 'APPROVED' || github.event_name == 'workflow_dispatch'
     runs-on: ${{ matrix.os }}
     strategy:
       max-parallel: 5
       matrix:
         os: [ubuntu-latest]
-        python-version: ["3.10", "3.11", "3.12"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
     steps:
       - uses: actions/checkout@v4
       - name: Install poetry
         run: |
           pipx install poetry
+          poetry --version
+          poetry env info
       - name: NetExec set up python ${{ matrix.python-version }} on ${{ matrix.os }}
         uses: actions/setup-python@v5
         with:
@@ -29,11 +31,6 @@ jobs:
       - name: Install with pipx
         run: |
           pipx install . --python python${{ matrix.python-version }}
-      - name: Install poetry
-        run: |
-          pipx install poetry --python python${{ matrix.python-version }}
-          poetry --version
-          poetry env info
       - name: Install libraries with dev group
         run: |
           poetry install --with dev
@@ -48,4 +45,4 @@ jobs:
           poetry run netexec mssql 127.0.0.1
           poetry run netexec ssh 127.0.0.1
           poetry run netexec ftp 127.0.0.1
-          poetry run netexec smb 127.0.0.1 -M veeam
+          poetry run netexec smb 127.0.0.1 -L

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2023, Marshall-Hallenbeck, NeffIsBack, zblurx, mpgn_x64
+Copyright (c) 2025, Marshall-Hallenbeck, NeffIsBack, zblurx, mpgn_x64
 Copyright (c) 2022, byt3bl33d3r
 All rights reserved.
 

netexec.spec

@@ -20,18 +20,20 @@ a = Analysis(
         'aardwolf.commons.target',
         'aardwolf.protocol.x224.constants',
         'impacket.examples.secretsdump',
+        'impacket.examples.regsecrets',
         'impacket.dcerpc.v5.lsat',
         'impacket.dcerpc.v5.transport',
         'impacket.dcerpc.v5.lsad',
         'impacket.dcerpc.v5.gkdi',
         'impacket.dcerpc.v5.rprn',
         'impacket.dcerpc.v5.even',
+        'impacket.dcerpc.v5.even6',
         'impacket.dpapi_ng',
         'impacket.tds',
         'impacket.version',
         'impacket.ldap.ldap',
+        'jwt',
         'nxc.connection',
-        'nxc.servers.smb',
         'nxc.protocols.smb.wmiexec',
         'nxc.protocols.smb.atexec',
         'nxc.protocols.smb.smbexec',
@@ -42,11 +44,11 @@ a = Analysis(
         'nxc.parsers.ldap_results',
         'nxc.helpers.bash',
         'nxc.helpers.bloodhound',
+        'nxc.helpers.even6_parser',
         'nxc.helpers.msada_guids',
         'nxc.helpers.ntlm_parser',
         'paramiko',
         'pypsrp.client',
-        'pywerview.cli.helpers',
         'pylnk3',
         'pypykatz',
         'pyNfsClient',
@@ -71,6 +73,7 @@ a = Analysis(
         'dploot.triage.masterkeys',
         'dploot.triage.mobaxterm',
         'dploot.triage.backupkey',
+        'dploot.triage.wam',
         'dploot.triage.wifi',
         'dploot.triage.sccm',
         'dploot.lib.target',

nxc/cli.py

@@ -16,46 +16,47 @@
 
 def gen_cli_args():
     setup_debug_logging()
-    
+
     try:
         VERSION, COMMIT = importlib.metadata.version("netexec").split("+")
+        DISTANCE, COMMIT = COMMIT.split(".")
     except ValueError:
         VERSION = importlib.metadata.version("netexec")
         COMMIT = ""
-    CODENAME = "NeedForSpeed"
-    nxc_logger.debug(f"NXC VERSION: {VERSION} - {CODENAME} - {COMMIT}")
-    
+        DISTANCE = ""
+    CODENAME = "SmoothOperator"
+
     generic_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     generic_group = generic_parser.add_argument_group("Generic", "Generic options for nxc across protocols")
     generic_group.add_argument("--version", action="store_true", help="Display nxc version")
     generic_group.add_argument("-t", "--threads", type=int, dest="threads", default=256, help="set how many concurrent threads to use")
     generic_group.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread")
     generic_group.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication")
-    
+
     output_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     output_group = output_parser.add_argument_group("Output", "Options to set verbosity levels and control output")
     output_group.add_argument("--verbose", action="store_true", help="enable verbose output")
     output_group.add_argument("--debug", action="store_true", help="enable debug level information")
     output_group.add_argument("--no-progress", action="store_true", help="do not displaying progress bar during scan")
     output_group.add_argument("--log", metavar="LOG", help="export result into a custom file")
-    
+
     dns_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     dns_group = dns_parser.add_argument_group("DNS")
     dns_group.add_argument("-6", dest="force_ipv6", action="store_true", help="Enable force IPv6")
     dns_group.add_argument("--dns-server", action="store", help="Specify DNS server (default: Use hosts file & System DNS)")
     dns_group.add_argument("--dns-tcp", action="store_true", help="Use TCP instead of UDP for DNS queries")
     dns_group.add_argument("--dns-timeout", action="store", type=int, default=3, help="DNS query timeout in seconds")
-    
+
     parser = argparse.ArgumentParser(
         description=rf"""
      .   .
     .|   |.     _   _          _     _____
     ||   ||    | \ | |   ___  | |_  | ____| __  __   ___    ___
     \\( )//    |  \| |  / _ \ | __| |  _|   \ \/ /  / _ \  / __|
     .=[ ]=.    | |\  | |  __/ | |_  | |___   >  <  |  __/ | (__
-   / /ॱ-ॱ\ \   |_| \_|  \___|  \__| |_____| /_/\_\  \___|  \___|
-   ॱ \   / ॱ
-     ॱ   ॱ
+   / /˙-˙\ \   |_| \_|  \___|  \__| |_____| /_/\_\  \___|  \___|
+   ˙ \   / ˙
+     ˙   ˙
 
