Merge pull request Pennyw0rth#664 from Pennyw0rth/be

Make nxc compatible with bloodhound-ce zip

Author: mpgn

nxc/config.py

@@ -18,6 +18,11 @@
 
 # Check if there are any missing options in the config file
 for section in nxc_default_config.sections():
+    if not nxc_config.has_section(section):
+        nxc_logger.display(f"Adding missing section '{section}' to nxc.conf")
+        nxc_config.add_section(section)
+        with open(path_join(NXC_PATH, "nxc.conf"), "w") as config_file:
+            nxc_config.write(config_file)
     for option in nxc_default_config.options(section):
         if not nxc_config.has_option(section, option):
             nxc_logger.display(f"Adding missing option '{option}' in config section '{section}' to nxc.conf")

nxc/data/nxc.conf

@@ -15,6 +15,9 @@ bh_port = 7687
 bh_user = neo4j
 bh_pass = bloodhoundcommunityedition
 
+[BloodHound-CE]
+bhce_enabled = True
+
 [Empire]
 api_host = 127.0.0.1
 api_port = 1337

nxc/helpers/misc.py

@@ -41,7 +41,7 @@ def called_from_cmd_args():
 # Stolen from https://github.com/pydanny/whichcraft/
 def which(cmd, mode=os.F_OK | os.X_OK, path=None):
     """Find the path which conforms to the given mode on the PATH for a command.
-    
+
     Given a command, mode, and a PATH string, return the path which conforms to the given mode on the PATH, or None if there is no such file.
     `mode` defaults to os.F_OK | os.X_OK. `path` defaults to the result of os.environ.get("PATH"), or can be overridden with a custom search path.
     Note: This function was backported from the Python 3 source code.
@@ -79,9 +79,67 @@ def _access_check(fn, mode):
                 if _access_check(name, mode):
                     return name
 
+def get_bloodhound_info():
+    """
+    Detect which BloodHound package is installed (regular or CE) and its version.
+
+    Returns
+    -------
+        tuple: (package_name, version, is_ce)
+            - package_name: Name of the installed package ('bloodhound', 'bloodhound-ce', or None)
+            - version: Version string of the installed package (or None if not installed)
+            - is_ce: Boolean indicating if it's the Community Edition
+    """
+    import importlib.metadata
+    import importlib.util
+
+    # First check if any BloodHound package is available to import
+    if importlib.util.find_spec("bloodhound") is None:
+        return None, None, False
+
+    # Try to get version info from both possible packages
+    version = None
+    package_name = None
+    is_ce = False
+
+    # Check for bloodhound-ce first
+    try:
+        version = importlib.metadata.version("bloodhound-ce")
+        package_name = "bloodhound-ce"
+        is_ce = True
+    except importlib.metadata.PackageNotFoundError:
+        # Check for regular bloodhound
+        try:
+            version = importlib.metadata.version("bloodhound")
+            package_name = "bloodhound"
+
+            # Even when installed as 'bloodhound', check if it's actually the CE version
+            if version and ("ce" in version.lower() or "community" in version.lower()):
+                is_ce = True
+        except importlib.metadata.PackageNotFoundError:
+            # No bloodhound package found via metadata
+            pass
+
+    # In case we can import it but metadata is not working, check the module itself
+    if not version:
+        try:
+            import bloodhound
+            version = getattr(bloodhound, "__version__", "unknown")
+            package_name = "bloodhound"
+
+            # Check if it's CE based on version string
+            if "ce" in version.lower() or "community" in version.lower():
+                is_ce = True
+                package_name = "bloodhound-ce"
+        except ImportError:
+            pass
+
+    return package_name, version, is_ce
+
 def detect_if_ip(target):
     try:
         ip_address(target)
         return True
     except Exception:
-        return False
+        return False
+

nxc/protocols/ldap.py

@@ -43,6 +43,7 @@
 from nxc.protocols.ldap.kerberos import KerberosAttacks
 from nxc.parsers.ldap_results import parse_result_attributes
 from nxc.helpers.ntlm_parser import parse_challenge
+from nxc.helpers.misc import get_bloodhound_info
 
 ldap_error_status = {
     "1": "STATUS_NOT_SUPPORTED",
@@ -423,7 +424,6 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
                 return False
 
     def plaintext_login(self, domain, username, password):
-
         self.username = username
         self.password = password
         self.domain = domain
@@ -1220,6 +1220,38 @@ def gmsa_decrypt_lsa(self):
             self.logger.fail("No string provided :'(")
 
     def bloodhound(self):
+        # Check which version is desired
+        use_bhce = self.config.getboolean("BloodHound-CE", "bhce_enabled", fallback=False)
+        package_name, version, is_ce = get_bloodhound_info()
+
+        if use_bhce and not is_ce:
+            self.logger.fail("⚠️  Configuration Issue Detected ⚠️")
+            self.logger.fail("Your configuration has BloodHound-CE enabled, but the regular BloodHound package is installed. Modify your ~/.nxc/nxc.conf config file or follow the instructions:")
+            self.logger.fail("Please run the following commands to fix this:")
+            self.logger.fail("poetry remove bloodhound-ce   # poetry falsely recognizes bloodhound-ce as a the old bloodhound package")
+            self.logger.fail("poetry add bloodhound-ce")   
+            self.logger.fail("")
+
+            # If using pipx
+            self.logger.fail("Or if you installed with pipx:")
+            self.logger.fail("pipx runpip netexec uninstall -y bloodhound")
+            self.logger.fail("pipx inject netexec bloodhound-ce --force")
+            return False
+
+        elif not use_bhce and is_ce:
+            self.logger.fail("⚠️  Configuration Issue Detected ⚠️")
+            self.logger.fail("Your configuration has regular BloodHound enabled, but the BloodHound-CE package is installed.")
+            self.logger.fail("Please run the following commands to fix this:")
+            self.logger.fail("poetry remove bloodhound-ce")
+            self.logger.fail("poetry add bloodhound")
+            self.logger.fail("")
+
+            # If using pipx
+            self.logger.fail("Or if you installed with pipx:")
+            self.logger.fail("pipx runpip netexec uninstall -y bloodhound-ce")
+            self.logger.fail("pipx inject netexec bloodhound --force")
+            return False
+
         auth = ADAuthentication(
             username=self.username,
             password=self.password,
@@ -1239,7 +1271,7 @@ def bloodhound(self):
         )
         collect = resolve_collection_methods("Default" if not self.args.collection else self.args.collection)
         if not collect:
-            return
+            return None
         self.logger.highlight("Resolved collection methods: " + ", ".join(list(collect)))
 
         self.logger.debug("Using DNS to retrieve domain information")

poetry.lock

@@ -21,7 +21,7 @@ dependencies = [
     "argcomplete>=3.1.4",
     "asyauth>=0.0.20",
     "beautifulsoup4>=4.11,<5",
-    "bloodhound>=1.8.0",
+    "bloodhound-ce>=1.8.0",
     "dploot>=3.1.0",
     "dsinternals>=1.2.4",
     "jwt>=1.3.1",