diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/binaries/build-binaries.yml similarity index 100% rename from .github/workflows/build-binaries.yml rename to .github/workflows/binaries/build-binaries.yml diff --git a/.github/workflows/build-zipapps.yml b/.github/workflows/binaries/build-zipapps.yml similarity index 100% rename from .github/workflows/build-zipapps.yml rename to .github/workflows/binaries/build-zipapps.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 52407e93c..d2e90630c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,14 +1,11 @@ -name: Lint Python code with ruff +name: lint # Caching source: https://gist.github.com/gh640/233a6daf68e9e937115371c0ecd39c61?permalink_comment_id=4529233#gistcomment-4529233 -on: - push: +on: [workflow_call] jobs: lint: runs-on: ubuntu-latest - if: - github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml new file mode 100644 index 000000000..e69de29bb diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bc1d909a8..d584eec33 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,8 +2,6 @@ name: NetExec Tests on: workflow_dispatch: - pull_request_review: - types: [submitted] jobs: build: diff --git a/.github/workflows/windows-run.yml b/.github/workflows/windows-run.yml index ab0e8631f..2d83ba95a 100644 --- a/.github/workflows/windows-run.yml +++ b/.github/workflows/windows-run.yml @@ -6,8 +6,11 @@ on: workflow_dispatch: jobs: - test: + lint: + uses: ./.github/workflows/lint.yml + nxc-smb: runs-on: windows-latest + needs: [lint] # technique stolen from @Hackndo my best friend for life <3 steps: - name: Create new user @@ -35,10 +38,64 @@ jobs: - name: Install libraries without dev group run: | poetry install - - name: Dumping some credzzzzz + - name: Dumping sam run: | - poetry run netexec smb 127.0.0.1 -u nxc -p Pwn3d!!! --sam - poetry run netexec smb 127.0.0.1 -u nxc -p Pwn3d!!! --lsa - poetry run netexec smb 127.0.0.1 -u nxc -p Pwn3d!!! --dpapi - poetry run netexec smb 127.0.0.1 -u nxc -p Pwn3d!!! -M lsassy - poetry run netexec smb 127.0.0.1 -u nxc -p Pwn3d!!! -M procdump \ No newline at end of file + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! --sam + - name: Dumping lsa + run: | + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! --lsa + - name: Dumping dpapi + run: | + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! --dpapi + - name: Dumping with lsassy + run: | + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -M lsassy + - name: Exec command + run: | + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=smbexec + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=wmiexec + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=atexec + poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=mmcexec + - name: Dumping with procdump + run: | + poetry run netexec --verbose smb %COMPUTERNAME% %COMPUTERNAME% %COMPUTERNAME% -u nxc -p Pwn3d!!! -M procdump + + nxc-winrm: + runs-on: windows-latest + needs: [lint] + # technique stolen from @Hackndo my best friend for life <3 + steps: + - name: Create new user + run: | + net user nxc Pwn3d!!! /add + - name: Add to local admin + run: | + net localgroup Administrators nxc /add + - name: Update registry key + run: | + REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup Python + uses: actions/setup-python@v2 + with: + python-version: '3.11' + - name: Install poetry + run: | + pipx install poetry --python python${{ matrix.python-version }} + poetry --version + poetry env info + - name: Install libraries without dev group + run: | + poetry install + - name: Dumping sam + run: | + poetry run netexec winrm 127.0.0.1 -u nxc -p Pwn3d!!! --sam + - name: Dumping lsa + run: | + poetry run netexec winrm 127.0.0.1 -u nxc -p Pwn3d!!! --lsa + - name: Exec command + run: | + poetry run netexec winrm 127.0.0.1 -u nxc -p Pwn3d!!! -x whoami diff --git a/nxc/modules/procdump.py b/nxc/modules/procdump.py index 6432481ba..c7aca0dc2 100644 --- a/nxc/modules/procdump.py +++ b/nxc/modules/procdump.py @@ -78,6 +78,7 @@ def on_admin_login(self, context, connection): dump = True else: context.log.fail("Process lsass.exe error un dump, try with verbose") + sys.exit(1) if dump: regex = r"([A-Za-z0-9-]*.dmp)"