swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #88 from Pennyw0rth/neff-neo4j 

Improve bloodhound connector with Netbios domain name
main
Alex 2023-11-03 17:16:49 -04:00 committed by GitHub
parent 9fc67da64e 3b466a3c9e
commit e046a67775
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -30,7 +30,7 @@ If applicable, add screenshots to help explain your problem.
**NetExec info** **NetExec info**
- OS: [e.g. Kali] - OS: [e.g. Kali]
- Version of nxc [e.g. v1.5.2] - Version of nxc: [e.g. v1.5.2]
- Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue - Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue
**Additional context** **Additional context**

4
nxc/connection.py
View File

@ -395,10 +395,6 @@ class connection:
return False return False
if self.args.continue_on_success and owned: if self.args.continue_on_success and owned:
return False return False
# Enforcing FQDN for SMB if not using local authentication. Related issues/PRs: #26, #28, #24, #38
if self.args.protocol == "smb" and not self.args.local_auth and "." not in domain and not self.args.laps and secret != "" and self.domain.upper() != self.hostname.upper():
self.logger.error(f"Domain {domain} for user {username.rstrip()} need to be FQDN ex:domain.local, not domain")
return False
if hasattr(self.args, "delegate") and self.args.delegate: if hasattr(self.args, "delegate") and self.args.delegate:
self.args.kerberos = True self.args.kerberos = True
with sem: with sem:

25
nxc/helpers/bloodhound.py
View File

@ -43,18 +43,26 @@ def add_user_bh(user, domain, logger, config):
try: try:
with driver.session() as session, session.begin_transaction() as tx: with driver.session() as session, session.begin_transaction() as tx:
for info in users_owned: for info in users_owned:
distinguished_name = "".join([f"DC={dc}," for dc in info["domain"].split(".")]).rstrip(",")
domain_query = tx.run(f"MATCH (d:Domain) WHERE d.distinguishedname STARTS WITH '{distinguished_name}' RETURN d").data()
if not domain_query:
raise Exception("Domain not found in bloodhound")
else:
domain = domain_query[0]["d"].get("name")
if info["username"][-1] == "$": if info["username"][-1] == "$":
user_owned = info["username"][:-1] + "." + info["domain"] user_owned = f"{info['username'][:-1]}.{domain}"
account_type = "Computer" account_type = "Computer"
else: else:
user_owned = info["username"] + "@" + info["domain"] user_owned = f"{info['username']}@{domain}"
account_type = "User" account_type = "User"
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) RETURN c')
result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) RETURN c")
if result.data()[0]["c"].get("owned") in (False, None): if result.data()[0]["c"].get("owned") in (False, None):
logger.debug(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name') logger.debug(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name') result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")
logger.highlight(f"Node {user_owned} successfully set as owned in BloodHound") logger.highlight(f"Node {user_owned} successfully set as owned in BloodHound")
except AuthError: except AuthError:
logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.") logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.")
@ -63,7 +71,10 @@ def add_user_bh(user, domain, logger, config):
logger.fail(f"Neo4J does not seem to be available on {uri}.") logger.fail(f"Neo4J does not seem to be available on {uri}.")
return return
except Exception as e: except Exception as e:
logger.fail(f"Unexpected error with Neo4J: {e}") if "Domain not found in bloodhound" in str(e):
logger.fail("Account not found on the domain") logger.fail("Neo4J Error: Domain not found in BloodHound. Please specify the FQDN ex:domain.local.")
else:
logger.fail(f"Unexpected error with Neo4J: {e}")
logger.fail("Account not found on the domain")
return return
driver.close() driver.close()