Merge pull request #213 from Pennyw0rth/neff-nullauth-bh

Stop Netexec from adding null auth user to bloodhound
2024-03-20 01:02:31 +01:00 · 2024-03-20 01:02:31 +01:00 · ae158614e6
parent e367bf9fa8 d885974121
commit ae158614e6
5 changed files with 17 additions and 17 deletions
--- a/nxc/protocols/ldap.py
+++ b/nxc/protocols/ldap.py
@ -377,7 +377,7 @@ class ldap(connection):
            self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389"
            self.logger.success(out)

-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -434,7 +434,7 @@ class ldap(connection):
                    self.logger.extra["port"] = "636"
                    self.logger.success(out)

-                    if not self.args.local_auth:
+                    if not self.args.local_auth and self.username != "":
                        add_user_bh(self.username, self.domain, self.logger, self.config)
                    if self.admin_privs:
                        add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -490,7 +490,7 @@ class ldap(connection):
            self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389"
            self.logger.success(out)

-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -518,7 +518,7 @@ class ldap(connection):
                    self.logger.extra["port"] = "636"
                    self.logger.success(out)

-                    if not self.args.local_auth:
+                    if not self.args.local_auth and self.username != "":
                        add_user_bh(self.username, self.domain, self.logger, self.config)
                    if self.admin_privs:
                        add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -584,7 +584,7 @@ class ldap(connection):
            self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389"
            self.logger.success(out)

-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -611,7 +611,7 @@ class ldap(connection):
                    self.logger.extra["port"] = "636"
                    self.logger.success(out)

-                    if not self.args.local_auth:
+                    if not self.args.local_auth and self.username != "":
                        add_user_bh(self.username, self.domain, self.logger, self.config)
                    if self.admin_privs:
                        add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
--- a/nxc/protocols/mssql.py
+++ b/nxc/protocols/mssql.py
@ -189,7 +189,7 @@ class mssql(connection):
                raise
            self.check_if_admin()
            self.logger.success(f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}")
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", self.domain, self.logger, self.config)
@ -222,7 +222,7 @@ class mssql(connection):
            self.check_if_admin()
            out = f"{self.domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
            self.logger.success(out)
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", self.domain, self.logger, self.config)
@ -261,7 +261,7 @@ class mssql(connection):
            self.check_if_admin()
            out = f"{self.domain}\\{self.username}:{process_secret(self.nthash)} {self.mark_pwned()}"
            self.logger.success(out)
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", self.domain, self.logger, self.config)
--- a/nxc/protocols/rdp.py
+++ b/nxc/protocols/rdp.py
@ -243,7 +243,7 @@ class rdp(connection):
                    self.mark_pwned(),
                )
            )
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(username, domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -289,7 +289,7 @@ class rdp(connection):

            self.admin_privs = True
            self.logger.success(f"{domain}\\{username}:{process_secret(password)} {self.mark_pwned()}")
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(username, domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -323,7 +323,7 @@ class rdp(connection):

            self.admin_privs = True
            self.logger.success(f"{self.domain}\\{username}:{process_secret(ntlm_hash)} {self.mark_pwned()}")
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(username, domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
--- a/nxc/protocols/smb.py
+++ b/nxc/protocols/smb.py
@ -309,7 +309,7 @@ class smb(connection):
            out = f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
            self.logger.success(out)

-            if not self.args.local_auth and not self.args.delegate:
+            if not self.args.local_auth and self.username != "" and not self.args.delegate:
                add_user_bh(self.username, domain, self.logger, self.config)
            if self.admin_privs:
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@ -372,7 +372,7 @@ class smb(connection):
            out = f"{domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
            self.logger.success(out)

-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                self.logger.debug(f"Adding admin user: {self.domain}/{self.username}:{self.password}@{self.host}")
@ -439,7 +439,7 @@ class smb(connection):
            out = f"{domain}\\{self.username}:{process_secret(self.hash)} {self.mark_pwned()}"
            self.logger.success(out)

-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            if self.admin_privs:
                self.db.add_admin_user("hash", domain, self.username, nthash, self.host, user_id=user_id)
--- a/nxc/protocols/winrm.py
+++ b/nxc/protocols/winrm.py
@ -167,7 +167,7 @@ class winrm(connection):
                self.db.add_admin_user("plaintext", domain, self.username, self.password, self.host)  # , user_id=user_id)
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)

-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            return True
        except Exception as e:
@ -210,7 +210,7 @@ class winrm(connection):
                self.db.add_admin_user("hash", domain, self.username, nthash, self.host)
                add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)

-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                add_user_bh(self.username, self.domain, self.logger, self.config)
            return True