Skip to content

Releases: Pennyw0rth/NetExec

v1.3.0

13 Oct 20:40
6d4fdfd
Compare
Choose a tag to compare

What's Changed

  • fix extract_password in the keepass module by @sepauli in #279
  • [NXCDB] Add support for CTRL-D by @fpreynaud in #334
  • Add output if a successful authentication is via Guest privileges by @Marshall-Hallenbeck in #333
    • New label for the guest account so this is quickly identified
  • add testing hash file to e2e_commands.txt by @Marshall-Hallenbeck in #336
  • Improve OS detection by @NeffIsBack in #340
  • Adding some logger when users have been dumped by @Anhydrite in #343
  • Added domain name for --users with samr by @Anhydrite in #345
  • Add EnumAV Detection for Cortex XDR by @n00py in #344
  • fix: little typo in help args by @aelmosalamy in #354
  • Update pso.py by @bfnserra in #355
  • Adding module to retrieve network interfaces info by @Sant0rryu in #293
  • New SMB/WMI Module BitLocker by @termanix in #286
  • Fix #332 - Add exception handling to prevent crashes against linux hosts by @NeffIsBack in #356
  • Bug Fix While Using Bloodhound with --use-kcache Issue #363 by @termanix in #364
  • Small Bug Fix on Listing SMB Shares with Kerberos Auth by @termanix in #357
  • Fix mmcexec method thanks to @IppSec AND a lot of other small things by @mpgn in #361
  • Remove message that could be too annoying by @NeffIsBack in #365
  • Update enum_av Added Trellix EDR by @termanix in #371
  • Fixed nla detection and error format string by @Kamuno in #372
  • Fix ruff linting by @NeffIsBack in #375
  • Add try&except block for DCERPCExceptions to fix #373 by @NeffIsBack in #376
  • add new security-questions module by @Adamkadaban in #295
    • This queries the security questions for all local users, potentially containing passwords
  • Update dploot to 2.7.4 in pyproject.toml by @zblurx in #384
  • Update handlekatz.py pypykatz import by @3ldidi94 in #389
  • Stop NetBiosTimeout and error producing large stack traces by @NeffIsBack in #387
  • Fix check admin false positive on certain target (e.g Netapp) by @nikaiw in #378
  • Fix admin check in mssql_priv by @NeffIsBack in #390
  • Fix: module spider_plus with filtered folders by @glefait in #391
  • Adding SCCM LDAP Reconnaissance to NetExec by @NeffIsBack in #386
    • Enumerate SCCM Site-Servers
    • Enumerate SCCM Sites
    • Enumerate SCCM Management Points and associate them with their respective SCCM Site
    • Enumerate all Users that might be related to the SCCM environment
    • Enumerate all Computers that might be related to the SCCM environment
    • Enumerate all Groups that might be related to the SCCM environment (also possible with recursive search)
  • Fix spider_plus bug where len was applied to the count not an array by @NeffIsBack in #392
  • Add module to lookup hostname of Hyper-V host - 'hyperv-host.py' by @joaovarelas in #374
  • Add Unix availability to README.md by @NeffIsBack in #399
  • ldap-checker.py false positive fixed by @cauan in #408
  • ldap-checker.py Catch connection errors by @cauan in #409
  • Updated github workflows by @NeffIsBack in #394
  • Identify Pre-Created Computer Accounts by @Shad0wC0ntr0ller in #328
  • Fix issues with kerberos and non NTLM domains by @NeffIsBack in #393
  • Module wcc added some defender checks by @jubeaz in #306
  • schtask_as Improvement - Options for custom task, file, and location. by @Kahvi-0 in #342
  • Smbghost scanning module by @r4vanan in #407
  • Make --version switch universal so help2man will work properly by @jsherwood0 in #417
  • Encode delegate/impersonate user name string as utf8 unicode, not latin1 by @a-urth in #418
  • Small cosmetic fix for ldap when using --no-smb by @NeffIsBack in #423
  • Fix maq module if MAQ not set by @NeffIsBack in #422
  • Add new SMB module to get the PowerShell history on all the users by @357384n in #341
  • Fix file logging for display messages by @NeffIsBack in #406
  • New Protocol NFS by @termanix in #366
    • Detect NFS Server
    • Enumerate Shares and their privileges
    • Recursive file enumeration with uid detection
    • Up- and Download Files
  • Fix a bug with the databases when a new protocol is added by @NeffIsBack in #433
  • Add file write check on smb by @tiyeuse in #404
  • Fix pwned label when brute forcing with guest account enabled by @NeffIsBack in #434
  • Improve test suite by @NeffIsBack in #435
  • Increase plaintext&hash login speeds by @NeffIsBack in #411
  • Add coerce_plus Module by @lodos2005 in #300
    • Combines the most popular coercion techniques into one module. Available techniques are:
    • DFSCoerce
    • PetitPotam
    • PrinterBug
    • ShadowCoerce
    • MSEven
  • refactoring to fix InterfaceError of DB by @dazzgt in #400
  • Small fixes for coerce_plus by @NeffIsBack in #442
  • Updated the --get-file method to get large files from NFS shares by @ledrypotato in #440
  • Fix module loading for ssh, vnc and ftp by @NeffIsBack in #447
  • Fix windows and encoding stuff by @NeffIsBack in #446
  • Release v1.3.0 by @NeffIsBack in #448

