Merge branch 'main' into marshall-bugfix-3292024

Author: NeffIsBack

nxc/cli.py

@@ -9,13 +9,20 @@
 from nxc.paths import NXC_PATH
 from nxc.loaders.protocolloader import ProtocolLoader
 from nxc.helpers.logger import highlight
-from nxc.logger import nxc_logger
+from nxc.logger import nxc_logger, setup_debug_logging
 import importlib.metadata
 
 
 def gen_cli_args():
-    VERSION = importlib.metadata.version("netexec")
+    setup_debug_logging()
+    
+    try:
+        VERSION, COMMIT = importlib.metadata.version("netexec").split("+")
+    except ValueError:
+        VERSION = importlib.metadata.version("netexec")
+        COMMIT = ""
     CODENAME = "nxc4u"
+    nxc_logger.debug(f"NXC VERSION: {VERSION} - {CODENAME} - {COMMIT}")
 
     parser = argparse.ArgumentParser(description=rf"""
      .   .
@@ -34,9 +41,10 @@ def gen_cli_args():
 
     {highlight('Version', 'red')} : {highlight(VERSION)}
     {highlight('Codename', 'red')}: {highlight(CODENAME)}
+    {highlight('Commit', 'red')}  : {highlight(COMMIT)}
     """, formatter_class=RawTextHelpFormatter)
 
-    parser.add_argument("-t", type=int, dest="threads", default=100, help="set how many concurrent threads to use (default: 100)")
+    parser.add_argument("-t", type=int, dest="threads", default=256, help="set how many concurrent threads to use (default: 256)")
     parser.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread (default: None)")
     parser.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each connection (default: None)")
     parser.add_argument("--no-progress", action="store_true", help="Not displaying progress bar during scan")
@@ -95,7 +103,7 @@ def gen_cli_args():
         sys.exit(1)
 
     if args.version:
-        print(f"{VERSION} - {CODENAME}")
+        print(f"{VERSION} - {CODENAME} - {COMMIT}")
         sys.exit(1)
 
     return args

nxc/connection.py

@@ -121,7 +121,10 @@ def __init__(self, args, db, host):
         try:
             self.proto_flow()
         except Exception as e:
-            self.logger.exception(f"Exception while calling proto_flow() on target {self.host}: {e}")
+            if "ERROR_DEPENDENT_SERVICES_RUNNING" in str(e):
+                self.logger.error(f"Exception while calling proto_flow() on target {self.host}: {e}")
+            else:
+                self.logger.exception(f"Exception while calling proto_flow() on target {self.host}: {e}")
 
     @staticmethod
     def proto_args(std_parser, module_parser):

nxc/logger.py

@@ -11,8 +11,31 @@
 from rich.logging import RichHandler
 import functools
 import inspect
+import argparse
 
 
+def parse_debug_args():
+    debug_parser = argparse.ArgumentParser(add_help=False)
+    debug_parser.add_argument("--debug", action="store_true")
+    debug_parser.add_argument("--verbose", action="store_true")
+    args, _ = debug_parser.parse_known_args()
+    return args
+
+def setup_debug_logging():
+    debug_args = parse_debug_args()
+    root_logger = logging.getLogger("root")
+    
+    if debug_args.verbose:
+        nxc_logger.logger.setLevel(logging.INFO)
+        root_logger.setLevel(logging.INFO)
+    elif debug_args.debug:
+        nxc_logger.logger.setLevel(logging.DEBUG)
+        root_logger.setLevel(logging.DEBUG)
+    else:
+        nxc_logger.logger.setLevel(logging.ERROR)
+        root_logger.setLevel(logging.ERROR)
+        
+
 def create_temp_logger(caller_frame, formatted_text, args, kwargs):
     """Create a temporary logger for emitting a log where we need to override the calling file & line number, since these are obfuscated"""
     temp_logger = logging.getLogger("temp")
@@ -72,6 +95,7 @@ def __init__(self, extra=None):
         logging.getLogger("pypykatz").disabled = True
         logging.getLogger("minidump").disabled = True
         logging.getLogger("lsassy").disabled = True
+        logging.getLogger("neo4j").setLevel(logging.ERROR)
 
     def format(self, msg, *args, **kwargs):  # noqa: A003
         """Format msg for output

nxc/modules/msol.py

@@ -3,7 +3,7 @@
 # Based on the article : https://blog.xpnsec.com/azuread-connect-for-redteam/
 from sys import exit
 from os import path
-import sys
+from nxc.paths import TMP_PATH
 from nxc.helpers.powershell import get_ps_script
 
