Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Protocol NFS #366

Merged
merged 60 commits into from
Oct 3, 2024
Merged

New Protocol NFS #366

merged 60 commits into from
Oct 3, 2024

Conversation

termanix
Copy link
Contributor

@termanix termanix commented Jul 8, 2024
edited
Loading

Lately I've been thinking about what NetExec needs in development and I thought seeing NFS shares would also help with development.

It's using RPC and enumerating NFS Shares and if accessible, it finds files recursively.

Together with @Marshall-Hallenbeck, we were able to bring it to its current state (Thank you Marshall for helping). I hope it will be a useful protocol for everyone.

Here it is some screenshots:

My test lab,

192.168.37.130 : Server 2019 Domain Controller
192.168.37.131 : Ubuntu 6.8.0.-31

image

image

And also including UID brute force for if anonymously authentication fail.

image

termanix and others added 17 commits June 4, 2024 10:04
@termanix
New NFS Protocol
80839d8 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Update e2e_commands.txt
fbfef1b 
Added NFS

Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Update e2e_commands.txt
9cf6d98 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@Marshall-Hallenbeck
remove commited pyc files
f1894b2
@termanix
Merge branch 'Pennyw0rth:main' into NFS-Protocol
71391b1
@termanix
Merge branch 'Pennyw0rth:main' into NFS-Protocol
fbec1c7
@termanix
Merge branch 'Pennyw0rth:main' into NFS-Protocol
d3c9d72
@Marshall-Hallenbeck
deps: add pynfsclient
27b52e2
@Marshall-Hallenbeck
nfs(db): add LIR and shares table and reflection; rename conn to sess
4c58448
@Marshall-Hallenbeck
nfs: formatting, commenting, and small fixes
7b37015
@Marshall-Hallenbeck
nfs: properly initialize table variables to None
65fc94f
@termanix
Update nfs.py
0b5bad9 
UID Brute Force added (To Do, Brute number will be taken by user)
disconnection debug bug fixed

To Do Kerberos Auth

Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Merge branch 'Pennyw0rth:main' into NFS-Protocol
8c2155c
@termanix
Update nfs.py
ea5426b 
Bruteforce-UID added.

Kerberos auth left.

Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Merge branch 'Pennyw0rth:main' into NFS-Protocol
b9d7352
@termanix
Merge branch 'Pennyw0rth:main' into NFS-Protocol
449f556
@termanix
Merge branch 'Pennyw0rth:main' into NFS-Protocol
7e52f8d
@mpgn
Copy link
Collaborator

mpgn commented Jul 8, 2024

Crazy !!! 🎉🎉🎉

@termanix
Update proto_args.py
59b6bf8 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@Zamanry
Copy link

Zamanry commented Jul 8, 2024

Hell yeah! I’ve been wanting something like this for a while!!!

@termanix
Update e2e_commands.txt - bruteforceuid added
d071631 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@NeffIsBack NeffIsBack added the enhancement New feature or request label Jul 8, 2024
termanix
termanix commented Jul 9, 2024
View reviewed changes
Copy link
Contributor Author

@termanix termanix left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to keep consistency with SMB's --rid-brute

image

@NeffIsBack
Copy link
Contributor

Actually we can query the uid needed for the share lol. Implemented an autodetecting feature that will automatically set the uid matching to the listed repository:
image

NeffIsBack and others added 4 commits September 29, 2024 18:55
@NeffIsBack
Rename Reachable Networks to Access List
62b535e
Fixed --enum-shares UID bug and removed uid-brute on proto-args
4ae6c19
@termanix
uid-brute removed. Added get-file and put-file
79ecfa8 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
added get, puf file flags
fbfbcc3 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Copy link
Contributor Author

termanix commented Sep 30, 2024
edited
Loading

Download and upload files added.
image

To Do:

 - When uploaded a file, we cant read it. 
 - There are a few bugs on Windows while get-file, put-file

image

termanix and others added 5 commits September 30, 2024 23:00
@termanix
import os for downloaded files
74d7d07 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Renamed get file dispay name
f95b935 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@NeffIsBack
Fix bug with uid and uid autodetection
5553477
@NeffIsBack
Remove unused function, fix uid detection, add comments and simplify …
e737dd6 
…code
@NeffIsBack
Fix local file name
c1308e6
@NeffIsBack
Copy link
Contributor

--get-file and --put-file are working as well 🚀
Escept for windows
image

@termanix
fixed and done get-file for windows and linux
1eafa31 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Copy link
Contributor Author

termanix commented Oct 1, 2024

To Do: Only left puf-file bug fixes for windows and linux.

@NeffIsBack
Copy link
Contributor

Up&Download are working now against Linux&Windows. Also found the solution for setting file permissions 🎉 Default is 777 for now
image
image
image

@NeffIsBack
Copy link
Contributor

@termanix if you can verify the behaviour on your side we should be good to go 🚀

@termanix
e2e editted
bbb9d15 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Fixed put-file
41681ee 
Signed-off-by: termanix <50464194+termanix@users.noreply.github.com>
@termanix
Copy link
Contributor Author

termanix commented Oct 2, 2024

@NeffIsBack On my side everything is fine now! It can be merge after your last review. 🚀

@NeffIsBack
Copy link
Contributor

LGTM:
image

NeffIsBack
NeffIsBack approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@NeffIsBack NeffIsBack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything tested, we should be good 🚀

@mpgn
Copy link
Collaborator

mpgn commented Oct 3, 2024

Excellent work from both of you @NeffIsBack @termanix ! 🎉

@NeffIsBack NeffIsBack merged commit 27313a0 into Pennyw0rth:main Oct 3, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpgn mpgn mpgn approved these changes

@NeffIsBack NeffIsBack NeffIsBack approved these changes

@zblurx zblurx Awaiting requested review from zblurx zblurx is a code owner

@Marshall-Hallenbeck Marshall-Hallenbeck Awaiting requested review from Marshall-Hallenbeck Marshall-Hallenbeck is a code owner

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.3.0
Development

Successfully merging this pull request may close these issues.
5 participants
@termanix @mpgn @Zamanry @NeffIsBack @Marshall-Hallenbeck