New Contributors

Full Changelog: v1.2.0...v1.3.0

v1.2.0

30 May 21:10
6858958
Compare
Choose a tag to compare

What's Changed

Read more

v1.1.0

12 Nov 22:41
c499d92
Compare
Choose a tag to compare

What's Changed

  • Fix #48 tries to falsly add creds to bloodhound using --laps by @NeffIsBack in #49
  • Bump urllib3 from 2.0.4 to 2.0.6 by @dependabot in #53
  • Update enum_av.py by @bongobongoland in #58
  • Create schtask.py by @Dfte in #54
    • Add the schtask module that can be used to impersonate loggedon users and run commands on their behalf.
  • Add ascii art to cli by @NeffIsBack in #57
  • [nanodump] fix error with temporary path by @XiaoliChan in #67
  • Update dependencies (including impacket fork) for v1.1.0 by @Marshall-Hallenbeck in #30
  • Bump urllib3 from 2.0.6 to 2.0.7 by @dependabot in #77
  • mpgn is back 🎉 by @NeffIsBack in #80
  • Update README.md by @mishrasamiksha in #83
  • Enhancing the FTP protocol by @RomanRII in #40
    • Modified the --ls flag to allow for listing the current directory and sub-directories. Default now lists .. If an argument is provided, it will list the provided sub-directory
    • Added the --get flag to download a file on the server. If the file exists and is successfully downloaded, it will be written to the users cwd with the remote file's filename.
    • Added the --put flag to upload files onto the server.
    • Modified nxc/protocols/ftp/proto_args.py to reflect the added features
    • Modified the --ls flag to allow for a default directory listing (.) or use a provided directory
    • Added the --get and --put flags
    • Modified nxc/protocols/ftp.py#L83 to comply with RFC 1635
  • Add module sorting by @NeffIsBack in #74
  • [ssh] improvement by @XiaoliChan in #25
    • [ssh.py]: less create ssh connect, keep doing set credential via paramiko transport
    • [ssh.py]: rewrite enum_host_info function
    • [ssh.py]: fix hanging, old one will never exit
    • [ssh.py]: fix private key with passphrase
    • [ssh.py]: add sudo check for linux user
    • [ssh.py]: windows privileges check
    • [ssh.py]: improve command execute and format command execute result
    • [ssh.py]: paramiko always discovery private keys in ~/.ssh/, that will make paramiko exception, disable it.
  • fix(dependencies): add bloodhound to netexec.spec, fixes #79 by @Marshall-Hallenbeck in #87
  • Downgrade termcolor to prevent atty check which disables colors by @NeffIsBack in #86
  • Cleanup & Lint Code by @Marshall-Hallenbeck in #35
    • Add Ruff configuration (version pinned due to discrepancies on GitHub runner versioning)
    • Create linter workflow to run Ruff on push & pull request
    • Remove encoding specification from files (unnecessary in Py3)
    • Update strings to be more descriptive, remove typos, and be properly capitalized
    • Change additionally remaining .format() and % old string interpolation to f-string usage (partially FLY)
    • Fix blank Except statements and unnecessary parenthesis in Excepts (partially RSE)
    • Update exception handling for some circumstances where another except was thrown, causing unnecessary output
    • Remove unused imports
    • Fix poorly and non-pythonic variable/function/class names
    • Fix additional single/double quote usage (Q)
    • Add docstrings to some functions and fix docstrings for others
    • Fix usages of mutable function defaults (see B006, mutable-argument-default in Ruff)
    • Properly inform user if file they specified doesn't exist for several modules
    • Fix usages of comprehension and list/dict initialization via Ruff (C4)
