Merge pull request #291 from Pennyw0rth/neff-jitter

Change jitter option to throttle authentications

nxc/cli.py

@@ -46,7 +46,7 @@ def gen_cli_args():
 
     parser.add_argument("-t", type=int, dest="threads", default=256, help="set how many concurrent threads to use (default: 256)")
     parser.add_argument("--timeout", default=None, type=int, help="max timeout in seconds of each thread (default: None)")
-    parser.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each connection (default: None)")
+    parser.add_argument("--jitter", metavar="INTERVAL", type=str, help="sets a random delay between each authentication (default: None)")
     parser.add_argument("--no-progress", action="store_true", help="Not displaying progress bar during scan")
     parser.add_argument("--verbose", action="store_true", help="enable verbose output")
     parser.add_argument("--debug", action="store_true", help="enable debug level information")

nxc/connection.py

@@ -108,18 +108,6 @@ def __init__(self, args, db, host):
             self.logger.info(f"Error resolving hostname {self.hostname}: {e}")
             return
 
-        if args.jitter:
-            jitter = args.jitter
-            if "-" in jitter:
-                start, end = jitter.split("-")
-                jitter = (int(start), int(end))
-            else:
-                jitter = (0, int(jitter))
-
-            value = random.choice(range(jitter[0], jitter[1]))
-            self.logger.debug(f"Doin' the jitterbug for {value} second(s)")
-            sleep(value)
-
         try:
             self.proto_flow()
         except Exception as e:
@@ -388,7 +376,9 @@ def parse_credentials(self):
         return domain, username, owned, secret, cred_type, [None] * len(secret)
 
     def try_credentials(self, domain, username, owned, secret, cred_type, data=None):
-        """Try to login using the specified credentials and protocol.
+        """
+        Try to login using the specified credentials and protocol.
+        With  --jitter an authentication throttle can be applied.
 
         Possible login methods are:
             - plaintext (/kerberos)
@@ -401,6 +391,18 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
             return False
         if hasattr(self.args, "delegate") and self.args.delegate:
             self.args.kerberos = True
+
+        if self.args.jitter:
+            jitter = self.args.jitter
+            if "-" in jitter:
+                start, end = jitter.split("-")
+                jitter = (int(start), int(end))
+            else:
+                jitter = (0, int(jitter))
+            value = jitter[0] if jitter[0] == jitter[1] else random.choice(range(jitter[0], jitter[1]))
+            self.logger.debug(f"Throttle authentications: sleeping {value} second(s)")
+            sleep(value)
+
         with sem:
             if cred_type == "plaintext":
                 if self.args.kerberos:

nxc/netexec.py

@@ -214,6 +214,9 @@ def main():
         if ans.lower() not in ["y", "yes", ""]:
             exit(1)
 
+    if args.jitter and len(targets) > 1:
+        nxc_logger.highlight(highlight("[!] Jitter is only throttling authentications per target!", "red"))
+
     try:
         asyncio.run(start_run(protocol_object, args, db, targets))
     except KeyboardInterrupt:

tests/e2e_commands.txt

@@ -23,6 +23,9 @@ netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -x whoami
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -X whoami
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -X whoami --obfs
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --wmi "select Name from win32_computersystem"
+netexec --jitter 2 smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS
+netexec --jitter 1-3 smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS
+netexec --jitter 2-2 smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS
 ##### SMB Modules
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -L
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M add-computer --options