NeffIsBack
commented
6 months ago Debug Info from the crash (src: discord):
nxc --debug smb 192.168.2.20 -u "WEB$" -H "3f442102ef281d45df74039faf1278a7" --delegate administrator
[19:37:32] DEBUG NXC VERSION: 1.1.0 - nxc4u - 65030d7 cli.py:25
DEBUG PYTHON VERSION: 3.9.6 (default, Nov 10 2023, 13:38:27) netexec.py:78
[Clang 15.0.0 (clang-1500.1.0.2.5)]
DEBUG RUNNING ON: Darwin Release: 23.2.0 netexec.py:79
DEBUG Passed args: Namespace(threads=256, timeout=None, jitter=None, netexec.py:80
no_progress=False, verbose=False, debug=True, version=False,
protocol='smb', target=['192.168.2.20'], cred_id=[], username=['WEB$'],
password=[], ignore_pw_decoding=False, kerberos=False,
no_bruteforce=False, continue_on_success=False, use_kcache=False,
log=None, aesKey=None, kdcHost=None, gfail_limit=None,
ufail_limit=None, fail_limit=None, module=None, module_options=[],
list_modules=False, show_module_options=False, server='https',
server_host='0.0.0.0', server_port=None, connectback_host=None,
hash=['3f442102ef281d45df74039faf1278a7'], delegate='administrator',
no_s4u2proxy=False, domain=None, local_auth=False, port=445,
share='C$', smb_server_port=445, gen_relay_list=None, smb_timeout=2,
laps=None, sam=False, lsa=False, ntds=None, dpapi=None, mkfile=None,
pvk=None, enabled=False, userntds=None, shares=False,
no_write_check=False, filter_shares=None, sessions=False, disks=False,
loggedon_users_filter=None, loggedon_users=False, users=None,
groups=None, computers=None, local_groups=None, pass_pol=False,
rid_brute=None, wmi=None, wmi_namespace='root\\cimv2', spider=None,
spider_folder='.', content=False, exclude_dirs='', pattern=None,
regex=None, depth=None, only_files=False, put_file=None, get_file=None,
append_host=False, exec_method=None, dcom_timeout=5,
get_output_tries=5, codec='utf-8', force_ps32=False, no_output=False,
execute=None, ps_execute=None, obfs=False, amsi_bypass=None,
clear_obfscripts=False)
DEBUG Protocol: smb netexec.py:134
DEBUG Protocol Path: netexec.py:137
/Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages/nxc/pr
otocols/smb.py
DEBUG Protocol DB Path: netexec.py:139
/Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages/nxc/pr
otocols/smb/database.py
[19:37:47] DEBUG Protocol Object: <class 'protocol.smb'>, type: <class 'type'> netexec.py:142
DEBUG Protocol Object dir: ['__class__', '__delattr__', '__dict__', netexec.py:143
'__dir__', '__doc__', '__eq__', '__format__', '__ge__',
'__getattribute__', '__gt__', '__hash__', '__init__',
'__init_subclass__', '__le__', '__lt__', '__module__', '__ne__',
'__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__',
'__sizeof__', '__str__', '__subclasshook__', '__weakref__',
'call_cmd_args', 'call_modules', 'check_if_admin', 'computers',
'create_conn_obj', 'create_smbv1_conn', 'create_smbv3_conn', 'disks',
'domainfromdnshostname', 'domainfromdsn', 'dpapi', 'enable_remoteops',
'enum_host_info', 'execute', 'gen_relay_list', 'get_dc_ips',
'get_file', 'get_file_single', 'get_os_arch', 'groups', 'hash_login',
'inc_failed_login', 'kerberos_login', 'load_modules', 'local_groups',
'loggedon_users', 'login', 'lsa', 'mark_pwned', 'ntds',
'over_fail_limit', 'parse_credentials', 'pass_pol', 'plaintext_login',
'print_host_info', 'proto_args', 'proto_flow', 'proto_logger',
'ps_execute', 'put_file', 'put_file_single', 'query_db_creds',
