Merge branch 'main' into notepad

Author: NeffIsBack

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,24 +1,20 @@
 ## Description
 
 Please include a summary of the change and which issue is fixed, or what the enhancement does.
-Please also include relevant motivation and context.
 List any dependencies that are required for this change.
 
 ## Type of change
-Please delete options that are not relevant.
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
 - [ ] This change requires a documentation update
 - [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)
 
-## How Has This Been Tested?
-Please describe the tests that you ran to verify your changes (e2e, single commands, etc)
-Please also list any relevant details for your test configuration, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions
-
-If you are using poetry, you can easily run tests via:
-`poetry run python tests/e2e_tests.py -t $TARGET -u $USER -p $PASSWORD`
-There are additional options like `--errors` to display ALL errors (some may not be failures), `--poetry` (output will include the poetry run prepended), `--line-num $START-$END $SINGLE` for only running a subset
+## Setup guide for the review
+Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
+In particular:
+- Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
+- Added Feature/Enhancement: Please specify what setup is needed in order to test the changes. E.g. is additional software needed? GPO changes required? Specific registry settings that need to be changed?
 
 ## Screenshots (if appropriate):
 Screenshots are always nice to have and can give a visual representation of the change.
@@ -29,8 +25,7 @@ If appropriate include before and after screenshot(s) to show which results are
 - [ ] I have ran Ruff against my changes (via poetry: `poetry run python -m ruff check . --preview`, use `--fix` to automatically fix what it can)
 - [ ] I have added or updated the tests/e2e_commands.txt file if necessary
 - [ ] New and existing e2e tests pass locally with my changes
-- [ ] My code follows the style guidelines of this project (should be covered by Ruff above)
-- [ ] If reliant on third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
+- [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas
 - [ ] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

netexec.spec

@@ -27,13 +27,13 @@ a = Analysis(
         'impacket.dcerpc.v5.gkdi',
         'impacket.dcerpc.v5.rprn',
         'impacket.dcerpc.v5.even',
+        'impacket.dcerpc.v5.even6',
         'impacket.dpapi_ng',
         'impacket.tds',
         'impacket.version',
         'impacket.ldap.ldap',
         'jwt',
         'nxc.connection',
-        'nxc.servers.smb',
         'nxc.protocols.smb.wmiexec',
         'nxc.protocols.smb.atexec',
         'nxc.protocols.smb.smbexec',
@@ -44,6 +44,7 @@ a = Analysis(
         'nxc.parsers.ldap_results',
         'nxc.helpers.bash',
         'nxc.helpers.bloodhound',
+        'nxc.helpers.even6_parser',
         'nxc.helpers.msada_guids',
         'nxc.helpers.ntlm_parser',
         'paramiko',

nxc/cli.py

@@ -16,7 +16,7 @@
 
 def gen_cli_args():
     setup_debug_logging()
-    
+
     try:
         VERSION, COMMIT = importlib.metadata.version("netexec").split("+")
         DISTANCE, COMMIT = COMMIT.split(".")
@@ -25,29 +25,28 @@ def gen_cli_args():
         COMMIT = ""
         DISTANCE = ""
     CODENAME = "SmoothOperator"
-    nxc_logger.debug(f"NXC VERSION: {VERSION} - {CODENAME} - {COMMIT} - {DISTANCE}")
-    
+
     generic_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     generic_group = generic_parser.add_argument_group("Generic", "Generic options for nxc across protocols")
     generic_group.add_argument("--version", action="store_true", help="Display nxc version")
     generic_group.add_argument("-t", "--threads", type=int, dest="threads", default=256, help="set how many concurrent threads to use")
     generic_group.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread")
     generic_group.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication")
-    
+
     output_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     output_group = output_parser.add_argument_group("Output", "Options to set verbosity levels and control output")
     output_group.add_argument("--verbose", action="store_true", help="enable verbose output")
     output_group.add_argument("--debug", action="store_true", help="enable debug level information")
     output_group.add_argument("--no-progress", action="store_true", help="do not displaying progress bar during scan")
     output_group.add_argument("--log", metavar="LOG", help="export result into a custom file")
-    
+
     dns_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     dns_group = dns_parser.add_argument_group("DNS")
     dns_group.add_argument("-6", dest="force_ipv6", action="store_true", help="Enable force IPv6")
     dns_group.add_argument("--dns-server", action="store", help="Specify DNS server (default: Use hosts file & System DNS)")
     dns_group.add_argument("--dns-tcp", action="store_true", help="Use TCP instead of UDP for DNS queries")
     dns_group.add_argument("--dns-timeout", action="store", type=int, default=3, help="DNS query timeout in seconds")
-    
+
     parser = argparse.ArgumentParser(
         description=rf"""
      .   .
@@ -107,12 +106,6 @@ def gen_cli_args():
     certificate_group.add_argument("--pfx-pass", metavar="PFXPASS", help="Password of the pfx certificate")
     certificate_group.add_argument("--pem-cert", metavar="PEMCERT", help="Use certificate authentication from PEM file")
     certificate_group.add_argument("--pem-key", metavar="PEMKEY", help="Private key for the PEM format")
-    
-    server_group = std_parser.add_argument_group("Servers", "Options for nxc servers")
-    server_group.add_argument("--server", choices={"http", "https"}, default="https", help="use the selected server")
-    server_group.add_argument("--server-host", type=str, default="0.0.0.0", metavar="HOST", help="IP to bind the server to")
-    server_group.add_argument("--server-port", metavar="PORT", type=int, help="start the server on the specified port")
-    server_group.add_argument("--connectback-host", type=str, metavar="CHOST", help="IP for the remote system to connect back to")    
 
     p_loader = ProtocolLoader()
     protocols = p_loader.get_protocols()
@@ -139,7 +132,7 @@ def gen_cli_args():
     if hasattr(args, "get_output_tries"):
         args.get_output_tries = args.get_output_tries * 10
 
