Closed lenhart closed 2 weeks ago
Thanks for the bug report! We will take a look at it.
Unable to reproduce. Used HTB Querier as a test case.
Looks like he used --local-auth
. That flag does some internal variable changes, my guess is that this fcked things up
So taking a deeper look into this, this is likely an issue with the ntlm challenge. All three "corrupted" information should be retrieved out of the challenge. What is interesting is, that the ntlm challenge did not throw an error, but also didn't provide the needed information. What happens to the rest of the execution is therefore quite ambiguous, hard to say without having a machine for further debugging. If you come across another error like this please let us know!
I will close this for now until we can get more information
Describe the bug On a recent engagement command execution did not work via the MSSQL module. The same command with crackmapexec (version 5.4.0) however worked.
Differences were that nxc missed the server name in the 3rd column (had 'None' instead), the domain and had the ip as name after the build version in column 4.. After the successful login with the pwned message, there was an additional line with a failed login. cme had the cmd execution output.
To Reproduce Unfortunately I no longer have access to the system, but this was the output (with dummy data): Command:
netexec mssql 10.10.10.10 -u username -p password
--local-auth -x whoami Resulted in:while the same command w/ crackmapexec resulted in
Expected behavior cme and nxc should behave in the same way.
Screenshots
NetExec info