NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard

Published 20 hours ago verified publisher icon Pennyw0rth

Passwordspraying over SMB does not close connections after failed attempt

Open FallenHero66 opened this issue 6 months ago • 5 comments

Describe the bug nxc smb does not seem to close the connection after a login attempt. This means, that when running nxc smb through a socks proxy, the socks proxy will eventually die due to too many concurrent connections.

To Reproduce

  1. Set up a socks proxy on your victim machine (i.e. using meterpreter or mythic)
  2. Route traffic to the socks proxy from your attacker machine (i.e. using Proxifier on Windows)
  3. Run netexec smb target_computer -u user_list.txt -p password (with user list containing many users, e.g. 64)
  4. The amount of working connections depend on your socks proxy, but in my case, after 32 concurrent connections (and working login attempts via smb), the socks proxy tunnel dies.

Expected behavior After a login attempt via SMB, the connection closes, preventing too many concurrent connections.

NetExec info

  • OS: Windows
  • Version of nxc: 1.2.0
  • Installed from: github

FallenHero66 avatar Aug 19 '24 07:08 FallenHero66