NetExec
NetExec is a powerful and moduler post-exploitation tool used for lateral movement, enumeration and authentication checks in ACtive Directory enviornments. It is a modern rewrite and continuation of the popular CrackMapExec (CME)
Installation with Pipx
NetExec is recommended to be installed using pipx to manage isolated Python enviornments
Step 1. Install Pipx
apt install pipxStep 2. Install NetExec From Github using pipx
pipx install git+https://github.com/Pennyw0rth/NetExecStep 3. Move Binaries To Global Path
This step ensures netexec, nxc and nxcdb commands are avialable globally on the system
cp -v /root/.local/bin/netexec /usr/local/bin/cp -v /root/.local/bin/nxc /usr/local/bin/cp -v /root/.local/bin/nxcdb /usr/local/bin/chmod +x /usr/local/bin/nxcBasic smb usage
The nxc smb module is used to authenticate against SMB services across multiple targets
Scan a list of IPs
nxc smb target-ips.txtAuthenticate against a single SMB host
nxc smb <IP> -u <username> -p <password>Authenticate Using username and password files
nxc smb <IP> -u /root/ad/username.txt -p /opt/passwords.txtContinue Scanning after first valid login
nxc smb <IP> -u /root/ad/username.txt -p /opt/passwords.txt --continue-on-successQuick SMB Authentication test
nxc smb <IP> -u <username> -p <password> --continue-on-successWinrm usage
WinRM (Windows Remote Management) allows remote command execution on windows machines.
nxc smb <IP> -u <username> -p <password> --continue-on-successOther Protocols Supported
Scan SMB Targets
nxc smb target-ip.txtScan SSH Targets
nxc ssh target-ip.txtScan LDAP Targets
nxc ldap target-ip.txtScan FTP Targets
nxc ftp target-ip.txtScan RDP Targets
nxc rdp target-ip.txtTransferring files using nxc
nxc smb <IP> -u <username> -p <password> --put-file /opt/share/winpeas.exe '\\Users\\Public\\winpeas.exe'Last updated