'rid_brute', 'sam', 'sessions', 'shares', 'spider', 'try_credentials',
'users', 'wmi']
DEBUG Protocol DB Object: <class 'protocol.database'> netexec.py:145
DEBUG DB Path: /Users/li/.nxc/workspaces/default/smb.db netexec.py:148
DEBUG Creating ThreadPoolExecutor netexec.py:42
DEBUG Creating thread for <class 'protocol.smb'> netexec.py:45
INFO Socket info: host=192.168.2.20, hostname=192.168.2.20, connection.py:106
kerberos=False, ipv6=False, link-local ipv6=False
DEBUG Kicking off proto_flow connection.py:152
[19:37:49] DEBUG Created connection object connection.py:157
[19:37:51] DEBUG Update Hosts: [{'id': 8, 'ip': '192.168.2.20', 'hostname': 'JISHUDC', database.py:280
'domain': 'jishu.xiaodi.vpc', 'os': 'Windows Server 2016 Datacenter
14393', 'dc': None, 'smbv1': True, 'signing': True, 'spooler': None,
'zerologon': True, 'petitpotam': None}]
DEBUG add_host() - Host IDs Updated: [8] database.py:290
[19:37:51] INFO SMB 192.168.2.20 445 JISHUDC Windows Server 2016 smb.py:263
Datacenter 14393 x64 (name:JISHUDC) (domain:jishu.xiaodi.vpc)
(signing:True) (SMBv1:True)
SMB 192.168.2.20 445 JISHUDC Windows Server 2016
Datacenter 14393 x64 (name:JISHUDC) (domain:jishu.xiaodi.vpc)
(signing:True) (SMBv1:True)
DEBUG KDC set to: JISHUDC.jishu.xiaodi.vpc smb.py:270
[19:37:52] INFO Error creating SMBv1 connection to JISHUDC.jishu.xiaodi.vpc: Error while smb.py:494
reading from remote
[19:37:53] INFO Error creating SMBv3 connection to JISHUDC.jishu.xiaodi.vpc: No answer! smb.py:518
DEBUG Getting TGT for user kerberos.py:32
ERROR Exception while calling proto_flow() on target 192.168.2.20: connection.py:117
'error' object has no attribute 'getErrorString'
╭─────────────── Traceback (most recent call last) ───────────────╮
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /nxc/protocols/smb.py:301 in kerberos_login │
│ │
│ 298 │ │ │ │ kerb_pass = "" │
│ 299 │ │ │ │ self.username = self.args.delegate │
│ 300 │ │ │ │ serverName = Principal(f"cifs/{self.host │
│ type=constants.PrincipalNameType.NT_SRV_INST.value) │
│ ❱ 301 │ │ │ │ tgs = kerberos_login_with_S4U(domain, se │
│ nthash, lmhash, aesKey, kdcHost, self.args.delegate, ser │
│ no_s4u2proxy=self.args.no_s4u2proxy) │
│ 302 │ │ │ │ self.logger.debug(f"Got TGS for {self.ar │
│ 303 │ │ │ │
│ 304 │ │ │ self.conn.kerberosLogin(self.username, passw │
│ aesKey, kdcHost, useCache=useCache, TGS=tgs) │
│ │
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /nxc/protocols/smb/kerberos.py:33 in kerberos_login_with_S4U │
│ │
│ 30 │ if my_tgt is None: │
│ 31 │ │ principal = Principal(username, │
│ type=constants.PrincipalNameType.NT_PRINCIPAL.value) │
│ 32 │ │ nxc_logger.debug("Getting TGT for user") │
│ ❱ 33 │ │ tgt, cipher, _, session_key = getKerberosTGT(prin │
│ lmhash, nthash, aesKey, kdcHost) │
│ 34 │ │ my_tgt = decoder.decode(tgt, asn1Spec=AS_REP())[0 │
│ 35 │ decoded_tgt = my_tgt │
│ 36 │ # Extract the ticket from the TGT │
│ │
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /impacket/krb5/kerberosv5.py:188 in getKerberosTGT │
│ │
│ 185 │ message = encoder.encode(asReq) │
│ 186 │ │
│ 187 │ try: │
│ ❱ 188 │ │ r = sendReceive(message, domain, kdcHost) │
│ 189 │ except KerberosError as e: │
│ 190 │ │ if e.getErrorCode() == constants.ErrorCodes.KDC_E │
│ 191 │ │ │ if supportedCiphers[0] in │
│ (constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value, │
│ constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value) │
