Open joaovarelas opened 1 week ago
How many hosts you are talking about? Cause while I testing to banks, I didn't get error like this.
How many hosts you are talking about? Cause while I testing to banks, I didn't get error like this.
Im doing scan to multiple /24
networks, but I would say around 250 to 300 hosts at least with port 445 reachable. I'm not sure what triggers this error but for less hosts it does not happen...
Additionally if I scan the single host that provoked the exeception, the output is fine.
EDIT: I noticed i did not specify domain -d domain
but doesn't nxc assume the machine domain by default?
If the txt file contains subnets, this could be the reason. I always find active hosts first and then start testing. I'm talking about thousands hosts btw.
If the txt file contains subnets, this could be the reason. I always find active hosts first and then start testing. I'm talking about thousands hosts btw.
That make sense. I read the exception with attention and the issue shall be here, by retreiving non existent index [0]
❱ 423 │ │ │ host_id = self.db.get_hosts(self.host)[0].id
Will have a look at this.
So today I am trying several things:
nxc smb hosts.txt -u user -p password
where hosts.txt contains lots of /24
CIDR addressesnxc smb hosts.txt -u user -p password
where hosts.txt contains lots of ipv4 addresses without network prefixI am not getting that exception now... Weird
Working with subnets could lead to such situations. Subnet scanning is much larger than host scanning. I'm glad you didn't encounter it. However, the maitainers will of course do in-depth research when they are available. I will examine it too in detail when available.
Can you give me your version info?
The issue is that apparently the host that you are trying to log into does not exist in the database. Though this should not happen as it gets added in enum_host_info earlier.
My best guess would be that you ran into a race condition with SQLite where you tried to read from the db before the host was added. Perhaps because SQLite was overwhelmed by all these connections?
Btw if you want to retest the issue you have to clear the database (or remove the nxc/workspace folder entirely). Otherwise the host was added by your previous scan
My best guess would be that you ran into a race condition with SQLite where you tried to read from the db before the host was added. Perhaps because SQLite was overwhelmed by all these connections?
Though, concurrency issues in the database should have been fixed with #400
The issue is that apparently the host that you are trying to log into does not exist in the database. Though this should not happen as it gets added in enum_host_info earlier.
My best guess would be that you ran into a race condition with SQLite where you tried to read from the db before the host was added. Perhaps because SQLite was overwhelmed by all these connections?
Btw if you want to retest the issue you have to clear the database (or remove the nxc/workspace folder entirely). Otherwise the host was added by your previous scan
Thanks @NeffIsBack at first I had the impression it was indeed some issue with concurrency. I will clear the database and try to reproduce again.
EDIT: 1 out of 5 runs i get the exception with the same exact command, after clearing and initiating the empty database.
Kali 2024.1
Python 3.12.6
1.3.0 - NeedForSpeed - 6d4fdfd
Command: nxc smb hosts.txt -u validuser -p validpass
.
hosts.txt has 160 ipv4 address, i believe all of them with port 445 reachable.
Im now trying to trigger the exception with --debug
but without success.
Ok so triggered the exception with --debug
but don't really know if it will be helpful. I had to obfuscate some strings on the log,
nxc-exception.log
Took a look at the log but it is really hard to debug without being able to test it. The question would be why this host wasn't in the database in the first place. If you still have access you could:
Describe the bug The output contains a couple of exceptions and stacktraces but seem to work for some hosts.
To Reproduce Steps to reproduce the behavior i.e.: Command:
netexec smb lots-of-hosts-list.txt -u username -p password
Resulted in:Expected behavior No exceptions
Screenshots
NetExec info