termanix
commented
1 week ago How many hosts you are talking about? Cause while I testing to banks, I didn't get error like this.
Open joaovarelas opened 1 week ago
termanix
commented
1 week ago How many hosts you are talking about? Cause while I testing to banks, I didn't get error like this.
joaovarelas
commented
1 week ago How many hosts you are talking about? Cause while I testing to banks, I didn't get error like this.
Im doing scan to multiple /24 networks, but I would say around 250 to 300 hosts at least with port 445 reachable. I'm not sure what triggers this error but for less hosts it does not happen...
Additionally if I scan the single host that provoked the exeception, the output is fine.
EDIT: I noticed i did not specify domain -d domain but doesn't nxc assume the machine domain by default?
termanix
commented
1 week ago If the txt file contains subnets, this could be the reason. I always find active hosts first and then start testing. I'm talking about thousands hosts btw.
joaovarelas
commented
1 week ago If the txt file contains subnets, this could be the reason. I always find active hosts first and then start testing. I'm talking about thousands hosts btw.
That make sense. I read the exception with attention and the issue shall be here, by retreiving non existent index [0]
❱ 423 │ │ │ host_id = self.db.get_hosts(self.host)[0].idWill have a look at this.
joaovarelas
commented
1 week ago So today I am trying several things:
nxc smb hosts.txt -u user -p password where hosts.txt contains lots of /24 CIDR addressesnxc smb hosts.txt -u user -p password where hosts.txt contains lots of ipv4 addresses without network prefixI am not getting that exception now... Weird
termanix
commented
1 week ago Working with subnets could lead to such situations. Subnet scanning is much larger than host scanning. I'm glad you didn't encounter it. However, the maitainers will of course do in-depth research when they are available. I will examine it too in detail when available.
NeffIsBack
commented
1 week ago Can you give me your version info?
NeffIsBack
commented
1 week ago The issue is that apparently the host that you are trying to log into does not exist in the database. Though this should not happen as it gets added in enum_host_info earlier.
My best guess would be that you ran into a race condition with SQLite where you tried to read from the db before the host was added. Perhaps because SQLite was overwhelmed by all these connections?
Btw if you want to retest the issue you have to clear the database (or remove the nxc/workspace folder entirely). Otherwise the host was added by your previous scan
NeffIsBack
commented
1 week ago My best guess would be that you ran into a race condition with SQLite where you tried to read from the db before the host was added. Perhaps because SQLite was overwhelmed by all these connections?
Though, concurrency issues in the database should have been fixed with #400
joaovarelas
commented
1 week ago The issue is that apparently the host that you are trying to log into does not exist in the database. Though this should not happen as it gets added in enum_host_info earlier.
My best guess would be that you ran into a race condition with SQLite where you tried to read from the db before the host was added. Perhaps because SQLite was overwhelmed by all these connections?
Btw if you want to retest the issue you have to clear the database (or remove the nxc/workspace folder entirely). Otherwise the host was added by your previous scan
Thanks @NeffIsBack at first I had the impression it was indeed some issue with concurrency. I will clear the database and try to reproduce again.
EDIT: 1 out of 5 runs i get the exception with the same exact command, after clearing and initiating the empty database.
Kali 2024.1
Python 3.12.6
1.3.0 - NeedForSpeed - 6d4fdfdCommand: nxc smb hosts.txt -u validuser -p validpass.
hosts.txt has 160 ipv4 address, i believe all of them with port 445 reachable.
Im now trying to trigger the exception with --debug but without success.
joaovarelas
commented
1 week ago Ok so triggered the exception with --debug but don't really know if it will be helpful. I had to obfuscate some strings on the log,
nxc-exception.log
NeffIsBack
commented
1 week ago Took a look at the log but it is really hard to debug without being able to test it. The question would be why this host wasn't in the database in the first place. If you still have access you could:
Describe the bug The output contains a couple of exceptions and stacktraces but seem to work for some hosts.
To Reproduce Steps to reproduce the behavior i.e.: Command:
netexec smb lots-of-hosts-list.txt -u username -p passwordResulted in:Expected behavior No exceptions
Screenshots
NetExec info