-    return args
+    return args, [CODENAME, VERSION, COMMIT, DISTANCE]
 
 
 def get_module_names():

nxc/config.py

@@ -18,6 +18,11 @@
 
 # Check if there are any missing options in the config file
 for section in nxc_default_config.sections():
+    if not nxc_config.has_section(section):
+        nxc_logger.display(f"Adding missing section '{section}' to nxc.conf")
+        nxc_config.add_section(section)
+        with open(path_join(NXC_PATH, "nxc.conf"), "w") as config_file:
+            nxc_config.write(config_file)
     for option in nxc_default_config.options(section):
         if not nxc_config.has_option(section, option):
             nxc_logger.display(f"Adding missing option '{option}' in config section '{section}' to nxc.conf")

nxc/connection.py

@@ -275,7 +275,7 @@ def call_modules(self):
                 extra={
                     "module_name": module.name.upper(),
                     "host": self.host,
-                    "port": self.args.port,
+                    "port": self.port,
                     "hostname": self.hostname,
                 },
             )
@@ -284,11 +284,6 @@ def call_modules(self):
             context = Context(self.db, module_logger, self.args)
             context.localip = self.local_ip
 
-            if hasattr(module, "on_request") or hasattr(module, "has_response"):
-                self.logger.debug(f"Module {module.name} has on_request or has_response methods")
-                self.server.connection = self
-                self.server.context.localip = self.local_ip
-
             if hasattr(module, "on_login"):
                 self.logger.debug(f"Module {module.name} has on_login method")
                 module.on_login(context, self)
@@ -297,13 +292,8 @@ def call_modules(self):
                 self.logger.debug(f"Module {module.name} has on_admin_login method")
                 module.on_admin_login(context, self)
 
-            if (not hasattr(module, "on_request") and not hasattr(module, "has_response")) and hasattr(module, "on_shutdown"):
-                self.logger.debug(f"Module {module.name} has on_shutdown method")
-                module.on_shutdown(context, self)
-
     def inc_failed_login(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if username not in user_failed_logins:
             user_failed_logins[username] = 0
@@ -313,16 +303,15 @@ def inc_failed_login(self, username):
         self.failed_logins += 1
 
     def over_fail_limit(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if global_failed_logins == self.args.gfail_limit:
             return True
 
         if self.failed_logins == self.args.fail_limit:
             return True
 
-        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:
+        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:  # noqa: SIM103
             return True
 
         return False
@@ -427,14 +416,14 @@ def parse_credentials(self):
                     with open(ntlm_hash) as ntlm_hash_file:
                         for i, line in enumerate(ntlm_hash_file):
                             line = line.strip()
-                            if len(line) != 32 and len(line) != 65:
+                            if len(line) != 32 and len(line) != 65 and len(line) != 0:
                                 self.logger.fail(f"Invalid NTLM hash length on line {(i + 1)} (len {len(line)}): {line}")
                                 continue
                             else:
                                 secret.append(line)
                                 cred_type.append("hash")
                 else:
-                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65:
+                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65 and len(ntlm_hash) != 0:
                         self.logger.fail(f"Invalid NTLM hash length {len(ntlm_hash)}, authentication not sent")
                         exit(1)
                     else:

nxc/data/nxc.conf

@@ -15,6 +15,9 @@ bh_port = 7687
 bh_user = neo4j
 bh_pass = bloodhoundcommunityedition
 
+[BloodHound-CE]
+bhce_enabled = True
+
 [Empire]
 api_host = 127.0.0.1
 api_port = 1337

nxc/database.py

@@ -111,6 +111,7 @@ def initialize_db():
     # Even if the default workspace exists, we still need to check if every protocol has a database (in case of a new protocol)
     init_protocol_dbs("default")
 
+
 def format_host_query(q, filter_term, HostsTable):
     """One annoying thing is that if you search for an ip such as '10.10.10.5',
     it will return 10.10.10.5 and 10.10.10.52, so we have to check if its an ip address first
@@ -141,6 +142,7 @@ def format_host_query(q, filter_term, HostsTable):
 
     return q
 
+
 class BaseDB:
     def __init__(self, db_engine):
         self.db_engine = db_engine

nxc/helpers/args.py

@@ -1,6 +1,7 @@
 from argparse import ArgumentDefaultsHelpFormatter, SUPPRESS, OPTIONAL, ZERO_OR_MORE
 from argparse import Action
 
+
 class DisplayDefaultsNotNone(ArgumentDefaultsHelpFormatter):
     def _get_help_string(self, action):
         help_string = action.help