Merge pull request #213 from Pennyw0rth/neff-nullauth-bh

Stop Netexec from adding null auth user to bloodhound
Pennyw0rth · Mar 20, 2024 · ae15861 · ae15861
2 parents e367bf9 + d885974
commit ae15861
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 17 deletions.
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -377,7 +377,7 @@ def kerberos_login(
             self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389"
             self.logger.success(out)
 
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -434,7 +434,7 @@ def kerberos_login(
                     self.logger.extra["port"] = "636"
                     self.logger.success(out)
 
-                    if not self.args.local_auth:
+                    if not self.args.local_auth and self.username != "":
                         add_user_bh(self.username, self.domain, self.logger, self.config)
                     if self.admin_privs:
                         add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -490,7 +490,7 @@ def plaintext_login(self, domain, username, password):
             self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389"
             self.logger.success(out)
 
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -518,7 +518,7 @@ def plaintext_login(self, domain, username, password):
                     self.logger.extra["port"] = "636"
                     self.logger.success(out)
 
-                    if not self.args.local_auth:
+                    if not self.args.local_auth and self.username != "":
                         add_user_bh(self.username, self.domain, self.logger, self.config)
                     if self.admin_privs:
                         add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -584,7 +584,7 @@ def hash_login(self, domain, username, ntlm_hash):
             self.logger.extra["port"] = "636" if (self.args.gmsa or self.port == 636) else "389"
             self.logger.success(out)
 
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -611,7 +611,7 @@ def hash_login(self, domain, username, ntlm_hash):
                     self.logger.extra["port"] = "636"
                     self.logger.success(out)
 
-                    if not self.args.local_auth:
+                    if not self.args.local_auth and self.username != "":
                         add_user_bh(self.username, self.domain, self.logger, self.config)
                     if self.admin_privs:
                         add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)

diff --git a/nxc/protocols/mssql.py b/nxc/protocols/mssql.py
@@ -189,7 +189,7 @@ def kerberos_login(
                 raise
             self.check_if_admin()
             self.logger.success(f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}")
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", self.domain, self.logger, self.config)
@@ -222,7 +222,7 @@ def plaintext_login(self, domain, username, password):
             self.check_if_admin()
             out = f"{self.domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
             self.logger.success(out)
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", self.domain, self.logger, self.config)
@@ -261,7 +261,7 @@ def hash_login(self, domain, username, ntlm_hash):
             self.check_if_admin()
             out = f"{self.domain}\\{self.username}:{process_secret(self.nthash)} {self.mark_pwned()}"
             self.logger.success(out)
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", self.domain, self.logger, self.config)

diff --git a/nxc/protocols/rdp.py b/nxc/protocols/rdp.py
@@ -243,7 +243,7 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
                     self.mark_pwned(),
                 )
             )
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(username, domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -289,7 +289,7 @@ def plaintext_login(self, domain, username, password):
 
             self.admin_privs = True
             self.logger.success(f"{domain}\\{username}:{process_secret(password)} {self.mark_pwned()}")
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(username, domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -323,7 +323,7 @@ def hash_login(self, domain, username, ntlm_hash):
 
             self.admin_privs = True
             self.logger.success(f"{self.domain}\\{username}:{process_secret(ntlm_hash)} {self.mark_pwned()}")
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(username, domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)

diff --git a/nxc/protocols/smb.py b/nxc/protocols/smb.py
@@ -309,7 +309,7 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
             out = f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
             self.logger.success(out)
 
-            if not self.args.local_auth and not self.args.delegate:
+            if not self.args.local_auth and self.username != "" and not self.args.delegate:
                 add_user_bh(self.username, domain, self.logger, self.config)
             if self.admin_privs:
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
@@ -372,7 +372,7 @@ def plaintext_login(self, domain, username, password):
             out = f"{domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
             self.logger.success(out)
 
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 self.logger.debug(f"Adding admin user: {self.domain}/{self.username}:{self.password}@{self.host}")
@@ -439,7 +439,7 @@ def hash_login(self, domain, username, ntlm_hash):
             out = f"{domain}\\{self.username}:{process_secret(self.hash)} {self.mark_pwned()}"
             self.logger.success(out)
 
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             if self.admin_privs:
                 self.db.add_admin_user("hash", domain, self.username, nthash, self.host, user_id=user_id)

diff --git a/nxc/protocols/winrm.py b/nxc/protocols/winrm.py
@@ -167,7 +167,7 @@ def plaintext_login(self, domain, username, password):
                 self.db.add_admin_user("plaintext", domain, self.username, self.password, self.host)  # , user_id=user_id)
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
 
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             return True
         except Exception as e:
@@ -210,7 +210,7 @@ def hash_login(self, domain, username, ntlm_hash):
                 self.db.add_admin_user("hash", domain, self.username, nthash, self.host)
                 add_user_bh(f"{self.hostname}$", domain, self.logger, self.config)
 
-            if not self.args.local_auth:
+            if not self.args.local_auth and self.username != "":
                 add_user_bh(self.username, self.domain, self.logger, self.config)
             return True