Merge branch 'main' into rdp-exec

Author: NeffIsBack

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,3 +1,5 @@
+# ❗❗❗ Before filing this bug report, MAKE SURE you have already downloaded the newest version of NetExec from GitHub and installed it! Many issues have already been reported and fixed, _especially_ if you are running the native Kali version! Please delete this line before submitting your issue if you have done so.❗❗❗
+
 ---
 name: Bug report
 about: Create a report to help us improve
@@ -7,6 +9,8 @@ assignees: ''
 
 ---
 
+
+
 **Describe the bug**
 A clear and concise description of what the bug is.
 
@@ -30,8 +34,8 @@ If applicable, add screenshots to help explain your problem.
 
 **NetExec info**
  - OS: [e.g. Kali]
- - Version of nxc: [e.g. v1.5.2]
- - Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue
+ - Version of nxc: [e.g. v1.5.2] (run nxc --version and post the _exact_ string that is output)
+ - Installed from: apt/github/pip/docker/...? Please try with latest release before opening an issue
 
 **Additional context**
 Add any other context about the problem here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,36 +1,35 @@
 ## Description
 
 Please include a summary of the change and which issue is fixed, or what the enhancement does.
-Please also include relevant motivation and context.
 List any dependencies that are required for this change.
 
 ## Type of change
-Please delete options that are not relevant.
+Insert an "x" inside the brackets for relevant items (do not delete options)
+
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Deprecation of feature or functionality
 - [ ] This change requires a documentation update
 - [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)
 
-## How Has This Been Tested?
-Please describe the tests that you ran to verify your changes (e2e, single commands, etc)
-Please also list any relevant details for your test configuration, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions
-
-If you are using poetry, you can easily run tests via:
-`poetry run python tests/e2e_tests.py -t $TARGET -u $USER -p $PASSWORD`
-There are additional options like `--errors` to display ALL errors (some may not be failures), `--poetry` (output will include the poetry run prepended), `--line-num $START-$END $SINGLE` for only running a subset
+## Setup guide for the review
+Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
+In particular:
+- Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
+- Added Feature/Enhancement: Please specify what setup is needed in order to test the changes. E.g. is additional software needed? GPO changes required? Specific registry settings that need to be changed?
 
 ## Screenshots (if appropriate):
 Screenshots are always nice to have and can give a visual representation of the change.
 If appropriate include before and after screenshot(s) to show which results are to be expected.
 
 ## Checklist:
+Insert an "x" inside the brackets for completed and relevant items (do not delete options)
 
 - [ ] I have ran Ruff against my changes (via poetry: `poetry run python -m ruff check . --preview`, use `--fix` to automatically fix what it can)
-- [ ] I have added or updated the tests/e2e_commands.txt file if necessary
+- [ ] I have added or updated the `tests/e2e_commands.txt` file if necessary (new modules or features are _required_ to be added to the e2e tests)
 - [ ] New and existing e2e tests pass locally with my changes
-- [ ] My code follows the style guidelines of this project (should be covered by Ruff above)
-- [ ] If reliant on third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
+- [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas
 - [ ] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

Dockerfile

@@ -1,22 +1,45 @@
-FROM python:3.11-slim
-
+FROM python:3.13-slim-bookworm AS builder
 ENV LANG=C.UTF-8
 ENV LC_ALL=C.UTF-8
 ENV PIP_NO_CACHE_DIR=off
 
 WORKDIR /usr/src/netexec
 
-RUN apt-get update && \
-    apt-get install -y libffi-dev libxml2-dev libxslt-dev libssl-dev openssl autoconf g++ python3-dev curl git
-RUN apt-get update
-# Get Rust
-RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
-# Add .cargo/bin to PATH
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        libffi-dev \
+        libxml2-dev \
+        libxslt-dev \
+        libssl-dev \
+        openssl \
+        autoconf \
+        g++ \
+        python3-dev \
+        curl \
+        git \
+        unzip \
+    && apt clean && rm -rf /var/lib/apt/lists/*
+
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain stable
 ENV PATH="/root/.cargo/bin:${PATH}"
-# Check cargo is visible
-RUN cargo --help
 
-COPY . .
-RUN pip install .
+RUN git clone https://github.com/Pennyw0rth/NetExec.git . \
+    && pip install .
+
+FROM python:3.13-slim-bookworm
+
+ENV LANG=C.UTF-8
+ENV LC_ALL=C.UTF-8
+ENV PIP_NO_CACHE_DIR=off
+
+WORKDIR /usr/src/netexec
+
+COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        openssl \
+    && apt clean && rm -rf /var/lib/apt/lists/*
 
