Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Basic Commands
# Single user, Single password
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>'
Sample Output:
TO-DO# Single user, Single password, Local auth
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' --local-auth
Sample Output:
TO-DO# Single user, Single password (Active Directory)
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN>
Sample Output:
TO-DO# Single user, Multiple passwords
nxc <PROTOCOL> <TARGET> -u '<USER>' -p <PASSWORDS> -d <DOMAIN>
Sample Output:
TO-DO# Multiple users, Single password
nxc <PROTOCOL> <TARGET> -u <USERS> -p '<PASSWORD>' -d <DOMAIN> --continue-on-success
Sample Output:
TO-DO# Multiple users, Multiple passwords
nxc <PROTOCOL> <TARGET> -u <USERS> -p <PASSWORDS> -d <DOMAIN> --continue-on-success
Sample Output:
TO-DO# Match username to corresponding password
nxc <PROTOCOL> <TARGET> -u <USERS> -p <PASSWORDS> --no-bruteforce --continue-on-success
Sample Output:
TO-DOnxc <PROTOCOL> <TARGET> -u '<USER>' -H <HASH>
Sample Output:
TO-DO# With Kerberos, or STATUS_ACCOUNT_RESTRICTION (NTLM disabled)
sudo ntpdate -s <DC_IP> && nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> -k
Sample Output:
TO-DO# With Kerberos ccache, or STATUS_NOT_SUPPORTED (NTLM disabled)
sudo ntpdate -s <DC_IP> && nxc <PROTOCOL> <TARGET> -u '<USER>' -d <DOMAIN> -k --use-kcache
Sample Output:
TO-DOHint: We can also run on multiple targets
Supported Protocols
+----------------------------------------------------------+
| ftp | ldap | mssql | rdp | smb | ssh | vnc | winrm | wmi |
+----------------------------------------------------------+
Sample Output:
TO-DOUsers Enum
nxc smb <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> --users
Sample Output:
TO-DOnxc smb <TARGET> -u '<USER>' -H <HASH> --users
Sample Output:
TO-DOnxc smb <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> -k --users
Sample Output:
TO-DOnxc smb <TARGET> -u '<USER>' -d <DOMAIN> -k --use-kcache --users
Sample Output:
TO-DOnxc smb <TARGET> -u guest -p '' --rid-brute 10000
Sample Output:
TO-DORef: nxc