WINRM module crashes when attempting to add admin user via NTLM hash to the database

[mbaccia514]

Describe the bug There is currently a bug with the "winrm" module when attempting to add an admin user via NTLM hash to the database. After successfully validating the admin user, it crashes with an error:

zip() argument 2 is longer than argument 1

The crash occurs here: https://github.com/Pennyw0rth/NetExec/blob/024ff0ab03adcffd7137323c74550bc7ee762190/nxc/protocols/winrm/database.py#L215

To Reproduce Command: nxc winrm dc01 -d "nota.domain.com" -u "Administrator" -H "<NTLM hash>" -X "whoami" Resulted in:

WINRM       172.16.1.10  5985   DC01            [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:nota.domain.com)
WINRM       172.16.1.10  5985   DC01            [+] nota.domain.com\Administrator:<NTLM hash> (Pwn3d!)
WINRM       172.16.1.10  5985   DC01            [-] nota.domain.com\Administrator:<NTLM hash> zip() argument 2 is longer than argument 1

Expected behavior NetExec should successfully add the admin user to the nxcdb winrm database, or at the very least crash gracefully so the follow-up commands succeed (i.e. "whoami" in this case).

NetExec info

• OS: Blackarch
• Version of nxc: 1.4.0 - SmoothOperator - 024ff0ab - 5
• Installed from: pipx

Additional context The issue seems to specifically be related to the query for the "users" variable: https://github.com/Pennyw0rth/NetExec/blob/main/nxc/protocols/winrm/database.py#L211

as the returned query returns no rows. Unfortunately, I don't have much time right now to fully investigate and draft a PR, but hopefully this is enough to identify the issue.

[NeffIsBack]

Damn another one, thanks for reporting!

Likely the same issue as in https://github.com/Pennyw0rth/NetExec/issues/613 Likely fixable similar to: https://github.com/Pennyw0rth/NetExec/pull/590