-ENTRYPOINT [ "nxc" ]
+ENTRYPOINT ["nxc"]

README.md

@@ -63,3 +63,5 @@ Awesome code contributors of NetExec:
 [![](https://github.com/NeffIsBack.png?size=50)](https://github.com/NeffIsBack)
 [![](https://github.com/Hackndo.png?size=50)](https://github.com/Hackndo)
 [![](https://github.com/XiaoliChan.png?size=50)](https://github.com/XiaoliChan)
+[![](https://github.com/termanix.png?size=50)](https://github.com/termanix)
+[![](https://github.com/Dfte.png?size=50)](https://github.com/Dfte)

netexec.spec

@@ -27,6 +27,7 @@ a = Analysis(
         'impacket.dcerpc.v5.gkdi',
         'impacket.dcerpc.v5.rprn',
         'impacket.dcerpc.v5.even',
+        'impacket.dcerpc.v5.even6',
         'impacket.dpapi_ng',
         'impacket.tds',
         'impacket.version',
@@ -43,6 +44,7 @@ a = Analysis(
         'nxc.parsers.ldap_results',
         'nxc.helpers.bash',
         'nxc.helpers.bloodhound',
+        'nxc.helpers.even6_parser',
         'nxc.helpers.msada_guids',
         'nxc.helpers.ntlm_parser',
         'paramiko',

nxc/cli.py

@@ -25,7 +25,6 @@ def gen_cli_args():
         COMMIT = ""
         DISTANCE = ""
     CODENAME = "SmoothOperator"
-    nxc_logger.debug(f"NXC VERSION: {VERSION} - {CODENAME} - {COMMIT} - {DISTANCE}")
 
     generic_parser = argparse.ArgumentParser(add_help=False, formatter_class=DisplayDefaultsNotNone)
     generic_group = generic_parser.add_argument_group("Generic", "Generic options for nxc across protocols")
@@ -61,7 +60,7 @@ def gen_cli_args():
 
     The network execution tool
     Maintained as an open source project by @NeffIsBack, @MJHallenbeck, @_zblurx
-    
+
     For documentation and usage examples, visit: https://www.netexec.wiki/
 
     {highlight('Version', 'red')} : {highlight(VERSION)}
@@ -133,7 +132,7 @@ def gen_cli_args():
     if hasattr(args, "get_output_tries"):
         args.get_output_tries = args.get_output_tries * 10
 
-    return args
+    return args, [CODENAME, VERSION, COMMIT, DISTANCE]
 
 
 def get_module_names():

nxc/config.py

@@ -1,7 +1,6 @@
-import os
 from os.path import join as path_join
 import configparser
-from nxc.paths import NXC_PATH, DATA_PATH
+from nxc.paths import DATA_PATH, CONFIG_PATH
 from nxc.first_run import first_run_setup
 from nxc.logger import nxc_logger
 from ast import literal_eval
@@ -10,20 +9,25 @@
 nxc_default_config.read(path_join(DATA_PATH, "nxc.conf"))
 
 nxc_config = configparser.ConfigParser()
-nxc_config.read(os.path.join(NXC_PATH, "nxc.conf"))
+nxc_config.read(CONFIG_PATH)
 
 if "nxc" not in nxc_config.sections():
     first_run_setup()
-    nxc_config.read(os.path.join(NXC_PATH, "nxc.conf"))
+    nxc_config.read(CONFIG_PATH)
 
 # Check if there are any missing options in the config file
 for section in nxc_default_config.sections():
+    if not nxc_config.has_section(section):
+        nxc_logger.display(f"Adding missing section '{section}' to nxc.conf")
+        nxc_config.add_section(section)
+        with open(CONFIG_PATH, "w") as config_file:
+            nxc_config.write(config_file)
     for option in nxc_default_config.options(section):
         if not nxc_config.has_option(section, option):
             nxc_logger.display(f"Adding missing option '{option}' in config section '{section}' to nxc.conf")
             nxc_config.set(section, option, nxc_default_config.get(section, option))
 
-            with open(path_join(NXC_PATH, "nxc.conf"), "w") as config_file:
+            with open(CONFIG_PATH, "w") as config_file:
                 nxc_config.write(config_file)
 
