NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

New Protocol NFS

Open termanix opened this issue 1 year ago • 2 comments

Lately I've been thinking about what NetExec needs in development and I thought seeing NFS shares would also help with development.

It's using RPC and enumerating NFS Shares and if accessible, it finds files recursively.

Together with @Marshall-Hallenbeck, we were able to bring it to its current state (Thank you Marshall for helping). I hope it will be a useful protocol for everyone.

Here it is some screenshots:

My test lab,

192.168.37.130 : Server 2019 Domain Controller 192.168.37.131 : Ubuntu 6.8.0.-31

image

image

And also including UID brute force for if anonymously authentication fail.

image

termanix avatar Jul 08 '24 14:07 termanix

Crazy !!! 🎉🎉🎉

mpgn avatar Jul 08 '24 14:07 mpgn

Hell yeah! I’ve been wanting something like this for a while!!!

Zamanry avatar Jul 08 '24 15:07 Zamanry

Improvements & Fixes:

  • Moved source for PyNfsClient to the Pennyw0rth organisation
  • Fixed RPC authentication in PyNfsClient
    • Added detection for kerberos requirement
    • Fixed socket errors when authentication fails
    • Merged ipv6 fix from an upstream PR
  • Fixed recursion depth when enumerating shares
  • Other code improvements

ToDos:

  • Fix now spammed output when RID-Bruteforcing
  • Fix ugly output

Example screenshot: image

NeffIsBack avatar Sep 22 '24 23:09 NeffIsBack

Improvements & Fixes:

  • Moved source for PyNfsClient to the Pennyw0rth organisation

  • Fixed RPC authentication in PyNfsClient

    • Added detection for kerberos requirement
    • Fixed socket errors when authentication fails
    • Merged ipv6 fix from an upstream PR

  • Fixed recursion depth when enumerating shares

  • Other code improvements

ToDos:

  • Fix now spammed output when RID-Bruteforcing
  • Fix ugly output

Example screenshot: image

Now it belongs to netexec format, thank you Neff. I wil work on to dos on my free.

termanix avatar Sep 23 '24 06:09 termanix

Added ipv6 support to the NfsClient library as well as the protocol: image

NeffIsBack avatar Sep 28 '24 15:09 NeffIsBack

All flags and output works nice /w Neff

image

termanix avatar Sep 29 '24 12:09 termanix

Actually we can query the uid needed for the share lol. Implemented an autodetecting feature that will automatically set the uid matching to the listed repository: image

NeffIsBack avatar Sep 29 '24 22:09 NeffIsBack

Download and upload files added. image

To Do:

 - When uploaded a file, we cant read it. 
 - There are a few bugs on Windows while get-file, put-file

image

termanix avatar Sep 30 '24 19:09 termanix

--get-file and --put-file are working as well 🚀 Escept for windows image

NeffIsBack avatar Sep 30 '24 23:09 NeffIsBack

To Do: Only left puf-file bug fixes for windows and linux.

termanix avatar Oct 01 '24 14:10 termanix

Up&Download are working now against Linux&Windows. Also found the solution for setting file permissions 🎉 Default is 777 for now image image image

NeffIsBack avatar Oct 01 '24 22:10 NeffIsBack

@termanix if you can verify the behaviour on your side we should be good to go 🚀

NeffIsBack avatar Oct 01 '24 22:10 NeffIsBack

@NeffIsBack On my side everything is fine now! It can be merge after your last review. 🚀

termanix avatar Oct 02 '24 10:10 termanix

LGTM: image

NeffIsBack avatar Oct 02 '24 21:10 NeffIsBack

Excellent work from both of you @NeffIsBack @termanix ! 🎉

mpgn avatar Oct 03 '24 07:10 mpgn