 
@@ -49,14 +49,14 @@ def exec_script(self, _, connection):
 
     def on_admin_login(self, context, connection):
         if self.use_embedded:
-            file_to_upload = "/tmp/msol.ps1"
+            file_to_upload = f"{TMP_PATH}/msol.ps1"
 
             try:
                 with open(file_to_upload, "w") as msol:
                     msol.write(self.msol_embedded)
             except FileNotFoundError:
                 context.log.fail(f"Impersonate file specified '{file_to_upload}' does not exist!")
-                sys.exit(1)
+                exit(1)
 
         else:
             if path.isfile(self.MSOL_PS1):

nxc/modules/scuffy.py

@@ -1,5 +1,6 @@
 import ntpath
 from sys import exit
+from nxc.paths import TMP_PATH
 
 
 class NXCModule:
@@ -44,7 +45,7 @@ def options(self, context, module_options):
             exit(1)
 
         self.scf_name = module_options["NAME"]
-        self.scf_path = f"/tmp/{self.scf_name}.scf"
+        self.scf_path = f"{TMP_PATH}/{self.scf_name}.scf"
         self.file_path = ntpath.join("\\", f"{self.scf_name}.scf")
 
         if not self.cleanup:

nxc/netexec.py

@@ -21,7 +21,6 @@
 from os.path import exists
 from os.path import join as path_join
 from sys import exit
-import logging
 from rich.progress import Progress
 import platform
 
@@ -42,11 +41,11 @@ async def start_run(protocol_obj, args, db, targets):
     futures = []
     nxc_logger.debug("Creating ThreadPoolExecutor")
     if args.no_progress or len(targets) == 1:
-        with ThreadPoolExecutor(max_workers=args.threads + 1) as executor:
+        with ThreadPoolExecutor(max_workers=args.threads) as executor:
             nxc_logger.debug(f"Creating thread for {protocol_obj}")
             futures = [executor.submit(protocol_obj, args, db, target) for target in targets]
     else:
-        with Progress(console=nxc_console) as progress, ThreadPoolExecutor(max_workers=args.threads + 1) as executor:
+        with Progress(console=nxc_console) as progress, ThreadPoolExecutor(max_workers=args.threads) as executor:
             current = 0
             total = len(targets)
             tasks = progress.add_task(
@@ -67,29 +66,17 @@ async def start_run(protocol_obj, args, db, targets):
 
 def main():
     first_run_setup(nxc_logger)
-    root_logger = logging.getLogger("root")
     args = gen_cli_args()
 
-    if args.verbose:
-        nxc_logger.logger.setLevel(logging.INFO)
-        root_logger.setLevel(logging.INFO)
-    elif args.debug:
-        nxc_logger.logger.setLevel(logging.DEBUG)
-        root_logger.setLevel(logging.DEBUG)
-    else:
-        nxc_logger.logger.setLevel(logging.ERROR)
-        root_logger.setLevel(logging.ERROR)
-    logging.getLogger("neo4j").setLevel(logging.ERROR)
-
     # if these are the same, it might double log to file (two FileHandlers will be added)
     # but this should never happen by accident
     if config_log:
         nxc_logger.add_file_log()
     if hasattr(args, "log") and args.log:
         nxc_logger.add_file_log(args.log)
 
-    nxc_logger.debug("PYTHON VERSION: " + sys.version)
-    nxc_logger.debug("RUNNING ON: " + platform.system() + " Release: " + platform.release())
+    nxc_logger.debug(f"PYTHON VERSION: {sys.version}")
+    nxc_logger.debug(f"RUNNING ON: {platform.system()} Release: {platform.release()}")
     nxc_logger.debug(f"Passed args: {args}")
 