 # THESE OPTIONS HAVE TO EXIST IN THE DEFAULT CONFIG FILE
@@ -32,7 +36,6 @@
 audit_mode = nxc_config.get("nxc", "audit_mode", fallback=False)
 reveal_chars_of_pwd = int(nxc_config.get("nxc", "reveal_chars_of_pwd", fallback=0))
 config_log = nxc_config.getboolean("nxc", "log_mode", fallback=False)
-ignore_opsec = nxc_config.getboolean("nxc", "ignore_opsec", fallback=False)
 host_info_colors = literal_eval(nxc_config.get("nxc", "host_info_colors", fallback=["green", "red", "yellow", "cyan"]))
 
 

nxc/connection.py

@@ -1,3 +1,5 @@
+from datetime import datetime
+import os
 import random
 import sys
 import contextlib
@@ -15,6 +17,7 @@
 from nxc.loaders.moduleloader import ModuleLoader
 from nxc.logger import nxc_logger, NXCAdapter
 from nxc.context import Context
+from nxc.paths import NXC_PATH
 from nxc.protocols.ldap.laps import laps_search
 from nxc.helpers.pfx import pfx_auth
 
@@ -136,7 +139,11 @@ def __init__(self, args, db, target):
         # Authentication info
         self.password = ""
         self.username = ""
-        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey or (hasattr(self.args, "delegate") and self.args.delegate))
+        self.kerberos = bool(self.args.kerberos or
+                             self.args.use_kcache or
+                             self.args.aesKey or
+                             (hasattr(self.args, "delegate") and self.args.delegate) or
+                             (hasattr(self.args, "no_preauth_targets") and self.args.no_preauth_targets))
         self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
         self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
         self.admin_privs = False
@@ -152,6 +159,11 @@ def __init__(self, args, db, target):
         self.local_ip = None
         self.dns_server = self.args.dns_server
 
+        # Construct the output file template using os.path.join for OS compatibility
+        base_log_dir = os.path.join(os.path.expanduser(NXC_PATH), "logs")
+        filename_pattern = f"{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}".replace(":", "-")
+        self.output_file_template = os.path.join(base_log_dir, "{output_folder}", filename_pattern)
+
         # DNS resolution
         dns_result = self.resolver(target)
         if dns_result:
@@ -275,7 +287,7 @@ def call_modules(self):
                 extra={
                     "module_name": module.name.upper(),
                     "host": self.host,
-                    "port": self.args.port,
+                    "port": self.port,
                     "hostname": self.hostname,
                 },
             )
@@ -293,8 +305,7 @@ def call_modules(self):
                 module.on_admin_login(context, self)
 
     def inc_failed_login(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if username not in user_failed_logins:
             user_failed_logins[username] = 0
@@ -304,16 +315,15 @@ def inc_failed_login(self, username):
         self.failed_logins += 1
 
     def over_fail_limit(self, username):
-        global global_failed_logins
-        global user_failed_logins
+        global global_failed_logins, user_failed_logins
 
         if global_failed_logins == self.args.gfail_limit:
             return True
 
         if self.failed_logins == self.args.fail_limit:
             return True
 
-        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:
+        if username in user_failed_logins and self.args.ufail_limit == user_failed_logins[username]:  # noqa: SIM103
             return True
 
         return False
@@ -418,14 +428,14 @@ def parse_credentials(self):
                     with open(ntlm_hash) as ntlm_hash_file:
                         for i, line in enumerate(ntlm_hash_file):
                             line = line.strip()
-                            if len(line) != 32 and len(line) != 65:
+                            if len(line) != 32 and len(line) != 65 and len(line) != 0:
                                 self.logger.fail(f"Invalid NTLM hash length on line {(i + 1)} (len {len(line)}): {line}")
                                 continue
                             else:
                                 secret.append(line)
                                 cred_type.append("hash")
                 else:
-                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65:
+                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65 and len(ntlm_hash) != 0:
                         self.logger.fail(f"Invalid NTLM hash length {len(ntlm_hash)}, authentication not sent")
                         exit(1)
                     else:

nxc/context.py

@@ -1,17 +1,19 @@
 import configparser
 import os
 
+from nxc.paths import NXC_PATH, CONFIG_PATH
+
 
 class Context:
     def __init__(self, db, logger, args):
         for key, value in vars(args).items():
             setattr(self, key, value)
 
         self.db = db
-        self.log_folder_path = os.path.join(os.path.expanduser("~/.nxc"), "logs")
+        self.log_folder_path = os.path.join(NXC_PATH, "logs")
         self.localip = None
 
         self.conf = configparser.ConfigParser()
-        self.conf.read(os.path.expanduser("~/.nxc/nxc.conf"))
+        self.conf.read(CONFIG_PATH)
 
         self.log = logger