Merge branch 'main' into wcc_llmnr

Author: fpreynaud

netexec.spec

@@ -27,6 +27,7 @@ a = Analysis(
         'impacket.dcerpc.v5.gkdi',
         'impacket.dcerpc.v5.rprn',
         'impacket.dcerpc.v5.even',
+        'impacket.dcerpc.v5.even6',
         'impacket.dpapi_ng',
         'impacket.tds',
         'impacket.version',
@@ -43,6 +44,7 @@ a = Analysis(
         'nxc.parsers.ldap_results',
         'nxc.helpers.bash',
         'nxc.helpers.bloodhound',
+        'nxc.helpers.even6_parser',
         'nxc.helpers.msada_guids',
         'nxc.helpers.ntlm_parser',
         'paramiko',

nxc/cli.py

@@ -25,7 +25,6 @@ def gen_cli_args():
         COMMIT = ""
         DISTANCE = ""
     CODENAME = "SmoothOperator"
-    nxc_logger.debug(f"NXC VERSION: {VERSION} - {CODENAME} - {COMMIT} - {DISTANCE}")
 
     generic_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     generic_group = generic_parser.add_argument_group("Generic", "Generic options for nxc across protocols")
@@ -133,7 +132,7 @@ def gen_cli_args():
     if hasattr(args, "get_output_tries"):
         args.get_output_tries = args.get_output_tries * 10
 
-    return args
+    return args, [CODENAME, VERSION, COMMIT, DISTANCE]
 
 
 def get_module_names():

nxc/config.py

@@ -1,7 +1,6 @@
-import os
 from os.path import join as path_join
 import configparser
-from nxc.paths import NXC_PATH, DATA_PATH
+from nxc.paths import DATA_PATH, CONFIG_PATH
 from nxc.first_run import first_run_setup
 from nxc.logger import nxc_logger
 from ast import literal_eval
@@ -10,20 +9,25 @@
 nxc_default_config.read(path_join(DATA_PATH, "nxc.conf"))
 
 nxc_config = configparser.ConfigParser()
-nxc_config.read(os.path.join(NXC_PATH, "nxc.conf"))
+nxc_config.read(CONFIG_PATH)
 
 if "nxc" not in nxc_config.sections():
     first_run_setup()
-    nxc_config.read(os.path.join(NXC_PATH, "nxc.conf"))
+    nxc_config.read(CONFIG_PATH)
 
 # Check if there are any missing options in the config file
 for section in nxc_default_config.sections():
+    if not nxc_config.has_section(section):
+        nxc_logger.display(f"Adding missing section '{section}' to nxc.conf")
+        nxc_config.add_section(section)
+        with open(CONFIG_PATH, "w") as config_file:
+            nxc_config.write(config_file)
     for option in nxc_default_config.options(section):
         if not nxc_config.has_option(section, option):
             nxc_logger.display(f"Adding missing option '{option}' in config section '{section}' to nxc.conf")
             nxc_config.set(section, option, nxc_default_config.get(section, option))
 
-            with open(path_join(NXC_PATH, "nxc.conf"), "w") as config_file:
+            with open(CONFIG_PATH, "w") as config_file:
                 nxc_config.write(config_file)
 
 # THESE OPTIONS HAVE TO EXIST IN THE DEFAULT CONFIG FILE

nxc/connection.py

@@ -275,7 +275,7 @@ def call_modules(self):
                 extra={
                     "module_name": module.name.upper(),
                     "host": self.host,
-                    "port": self.args.port,
+                    "port": self.port,
                     "hostname": self.hostname,
                 },
             )
@@ -293,8 +293,7 @@ def call_modules(self):
                 module.on_admin_login(context, self)
 
     def inc_failed_login(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if username not in user_failed_logins:
             user_failed_logins[username] = 0
@@ -304,16 +303,15 @@ def inc_failed_login(self, username):
         self.failed_logins += 1
 
     def over_fail_limit(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if global_failed_logins == self.args.gfail_limit:
             return True
 
         if self.failed_logins == self.args.fail_limit:
             return True
 
-        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:
+        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:  # noqa: SIM103
             return True
 
         return False
@@ -418,14 +416,14 @@ def parse_credentials(self):
                     with open(ntlm_hash) as ntlm_hash_file:
                         for i, line in enumerate(ntlm_hash_file):
                             line = line.strip()
-                            if len(line) != 32 and len(line) != 65:
+                            if len(line) != 32 and len(line) != 65 and len(line) != 0:
                                 self.logger.fail(f"Invalid NTLM hash length on line {(i + 1)} (len {len(line)}): {line}")
                                 continue
                             else:
                                 secret.append(line)
                                 cred_type.append("hash")
                 else:
-                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65:
+                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65 and len(ntlm_hash) != 0:
                         self.logger.fail(f"Invalid NTLM hash length {len(ntlm_hash)}, authentication not sent")
                         exit(1)
                     else:

nxc/context.py

@@ -1,17 +1,19 @@
 import configparser
 import os
 
+from nxc.paths import NXC_PATH, CONFIG_PATH
+
 
 class Context:
     def __init__(self, db, logger, args):
         for key, value in vars(args).items():
             setattr(self, key, value)
 
         self.db = db
-        self.log_folder_path = os.path.join(os.path.expanduser("~/.nxc"), "logs")
+        self.log_folder_path = os.path.join(NXC_PATH, "logs")
         self.localip = None
 
         self.conf = configparser.ConfigParser()
-        self.conf.read(os.path.expanduser("~/.nxc/nxc.conf"))
+        self.conf.read(CONFIG_PATH)
 
         self.log = logger

nxc/data/nxc.conf

@@ -15,6 +15,9 @@ bh_port = 7687
 bh_user = neo4j
 bh_pass = bloodhoundcommunityedition
 
