Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Basic Commands
# Single User, Single Password
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>'
Sample Output:
TO-DO# Single User, Single Password, Local Auth
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' --local-auth
Sample Output:
TO-DO# Single User, Single Password (Active Directory)
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN>
Sample Output:
TO-DO# Single User, Multiple Passwords
nxc <PROTOCOL> <TARGET> -u '<USER>' -p <PASSWORDS> -d <DOMAIN>
Sample Output:
TO-DO# Multiple Users, Single Password
nxc <PROTOCOL> <TARGET> -u <USERS> -p '<PASSWORD>' -d <DOMAIN> --continue-on-success
Sample Output:
TO-DO# Multiple Users, Multiple Passwords
nxc <PROTOCOL> <TARGET> -u <USERS> -p <PASSWORDS> -d <DOMAIN> --continue-on-success
Sample Output:
TO-DO# Match Username to Corresponding Password
nxc <PROTOCOL> <TARGET> -u <USERS> -p <PASSWORDS> --no-bruteforce --continue-on-success
Sample Output:
TO-DOnxc <PROTOCOL> <TARGET> -u '<USER>' -H <HASH>
Sample Output:
TO-DO# With Kerberos, or STATUS_ACCOUNT_RESTRICTION (NTLM disabled)
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> -k
Sample Output:
TO-DO# With Kerberos ccache, or STATUS_NOT_SUPPORTED (NTLM disabled)
nxc <PROTOCOL> <TARGET> -u '<USER>' -d <DOMAIN> -k --use-kcache
Sample Output:
TO-DOHint: We can also run on multiple targets
Supported Protocols
+----------------------------------------------------------+
| ftp | ldap | mssql | rdp | smb | ssh | vnc | winrm | wmi |
+----------------------------------------------------------+
Sample Output:
TO-DOUsers Enum
nxc smb <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> --users
Sample Output:
TO-DOnxc smb <TARGET> -u '<USER>' -H <HASH> --users
Sample Output:
TO-DOnxc smb <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> -k --users
Sample Output:
TO-DOnxc smb <TARGET> -u '<USER>' -d <DOMAIN> -k --use-kcache --users
Sample Output:
TO-DOnxc smb <TARGET> -u guest -p '' --rid-brute 10000
Sample Output:
TO-DORef: nxc