│ │
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /impacket/krb5/kerberosv5.py:69 in sendReceive │
│ │
│ 66 │ │
│ 67 │ s.sendall(messageLen + data) │
│ 68 │ │
│ ❱ 69 │ recvDataLen = struct.unpack('!i', s.recv(4))[0] │
│ 70 │ │
│ 71 │ r = s.recv(recvDataLen) │
│ 72 │ while len(r) < recvDataLen: │
╰─────────────────────────────────────────────────────────────────╯
error: unpack requires a buffer of 4 bytes
During handling of the above exception, another exception occurred:
╭─────────────── Traceback (most recent call last) ───────────────╮
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /nxc/connection.py:112 in __init__ │
│ │
│ 109 │ │ │ return │
│ 110 │ │ │
│ 111 │ │ try: │
│ ❱ 112 │ │ │ self.proto_flow() │
│ 113 │ │ except Exception as e: │
│ 114 │ │ │ if "ERROR_DEPENDENT_SERVICES_RUNNING" in str( │
│ 115 │ │ │ │ self.logger.error(f"Exception while calli │
│ {self.host}: {e}") │
│ │
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /nxc/connection.py:159 in proto_flow │
│ │
│ 156 │ │ else: │
│ 157 │ │ │ self.logger.debug("Created connection object" │
│ 158 │ │ │ self.enum_host_info() │
│ ❱ 159 │ │ │ if self.print_host_info() and (self.login() o │
│ self.password == "")): │
│ 160 │ │ │ │ if hasattr(self.args, "module") and self. │
│ 161 │ │ │ │ │ self.load_modules() │
│ 162 │ │ │ │ │ self.logger.debug("Calling modules") │
│ │
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /nxc/connection.py:478 in login │
│ │
│ 475 │ │ if not self.args.no_bruteforce: │
│ 476 │ │ │ for secr_index, secr in enumerate(secret): │
│ 477 │ │ │ │ for user_index, user in enumerate(usernam │
│ ❱ 478 │ │ │ │ │ if self.try_credentials(domain[user_i │
│ secr, cred_type[secr_index], data[secr_index]): │
│ 479 │ │ │ │ │ │ owned[user_index] = True │
│ 480 │ │ │ │ │ │ if not self.args.continue_on_succ │
│ 481 │ │ │ │ │ │ │ return True │
│ │
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /nxc/connection.py:422 in try_credentials │
│ │
│ 419 │ │ │ │ │ return self.plaintext_login(username, │
│ 420 │ │ │ elif cred_type == "hash": │
│ 421 │ │ │ │ if self.args.kerberos: │
│ ❱ 422 │ │ │ │ │ return self.kerberos_login(domain, us │
│ self.kdcHost, False) │
│ 423 │ │ │ │ return self.hash_login(domain, username, │
│ 424 │ │ │ elif cred_type == "aesKey": │
│ 425 │ │ │ │ return self.kerberos_login(domain, userna │
│ self.kdcHost, False) │
│ │
│ /Users/li/.local/pipx/venvs/netexec/lib/python3.9/site-packages │
│ /nxc/protocols/smb.py:348 in kerberos_login │
│ │
│ 345 │ │ │ │ used_ccache = f" through S4U with {usern │
│ 346 │ │ │ self.logger.fail(f"{domain}\\{self.username} │
│ 347 │ │ except (SessionError, Exception) as e: │
│ ❱ 348 │ │ │ error, desc = e.getErrorString() │
│ 349 │ │ │ used_ccache = " from ccache" if useCache els │
│ f":{process_secret(kerb_pass)}" │
│ 350 │ │ │ if self.args.delegate: │
│ 351 │ │ │ │ used_ccache = f" through S4U with {usern │
╰─────────────────────────────────────────────────────────────────╯
AttributeError: 'error' object has no attribute 'getErrorString'
[19:37:54] DEBUG Closing connection to: 192.168.2.20
void-ll
I used the binary files on github and pipx and pip to install respectively. When executing the --delegate administrator command, an error will be reported. Other functions are normal. I hope you can help me look at the problem. Thank you.
nxc --version 1.1.0 - nxc4u - 65030d7