Merge branch 'main' into main

Author: NeffIsBack

.github/workflows/lint.yml

@@ -1,11 +1,11 @@
 name: Lint Python code with ruff
 # Caching source: https://gist.github.com/gh640/233a6daf68e9e937115371c0ecd39c61?permalink_comment_id=4529233#gistcomment-4529233
 
-on: [push, pull_request]
+on:
+  push:
 
 jobs:
   lint:
-    name: Lint Python code with ruff
     runs-on: ubuntu-latest
     if:
       github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository

.github/workflows/test.yml

@@ -1,32 +1,48 @@
 name: NetExec Tests
 
 on:
+  workflow_dispatch:
   pull_request_review:
     types: [submitted]
 
 jobs:
   build:
-    name: NetExec Tests for Py${{ matrix.python-version }}
+    name: Test for Py${{ matrix.python-version }}
+    if: github.event.review.state == 'APPROVED'
     runs-on: ${{ matrix.os }}
     strategy:
       max-parallel: 5
       matrix:
         os: [ubuntu-latest]
-        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
     steps:
-    - uses: actions/checkout@v3
-    - name: NetExec set up python on ${{ matrix.os }}
-      uses: actions/setup-python@v4
-      with:
-        python-version: ${{ matrix.python-version }}
-    - name: Install poetry
-      run: |
-        pipx install poetry --python python${{ matrix.python-version }}
-        poetry --version
-        poetry env info
-    - name: Install libraries with dev group
-      run: |
-        poetry install --with dev
-    - name: Run the e2e test
-      run: |
-        poetry run pytest tests
+      - uses: actions/checkout@v3
+      - name: Install poetry
+        run: |
+          pipx install poetry
+      - name: NetExec set up python ${{ matrix.python-version }} on ${{ matrix.os }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: poetry
+          cache-dependency-path: poetry.lock
+      - name: Install poetry
+        run: |
+          pipx install poetry --python python${{ matrix.python-version }}
+          poetry --version
+          poetry env info
+      - name: Install libraries with dev group
+        run: |
+          poetry install --with dev
+      - name: Load every protocol and module
+        run: |
+          poetry run netexec winrm 127.0.0.1
+          poetry run netexec vnc 127.0.0.1
+          poetry run netexec smb 127.0.0.1
+          poetry run netexec ldap 127.0.0.1
+          poetry run netexec wmi 127.0.0.1
+          poetry run netexec rdp 127.0.0.1
+          poetry run netexec mssql 127.0.0.1
+          poetry run netexec ssh 127.0.0.1
+          poetry run netexec ftp 127.0.0.1
+          poetry run netexec smb 127.0.0.1 -M veeam

nxc/cli.py

@@ -17,11 +17,11 @@ def gen_cli_args():
     VERSION = importlib.metadata.version("netexec")
     CODENAME = "nxc4u"
 
-    parser = argparse.ArgumentParser(description=f"""
+    parser = argparse.ArgumentParser(description=rf"""
      .   .
     .|   |.     _   _          _     _____
     ||   ||    | \ | |   ___  | |_  | ____| __  __   ___    ___
-    \\\( )//    |  \| |  / _ \ | __| |  _|   \ \/ /  / _ \  / __|
+    \\( )//    |  \| |  / _ \ | __| |  _|   \ \/ /  / _ \  / __|
     .=[ ]=.    | |\  | |  __/ | |_  | |___   >  <  |  __/ | (__
    / /ॱ-ॱ\ \   |_| \_|  \___|  \__| |_____| /_/\_\  \___|  \___|
    ॱ \   / ॱ
@@ -36,7 +36,7 @@ def gen_cli_args():
     {highlight('Codename', 'red')}: {highlight(CODENAME)}
     """, formatter_class=RawTextHelpFormatter)
 
-    parser.add_argument("-t", type=int, dest="threads", default=100, help="set how many concurrent threads to use (default: 100)")
+    parser.add_argument("-t", type=int, dest="threads", default=256, help="set how many concurrent threads to use (default: 256)")
     parser.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread (default: None)")
     parser.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each connection (default: None)")
     parser.add_argument("--no-progress", action="store_true", help="Not displaying progress bar during scan")

nxc/connection.py

@@ -87,8 +87,8 @@ def __init__(self, args, db, host):
         self.port = self.args.port
         self.conn = None
         self.admin_privs = False
-        self.password = None
-        self.username = None
+        self.password = ""
+        self.username = ""
         self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey)
         self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
         self.kdcHost = None if not self.args.kdcHost else self.args.kdcHost
@@ -121,7 +121,10 @@ def __init__(self, args, db, host):
         try:
             self.proto_flow()
         except Exception as e:
-            self.logger.exception(f"Exception while calling proto_flow() on target {self.host}: {e}")
+            if "ERROR_DEPENDENT_SERVICES_RUNNING" in str(e):
+                self.logger.error(f"Exception while calling proto_flow() on target {self.host}: {e}")
+            else:
+                self.logger.exception(f"Exception while calling proto_flow() on target {self.host}: {e}")
 
