NetExec
NetExec copied to clipboard
Pennyw0rth
--dc-list errors
Hello, facing a issues with --dc-list
└─# nxc ldap 10.14.206.5 -u administrator -p password --dc-list --timeout=90 --dns-timeout=90
LDAP 10.14.206.5 389 server [*] Windows 10 / Server 2019 Build 17763 (name:Server) (domain:domain.local)
LDAP 10.14.206.5 389 server [+] server.local\administrator:passwor (Pwn3d!)
LDAP 10.14.206.5 389 server [-] General Error:
LDAP 10.14.206.5 389 server [-] Skipping item(dNSHostName) server.domain.local, error: 'Resolver' object has no attribute 'NXDOMAIN'
on windows get
LDAP 10.14.206.5 389 server [-] server.domain.local = Connection timed out
LDAP 10.14.206.5 389 server [-] server.domain.local = Connection timed out
LDAP 10.14.206.5 389 server [-] server.domain.local = Connection timed out
LDAP 10.14.206.5 389 server [-] server.domain.local = Connection timed out
--enum-trusts previously work fine
1.4.0 - SmoothOperator - 83b71487 - 675 (windows , installed via pipx) Today again meet that timeout.. possible its cause using nxc with proxychains (pivoting), not shure
if i set an --dns-timeout= .. i catching
[21:55:12] ERROR Error getting ldap info [WinError 1460] This operation returned because the timeout period expired ldap.py:217
or even
[21:55:31] ERROR Exception while calling proto_flow() on target IP.IP.IP.IP: [WinError 1460] This operation returned because the timeout period expired connection.py:188
╭──────────────────────────────────────────────────── Traceback (most recent call last) ────────────────────────────────────────────────────╮
│ C:\Users\4\pipx\venvs\netexec\Lib\site-packages\nxc\connection.py:180 in __init__ │
│ │
│ 177 │ │ self.logger.info(f"Socket info: host={self.host}, hostname={self.hostname}, │
│ kerberos={self.kerberos}, ipv6={self.is_ipv6}, link-local │
│ ipv6={self.is_link_local_ipv6}") │
│ 178 │ │ │
│ 179 │ │ try: │
│ ❱ 180 │ │ │ self.proto_flow() │
│ 181 │ │ except Exception as e: │
│ 182 │ │ │ if "ERROR_DEPENDENT_SERVICES_RUNNING" in str(e): │
│ 183 │ │ │ │ self.logger.error(f"Exception while calling proto_flow() on target │
│ {target}: {e}") │
│ │
│ C:\Users\4\pipx\venvs\netexec\Lib\site-packages\nxc\connection.py:245 in proto_flow │
│ │
│ 242 │ │ │ self.logger.info(f"Failed to create connection object for target │
│ {self.host}, exiting...") │
│ 243 │ │ else: │
│ 244 │ │ │ self.logger.debug("Created connection object") │
│ ❱ 245 │ │ │ self.enum_host_info() │
│ 246 │ │ │ self.print_host_info() │
│ 247 │ │ │ if self.login() or (self.username == "" and self.password == ""): │
│ 248 │ │ │ │ if hasattr(self.args, "module") and self.args.module: │
│ │
│ C:\Users\4\pipx\venvs\netexec\Lib\site-packages\nxc\protocols\ldap.py:315 in enum_host_info │
│ │
│ 312 │ │ else: │
│ 313 │ │ │ self.domain = self.targetDomain │
│ 314 │ │ │
│ ❱ 315 │ │ self.check_ldap_signing() │
│ 316 │ │ if getattr(self.args, "port_explicitly_set", False) and self.port == 389: │
│ 317 │ │ │ self.cbt_status = "Unknown" │
│ 318 │ │ else: │
│ │
│ C:\Users\4\pipx\venvs\netexec\Lib\site-packages\nxc\protocols\ldap.py:243 in check_ldap_signing │
│ │
│ 240 │ │ self.signing_required = False │
│ 241 │ │ ldap_url = f"ldap://{self.target}" │
│ 242 │ │ try: │
│ ❱ 243 │ │ │ ldap_connection = ldap_impacket.LDAPConnection(url=ldap_url, │
│ baseDN=self.baseDN, dstIp=self.host, signing=False) │
│ 244 │ │ │ ldap_connection.login(domain=self.domain) │
│ 245 │ │ │ self.logger.debug(f"LDAP signing is not enforced on {self.host}") │
│ 246 │ │ except ldap_impacket.LDAPSessionError as e: │
│ │
│ C:\Users\4\pipx\venvs\netexec\Lib\site-packages\impacket\ldap\ldap.py:136 in __init__ │
│ │
│ 133 │ │ │ raise socket.error('Connection error (%s:%d)' % (targetHost, self._dstPort), │
│ e) │
│ 134 │ │ │
│ 135 │ │ if self._SSL is False: │
│ ❱ 136 │ │ │ self._socket.connect(sa) │
│ 137 │ │ else: │
│ 138 │ │ │ # Switching to TLS now │
│ 139 │ │ │ ctx = SSL.Context(SSL.TLS_METHOD) │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
OSError: [WinError 1460] This operation returned because the timeout period expired
Should have been fixed by https://github.com/Pennyw0rth/NetExec/pull/851, feel free to reopen if the issue persists