NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

REopen Update --dc-list Now check trusted domains DCs

Open termanix opened this issue 8 months ago • 5 comments

Description

--dc-list now checks the DCs on trusted domain if exists.

Type of change

Please delete options that are not relevant.

  • [+] New feature (non-breaking change which adds functionality)

How Has This Been Tested?

Tested in exam, GOAD and my lab.

Screenshots (if appropriate):

On Exam image

Will try to figure out that error. image

termanix avatar Apr 27 '25 04:04 termanix

This pull request introduces significant enhancements to the dc_list method in nxc/protocols/ldap.py. The changes improve the functionality for enumerating domain controllers and trusted domains, increase code clarity by modularizing hostname resolution, and add detailed logging for better debugging and user feedback.

Enhancements to domain controller enumeration:

  • Added a new section to enumerate domain controllers in trusted domains, including resolving their DNS names and logging the results. This includes handling Active Directory trusts and skipping non-Active Directory trusts.

Code modularization and clarity:

  • Refactored hostname resolution logic into a dedicated resolve_and_display_hostname function, improving code readability and reusability.

Improved logging and error handling:

  • Enhanced logging to include domain-specific prefixes for better context in output messages. Improved handling of DNS resolution errors with more descriptive messages.

mpgn avatar Apr 27 '25 08:04 mpgn

Will try to figure out that error.

is it solved ?

mpgn avatar Apr 27 '25 08:04 mpgn

Will try to figure out that error.

is it solved ?

Yes, It was about If DC is off.

termanix avatar Apr 27 '25 10:04 termanix

@termanix can you add the functionality of the enum_trust module? See: https://github.com/Pennyw0rth/NetExec/pull/585#issuecomment-2764597178

NeffIsBack avatar Apr 27 '25 13:04 NeffIsBack

@termanix can you add the functionality of the enum_trust module?

See: https://github.com/Pennyw0rth/NetExec/pull/585#issuecomment-2764597178

Yes, I can 🤘🏻

termanix avatar Apr 27 '25 13:04 termanix

It's ready for review.

image

termanix avatar May 07 '25 19:05 termanix

All good for me on HTB box :heavy_check_mark:

@NeffIsBack can you run it on GOAD just to be sure ?

mpgn avatar May 26 '25 09:05 mpgn

Will do👍maybe later the day or tomorrow

NeffIsBack avatar May 26 '25 09:05 NeffIsBack

I thought about seperating the trusted domains a bit better, because in large domains with multiple domain trusts there are probably also several DCs per domain. So i think using a .success without any formatting would probably the best to separate different domains.

Which one do you like best @mpgn @termanix? Probably 3 for me, the least cluttered. image

NeffIsBack avatar May 28 '25 13:05 NeffIsBack