     # FROM HERE ON A PROTOCOL IS REQUIRED

nxc/protocols/ldap.py

@@ -753,11 +753,14 @@ def users(self):
             self.logger.highlight(f"{'-Username-':<30}{'-Last PW Set-':<20}{'-BadPW-':<8}{'-Description-':<60}")
             for user in users:
                 # TODO: functionize this - we do this calculation in a bunch of places, different, including in the `pso` module
-                timestamp_seconds = int(user.get("pwdLastSet", "")) / 10**7
-                start_date = datetime(1601, 1, 1)
-                parsed_pw_last_set = (start_date + timedelta(seconds=timestamp_seconds)).replace(microsecond=0).strftime("%Y-%m-%d %H:%M:%S")
-                if parsed_pw_last_set == "1601-01-01 00:00:00":
-                    parsed_pw_last_set = "<never>"
+                parsed_pw_last_set = ""
+                pwd_last_set = user.get("pwdLastSet", "")
+                if pwd_last_set != "":
+                    timestamp_seconds = int(pwd_last_set) / 10**7
+                    start_date = datetime(1601, 1, 1)
+                    parsed_pw_last_set = (start_date + timedelta(seconds=timestamp_seconds)).replace(microsecond=0).strftime("%Y-%m-%d %H:%M:%S")
+                    if parsed_pw_last_set == "1601-01-01 00:00:00":
+                        parsed_pw_last_set = "<never>"
                 # we default attributes to blank strings if they don't exist in the dict
                 self.logger.highlight(f"{user.get('sAMAccountName', ''):<30}{parsed_pw_last_set:<20}{user.get('badPwdCount', ''):<8}{user.get('description', ''):<60}")
 
@@ -939,7 +942,7 @@ def asreproast(self):
 
     def kerberoasting(self):
         # Building the search filter
-        searchFilter = "(&(servicePrincipalName=*)(UserAccountControl:1.2.840.113556.1.4.803:=512)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!(objectCategory=computer)))"
+        searchFilter = "(&(servicePrincipalName=*)(!(objectCategory=computer)))"
         attributes = [
             "servicePrincipalName",
             "sAMAccountName",
@@ -990,7 +993,7 @@ def kerberoasting(self):
 
                     if mustCommit is True:
                         if int(userAccountControl) & UF_ACCOUNTDISABLE:
-                            self.logger.debug(f"Bypassing disabled account {sAMAccountName} ")
+                            self.logger.highlight(f"Bypassing disabled account {sAMAccountName} ")
                         else:
                             answers += [[spn, sAMAccountName, memberOf, pwdLastSet, lastLogon, delegation] for spn in SPNs]
                 except Exception as e:

poetry.lock

@@ -43,7 +43,7 @@ neo4j = "^5.0.0"
 pylnk3 = "^0.4.2"
 pypsrp = "^0.8.1"
 paramiko = "^3.3.1"
-impacket =  { git = "https://github.com/Pennyw0rth/impacket.git", branch = "gkdi" }
+impacket =  { git = "https://github.com/fortra/impacket.git" }
 dsinternals = "^1.2.4"
 xmltodict = "^0.13.0"
 terminaltables = "^3.1.0"
@@ -61,9 +61,9 @@ aiosqlite = "^0.19.0"
 pyasn1-modules = "^0.3.0"
 rich = "^13.3.5"
 python-libnmap = "^0.7.3"
-oscrypto = { git = "https://github.com/Pennyw0rth/oscrypto" } # Pypi version currently broken, see: https://github.com/wbond/oscrypto/issues/78 (as of 9/23)
 argcomplete = "^3.1.4"
 python-dateutil = ">=2.8.2"
+poetry-dynamic-versioning = "^1.2.0"
 
 [tool.poetry.group.dev.dependencies]
 flake8 = "*"
@@ -72,8 +72,13 @@ pytest = "^7.2.2"
 ruff = "=0.0.292"
 
 [build-system]
-requires = ["poetry-core>=1.2.0"]
-build-backend = "poetry.core.masonry.api"
+requires = ["poetry-core>=1.2.0", "poetry-dynamic-versioning>=1.0.0,<2.0.0"]
+build-backend = "poetry_dynamic_versioning.backend"
+
+[tool.poetry-dynamic-versioning]
+enable = true
+pattern = "(?P<base>\\d+\\.\\d+\\.\\d+)"
+format = "{base}+{commit}"
 
 [tool.ruff]
 # Ruff doesn't enable pycodestyle warnings (`W`) or