Skip to content

Commit

Permalink
Merge branch 'main' into backup_operator
Browse files Browse the repository at this point in the history
  • Loading branch information
mpgn authored Jan 14, 2025
2 parents 5e04926 + a5ec90e commit 5db7e76
Show file tree
Hide file tree
Showing 20 changed files with 627 additions and 56 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
jobs:
build:
name: Test for Py${{ matrix.python-version }}
if: github.event.review.state == 'APPROVED'
if: github.event.review.state == 'APPROVED' || github.event_name == 'workflow_dispatch'
runs-on: ${{ matrix.os }}
strategy:
max-parallel: 5
Expand All @@ -19,7 +19,7 @@ jobs:
- uses: actions/checkout@v4
- name: Install poetry
run: |
pipx install poetry
pipx install poetry==1.8.4
- name: NetExec set up python ${{ matrix.python-version }} on ${{ matrix.os }}
uses: actions/setup-python@v5
with:
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright (c) 2023, Marshall-Hallenbeck, NeffIsBack, zblurx, mpgn_x64
Copyright (c) 2025, Marshall-Hallenbeck, NeffIsBack, zblurx, mpgn_x64
Copyright (c) 2022, byt3bl33d3r
All rights reserved.

Expand Down
2 changes: 2 additions & 0 deletions netexec.spec
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ a = Analysis(
'impacket.tds',
'impacket.version',
'impacket.ldap.ldap',
'jwt',
'nxc.connection',
'nxc.servers.smb',
'nxc.protocols.smb.wmiexec',
Expand Down Expand Up @@ -71,6 +72,7 @@ a = Analysis(
'dploot.triage.masterkeys',
'dploot.triage.mobaxterm',
'dploot.triage.backupkey',
'dploot.triage.wam',
'dploot.triage.wifi',
'dploot.triage.sccm',
'dploot.lib.target',
Expand Down
7 changes: 7 additions & 0 deletions nxc/cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,13 @@ def gen_cli_args():
kerberos_group.add_argument("--use-kcache", action="store_true", help="Use Kerberos authentication from ccache file (KRB5CCNAME)")
kerberos_group.add_argument("--aesKey", metavar="AESKEY", nargs="+", help="AES key to use for Kerberos Authentication (128 or 256 bits)")
kerberos_group.add_argument("--kdcHost", metavar="KDCHOST", help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")

certificate_group = std_parser.add_argument_group("Certificate", "Options for certificate authentication")
certificate_group.add_argument("--pfx-cert", metavar="PFXCERT", help="Use certificate authentication from pfx file .pfx")
certificate_group.add_argument("--pfx-base64", metavar="PFXB64", help="Use certificate authentication from pfx file encoded in base64")
certificate_group.add_argument("--pfx-pass", metavar="PFXPASS", help="Password of the pfx certificate")
certificate_group.add_argument("--cert-pem", metavar="CERTPEM", help="Use certificate authentication from PEM file")
certificate_group.add_argument("--key-pem", metavar="KEYPEM", help="Private key for the PEM format")

server_group = std_parser.add_argument_group("Servers", "Options for nxc servers")
server_group.add_argument("--server", choices={"http", "https"}, default="https", help="use the selected server")
Expand Down
14 changes: 12 additions & 2 deletions nxc/connection.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
import random
import sys
import contextlib

from os.path import isfile
from threading import BoundedSemaphore
from functools import wraps
Expand All @@ -13,10 +16,9 @@
from nxc.logger import nxc_logger, NXCAdapter
from nxc.context import Context
from nxc.protocols.ldap.laps import laps_search
from nxc.helpers.pfx import pfx_auth

from impacket.dcerpc.v5 import transport
import sys
import contextlib

sem = BoundedSemaphore(1)
global_failed_logins = 0
Expand Down Expand Up @@ -548,6 +550,14 @@ def login(self):
self.logger.info("Successfully authenticated using Kerberos cache")
return True

if self.args.pfx_cert or self.args.pfx_base64 or self.args.cert_pem:
self.logger.debug("Trying to authenticate using Certificate pfx")
if not self.args.username:
self.logger.fail("You must specify a username when using certificate authentication")
return False
with sem:
return pfx_auth(self)

if hasattr(self.args, "laps") and self.args.laps:
self.logger.debug("Trying to authenticate using LAPS")
username[0], secret[0], domain[0] = laps_search(self, username, secret, cred_type, domain, self.dns_server)
Expand Down
Loading

0 comments on commit 5db7e76

Please sign in to comment.