+[BloodHound-CE]
+bhce_enabled = True
+
 [Empire]
 api_host = 127.0.0.1
 api_port = 1337

nxc/database.py

@@ -111,6 +111,7 @@ def initialize_db():
     # Even if the default workspace exists, we still need to check if every protocol has a database (in case of a new protocol)
     init_protocol_dbs("default")
 
+
 def format_host_query(q, filter_term, HostsTable):
     """One annoying thing is that if you search for an ip such as '10.10.10.5',
     it will return 10.10.10.5 and 10.10.10.52, so we have to check if its an ip address first
@@ -141,6 +142,7 @@ def format_host_query(q, filter_term, HostsTable):
 
     return q
 
+
 class BaseDB:
     def __init__(self, db_engine):
         self.db_engine = db_engine

nxc/first_run.py

@@ -8,18 +8,16 @@
 
 
 def first_run_setup(logger=nxc_logger):
-    if not exists(TMP_PATH):
-        mkdir(TMP_PATH)
-
     if not exists(NXC_PATH):
         logger.display("First time use detected")
         logger.display("Creating home directory structure")
         mkdir(NXC_PATH)
+    if not exists(TMP_PATH):
+        mkdir(TMP_PATH)
 
     folders = (
         "logs",
         "modules",
-        "protocols",
         "workspaces",
         "obfuscated_scripts",
         "screenshots",
@@ -46,7 +44,3 @@ def first_run_setup(logger=nxc_logger):
         logger.display("Copying default configuration file")
         default_path = path_join(DATA_PATH, "nxc.conf")
         shutil.copy(default_path, NXC_PATH)
-
-    # if not exists(CERT_PATH):
-    #         if os.name != 'nt':
-    #         if e.errno == errno.ENOENT:

nxc/helpers/args.py

@@ -1,6 +1,7 @@
 from argparse import ArgumentDefaultsHelpFormatter, SUPPRESS, OPTIONAL, ZERO_OR_MORE
 from argparse import Action
 
+
 class DisplayDefaultsNotNone(ArgumentDefaultsHelpFormatter):
     def _get_help_string(self, action):
         help_string = action.help

nxc/helpers/even6_parser.py

@@ -5,6 +5,7 @@
 
 from datetime import datetime
 
+
 class Substitution:
     def __init__(self, buf, offset):
         (sub_token, sub_id, sub_type) = struct.unpack_from("<BHB", buf, offset)
@@ -46,6 +47,7 @@ def xml(self, template=None):
         else:
             print("Unknown value type", hex(value.type))
 
+
 class Value:
     def __init__(self, buf, offset):
         token, string_type, length = struct.unpack_from("<BBH", buf, offset)
@@ -56,6 +58,7 @@ def __init__(self, buf, offset):
     def xml(self, template=None):
         return self._val
 
+
 class Attribute:
     def __init__(self, buf, offset):
         struct.unpack_from("<B", buf, offset)
@@ -75,13 +78,15 @@ def xml(self, template=None):
         val = self._value.xml(template)
         return None if val is None else f'{self._name.val}="{val}"'
 
+
 class Name:
     def __init__(self, buf, offset):
         hashs, length = struct.unpack_from("<HH", buf, offset)
 
         self.val = buf[offset + 4:offset + 4 + length * 2].decode("utf16")
         self.length = 4 + (length + 1) * 2
 
+
 class Element:
     def __init__(self, buf, offset):
         token, dependency_id, length = struct.unpack_from("<BHI", buf, offset)
@@ -151,6 +156,7 @@ def xml(self, template=None):
             children = (x.xml(template) for x in self._children)
             return "<{}{}>{}</{}>".format(self._name.val, attrs, "".join(children), self._name.val)
 
+
 class ValueSpec:
     def __init__(self, buf, offset, value_offset):
         self.length, self.type, value_eof = struct.unpack_from("<HBB", buf, offset)
@@ -159,6 +165,7 @@ def __init__(self, buf, offset, value_offset):
         if self.type == 0x21:
             self.template = BinXML(buf, value_offset)
 
+
 class TemplateInstance:
     def __init__(self, buf, offset):
         token, unknown0, guid, length, next_token = struct.unpack_from("<BB16sIB", buf, offset)
@@ -179,6 +186,7 @@ def __init__(self, buf, offset):
     def xml(self, template=None):
         return self._xml.xml(self)
 
+
 class BinXML:
     def __init__(self, buf, offset):
         header_token, major_version, minor_version, flags, next_token = struct.unpack_from("<BBBBB", buf, offset)
@@ -195,6 +203,7 @@ def __init__(self, buf, offset):
     def xml(self, template=None):
         return self._element.xml(template)
 
+
 class ResultSet:
     def __init__(self, buf):
         total_size, header_size, event_offset, bookmark_offset, binxml_size = struct.unpack_from("<IIIII", buf)