     @staticmethod
     def proto_args(std_parser, module_parser):
@@ -163,7 +166,9 @@ def hash_login(self, domain, username, ntlm_hash):
     def proto_flow(self):
         self.logger.debug("Kicking off proto_flow")
         self.proto_logger()
-        if self.create_conn_obj():
+        if not self.create_conn_obj():
+            self.logger.info(f"Failed to create connection object for target {self.host}, exiting...")
+        else:
             self.logger.debug("Created connection object")
             self.enum_host_info()
             if self.print_host_info() and (self.login() or (self.username == "" and self.password == "")):

nxc/data/nxc.conf

@@ -13,7 +13,7 @@ bh_enabled = False
 bh_uri = 127.0.0.1
 bh_port = 7687
 bh_user = neo4j
-bh_pass = neo4j
+bh_pass = bloodhoundcommunityedition
 
 [Empire]
 api_host = 127.0.0.1

nxc/helpers/bloodhound.py

@@ -52,14 +52,14 @@ def add_user_bh(user, domain, logger, config):
                         _add_with_domain(user_info, domain, tx, logger)
         except AuthError:
             logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.")
-            return
+            exit()
         except ServiceUnavailable:
             logger.fail(f"Neo4J does not seem to be available on {uri}.")
-            return
+            exit()
         except Exception as e:
             logger.fail(f"Unexpected error with Neo4J: {e}")
-            return
-        driver.close()
+        finally:
+            driver.close()
 
 
 def _add_with_domain(user_info, domain, tx, logger):

nxc/loaders/moduleloader.py

@@ -95,7 +95,7 @@ def get_module_info(self, module_path):
             module_spec = spec.loader.load_module().NXCModule
 
             module = {
-                f"{module_spec.name.lower()}": {
+                f"{module_spec.name}": {
                     "path": module_path,
                     "description": module_spec.description,
                     "options": module_spec.options.__doc__,

nxc/logger.py

@@ -9,20 +9,61 @@
 from datetime import datetime
 from rich.text import Text
 from rich.logging import RichHandler
+import functools
+import inspect
+
+
+def create_temp_logger(caller_frame, formatted_text, args, kwargs):
+    """Create a temporary logger for emitting a log where we need to override the calling file & line number, since these are obfuscated"""
+    temp_logger = logging.getLogger("temp")
+    formatter = logging.Formatter("%(message)s", datefmt="[%X]")
+    handler = SmartDebugRichHandler(formatter=formatter)
+    handler.handle(LogRecord(temp_logger.name, logging.INFO, caller_frame.f_code.co_filename, caller_frame.f_lineno, formatted_text, args, kwargs, caller_frame=caller_frame))
+
+
+class SmartDebugRichHandler(RichHandler):
+    """Custom logging handler for when we want to log normal messages to DEBUG and not double log"""
+    def __init__(self, formatter=None, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if formatter is not None:
+            self.setFormatter(formatter)
+            
+    def emit(self, record):
+        """Overrides the emit method of the RichHandler class so we can set the proper pathname and lineno"""
+        if hasattr(record, "caller_frame"):
+            frame_info = inspect.getframeinfo(record.caller_frame)
+            record.pathname = frame_info.filename
+            record.lineno = frame_info.lineno
+        super().emit(record)
+
+
+def no_debug(func):
+    """Stops logging non-debug messages when we are in debug mode
+    It creates a temporary logger and logs the message to the console and file
+    This is so we don't get both normal output AND debugging output, AND so we get the proper log calling file & line number
+    """
+    @functools.wraps(func)
+    def wrapper(self, msg, *args, **kwargs):
+        if self.logger.getEffectiveLevel() >= logging.INFO:
+            return func(self, msg, *args, **kwargs)
+        else:            
+            formatted_text = Text.from_ansi(self.format(msg, *args, **kwargs)[0])
+            caller_frame = inspect.currentframe().f_back
+            create_temp_logger(caller_frame, formatted_text, args, kwargs)
+            self.log_console_to_file(formatted_text, *args, **kwargs)
+    return wrapper
 
 
 class NXCAdapter(logging.LoggerAdapter):
     def __init__(self, extra=None):
         logging.basicConfig(
             format="%(message)s",
             datefmt="[%X]",
-            handlers=[
-                RichHandler(
-                    console=nxc_console,
-                    rich_tracebacks=True,
-                    tracebacks_show_locals=False,
-                )
-            ],
+            handlers=[RichHandler(
+                console=nxc_console,
+                rich_tracebacks=True,
+                tracebacks_show_locals=False
+            )],
         )
         self.logger = logging.getLogger("nxc")
         self.extra = extra
@@ -40,52 +81,47 @@ def format(self, msg, *args, **kwargs):  # noqa: A003
         if self.extra is None:
             return f"{msg}", kwargs
 
-        if "module_name" in self.extra and len(self.extra["module_name"]) > 8:
+        if "module_name" in self.extra and len(self.extra["module_name"]) > 11:
             self.extra["module_name"] = self.extra["module_name"][:8] + "..."
 