     The network execution tool
     Maintained as an open source project by @NeffIsBack, @MJHallenbeck, @_zblurx
@@ -98,12 +99,13 @@ def gen_cli_args():
     kerberos_group.add_argument("--use-kcache", action="store_true", help="Use Kerberos authentication from ccache file (KRB5CCNAME)")
     kerberos_group.add_argument("--aesKey", metavar="AESKEY", nargs="+", help="AES key to use for Kerberos Authentication (128 or 256 bits)")
     kerberos_group.add_argument("--kdcHost", metavar="KDCHOST", help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")
-    
-    server_group = std_parser.add_argument_group("Servers", "Options for nxc servers")
-    server_group.add_argument("--server", choices={"http", "https"}, default="https", help="use the selected server")
-    server_group.add_argument("--server-host", type=str, default="0.0.0.0", metavar="HOST", help="IP to bind the server to")
-    server_group.add_argument("--server-port", metavar="PORT", type=int, help="start the server on the specified port")
-    server_group.add_argument("--connectback-host", type=str, metavar="CHOST", help="IP for the remote system to connect back to")    
+
+    certificate_group = std_parser.add_argument_group("Certificate", "Options for certificate authentication")
+    certificate_group.add_argument("--pfx-cert", metavar="PFXCERT", help="Use certificate authentication from pfx file .pfx")
+    certificate_group.add_argument("--pfx-base64", metavar="PFXB64", help="Use certificate authentication from pfx file encoded in base64")
+    certificate_group.add_argument("--pfx-pass", metavar="PFXPASS", help="Password of the pfx certificate")
+    certificate_group.add_argument("--pem-cert", metavar="PEMCERT", help="Use certificate authentication from PEM file")
+    certificate_group.add_argument("--pem-key", metavar="PEMKEY", help="Private key for the PEM format")
 
     p_loader = ProtocolLoader()
     protocols = p_loader.get_protocols()
@@ -115,22 +117,22 @@ def gen_cli_args():
     except Exception as e:
         nxc_logger.exception(f"Error loading proto_args from proto_args.py file in protocol folder: {protocol} - {e}")
 
-    argcomplete.autocomplete(parser)
+    argcomplete.autocomplete(parser, always_complete_options=False)
     args = parser.parse_args()
 
     if len(sys.argv) == 1:
         parser.print_help()
         sys.exit(1)
 
     if args.version:
-        print(f"{VERSION} - {CODENAME} - {COMMIT}")
+        print(f"{VERSION} - {CODENAME} - {COMMIT} - {DISTANCE}")
         sys.exit(1)
 
     # Multiply output_tries by 10 to enable more fine granural control, see exec methods
     if hasattr(args, "get_output_tries"):
         args.get_output_tries = args.get_output_tries * 10
 
-    return args
+    return args, [CODENAME, VERSION, COMMIT, DISTANCE]
 
 
 def get_module_names():

nxc/config.py

@@ -1,7 +1,6 @@
-import os
 from os.path import join as path_join
 import configparser
-from nxc.paths import NXC_PATH, DATA_PATH
+from nxc.paths import DATA_PATH, CONFIG_PATH
 from nxc.first_run import first_run_setup
 from nxc.logger import nxc_logger
 from ast import literal_eval
@@ -10,20 +9,25 @@
 nxc_default_config.read(path_join(DATA_PATH, "nxc.conf"))
 
 nxc_config = configparser.ConfigParser()
-nxc_config.read(os.path.join(NXC_PATH, "nxc.conf"))
+nxc_config.read(CONFIG_PATH)
 
 if "nxc" not in nxc_config.sections():
     first_run_setup()
-    nxc_config.read(os.path.join(NXC_PATH, "nxc.conf"))
+    nxc_config.read(CONFIG_PATH)
 
 # Check if there are any missing options in the config file
 for section in nxc_default_config.sections():
+    if not nxc_config.has_section(section):
+        nxc_logger.display(f"Adding missing section '{section}' to nxc.conf")
+        nxc_config.add_section(section)
+        with open(CONFIG_PATH, "w") as config_file:
+            nxc_config.write(config_file)
     for option in nxc_default_config.options(section):
         if not nxc_config.has_option(section, option):
             nxc_logger.display(f"Adding missing option '{option}' in config section '{section}' to nxc.conf")
             nxc_config.set(section, option, nxc_default_config.get(section, option))
 
-            with open(path_join(NXC_PATH, "nxc.conf"), "w") as config_file:
+            with open(CONFIG_PATH, "w") as config_file:
                 nxc_config.write(config_file)
 
 # THESE OPTIONS HAVE TO EXIST IN THE DEFAULT CONFIG FILE