    • Remove unnecessary str-concat (ISC)
    • Fix unnecessary pass statements and unnecessary creation of additional variables before return (PIE)
    • Fix some pytest style (PT)
    • Fix return statements returning None (unnecessary) (RET)
    • Add --poetry option for e2e tests, so all commands are prepended with poetry run
    • Fix ftp class name (got changed to "Ftp" by accident)
    • Simplify lots of code (SIM)
    • Fix tests using a password file to properly reference said file (was missing data/)
    • Remove commented out code (ERA)
    • Import and call sys.exit() instead of just exit() (PL)
    • Fix some try except outside loops (PERF203); additional ones are ignored for now
    • Implement list and dict comprehension where possible and preferred (PERF401)
    • Fix some spaces before inline comments (E261)
    • Modernize some code via Refurb (FURB)
    • Fix bug in add-computer module where improper access was being requested, causing an exception
    • Fix bug in add-computer module where module was not exiting if the computer already exists
    • Add in e2e tests for several missing modules
  • Add python version and OS info to debug output by @NeffIsBack in #89
  • Update README.md - one grammatical error. by @ayushrakesh in #94
  • Fix import error on windows by @NeffIsBack in #98
  • fix typos in python files of directory nxc/modules by @shresthasurav in #97
  • Implement s4u abuse by @zblurx in #50
    • This option will do a full S4U abuse (S4U2Self + S4U2Proxy) in an automated way, allowing to use all postex functionalities of NXC 🔥
  • [connection.py] Improvement by @XiaoliChan in #63
    • connection.py: Add missing self.port in connection.py, in order to use connection.port when writing module.
    • connection.py and protocol: Redirect self.args.port to self.port
    • connection.py: improve ipv6 support, now add is_ipv6 is_link_local_ipv6 variables
    • connection.py: rewrite gethost_addinfo function, don't need try to detect ipv6 anymore, just use AF_UNSPEC instead AF_INET6, AF_INET
    • connection.py: IPv4 preferred when target is dual stack
  • Improve bloodhound connector with Netbios domain name by @NeffIsBack in #88
  • Set computer accounts as owned in bloodhound if local admin privs by @NeffIsBack in #90
  • [winrm] Improvement by @XiaoliChan in #72
  • Fix: update MS17-010 for Python3 properly; add debug logging by @Marshall-Hallenbeck in #108
  • [winrm] disable logger & add miss port args by @XiaoliChan in #107
  • Fix Kerberoasting for #104 by @Marshall-Hallenbeck in #111
  • Improve module texts by @NeffIsBack in #109
  • [ssh] fix #112 by @XiaoliChan in #113
  • disable use of ssh_agent by @nikaiw in #106
  • Adding error handling for unexpected powershell output, see issue #93 by @NeffIsBack in #115
  • Netexec v1.1.0 by @NeffIsBack in #116

New Contributors

Full Changelog: v1.0.0...v1.1.0

v1.0.0

01 Oct 23:41
72e42e9
Compare
Choose a tag to compare

v1.0.0 Release

This release is mainly aimed at stability, to provide a solid baseline from which to work. Some minor and major bugs have been fixed, see below for details.
Version 1.1.0 is already in the works, with great new modules in the works as well as new features such as zblurx's delegation technique coming soon to NetExec.
Stay tuned!

Note: as always, the best way to install NetExec is by cloning the repo and running pipx install ., but we have provided binaries for Windows (!!!) and Ubuntu below!

What's Changed

New Contributors

Full Changelog: https://github.com/Pennyw0rth/NetExec/commits/v1.0.0