         # If the logger is being called when hooking the 'options' module function
         if len(self.extra) == 1 and ("module_name" in self.extra):
-            return (
-                f"{colored(self.extra['module_name'], 'cyan', attrs=['bold']):<64} {msg}",
-                kwargs,
-            )
+            return (f"{colored(self.extra['module_name'], 'cyan', attrs=['bold']):<64} {msg}", kwargs)
 
         # If the logger is being called from nxcServer
         if len(self.extra) == 2 and ("module_name" in self.extra) and ("host" in self.extra):
-            return (
-                f"{colored(self.extra['module_name'], 'cyan', attrs=['bold']):<24} {self.extra['host']:<39} {msg}",
-                kwargs,
-            )
+            return (f"{colored(self.extra['module_name'], 'cyan', attrs=['bold']):<24} {self.extra['host']:<39} {msg}", kwargs)
 
         # If the logger is being called from a protocol
         module_name = colored(self.extra["module_name"], "cyan", attrs=["bold"]) if "module_name" in self.extra else colored(self.extra["protocol"], "blue", attrs=["bold"])
 
-        return (
-            f"{module_name:<24} {self.extra['host']:<15} {self.extra['port']:<6} {self.extra['hostname'] if self.extra['hostname'] else 'NONE':<16} {msg}",
-            kwargs,
-        )
+        return (f"{module_name:<24} {self.extra['host']:<15} {self.extra['port']:<6} {self.extra['hostname'] if self.extra['hostname'] else 'NONE':<16} {msg}", kwargs)
 
+    @no_debug
     def display(self, msg, *args, **kwargs):
         """Display text to console, formatted for nxc"""
         msg, kwargs = self.format(f"{colored('[*]', 'blue', attrs=['bold'])} {msg}", kwargs)
         text = Text.from_ansi(msg)
         nxc_console.print(text, *args, **kwargs)
         self.log_console_to_file(text, *args, **kwargs)
 
+    @no_debug
     def success(self, msg, color="green", *args, **kwargs):
-        """Print some sort of success to the user"""
+        """Prints some sort of success to the user"""
         msg, kwargs = self.format(f"{colored('[+]', color, attrs=['bold'])} {msg}", kwargs)
         text = Text.from_ansi(msg)
         nxc_console.print(text, *args, **kwargs)
         self.log_console_to_file(text, *args, **kwargs)
 
+    @no_debug
     def highlight(self, msg, *args, **kwargs):
         """Prints a completely yellow highlighted message to the user"""
         msg, kwargs = self.format(f"{colored(msg, 'yellow', attrs=['bold'])}", kwargs)
         text = Text.from_ansi(msg)
         nxc_console.print(text, *args, **kwargs)
         self.log_console_to_file(text, *args, **kwargs)
 
+    @no_debug
     def fail(self, msg, color="red", *args, **kwargs):
         """Prints a failure (may or may not be an error) - e.g. login creds didn't work"""
         msg, kwargs = self.format(f"{colored('[-]', color, attrs=['bold'])} {msg}", kwargs)
@@ -99,26 +135,12 @@ def log_console_to_file(self, text, *args, **kwargs):
         If debug or info logging is not enabled, we still want display/success/fail logged to the file specified,
         so we create a custom LogRecord and pass it to all the additional handlers (which will be all the file handlers)
         """
-        if self.logger.getEffectiveLevel() >= logging.INFO:
-            # will be 0 if it's just the console output, so only do this if we actually have file loggers
-            if len(self.logger.handlers):
-                try:
-                    for handler in self.logger.handlers:
-                        handler.handle(
-                            LogRecord(
-                                "nxc",
-                                20,
-                                "",
-                                kwargs,
-                                msg=text,
-                                args=args,
-                                exc_info=None,
-                            )
-                        )
-                except Exception as e:
-                    self.logger.fail(f"Issue while trying to custom print handler: {e}")
-        else:
-            self.logger.info(text)
+        if self.logger.getEffectiveLevel() >= logging.INFO and len(self.logger.handlers):  # will be 0 if it's just the console output, so only do this if we actually have file loggers
+            try:
+                for handler in self.logger.handlers:
+                    handler.handle(LogRecord("nxc", 20, "", kwargs, msg=text, args=args, exc_info=None))
+            except Exception as e:
+                self.logger.fail(f"Issue while trying to custom print handler: {e}")
 
     def add_file_log(self, log_file=None):
         file_formatter = TermEscapeCodeFormatter("%(asctime)s - %(levelname)s - %(message)s")
@@ -152,7 +174,7 @@ def init_log_file():
             datetime.now().strftime("%Y-%m-%d"),
             f"log_{datetime.now().strftime('%Y-%m-%d-%H-%M-%S')}.log",
         )
-
+    
 
 class TermEscapeCodeFormatter(logging.Formatter):
     """A class to strip the escape codes for logging to files"""