Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
General
# Single user, Single password
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>'
Sample Output:
TO-DO# Single user, Single password, Local auth
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' --local-auth
Sample Output:
TO-DO# Single user, Single password (Active Directory)
nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN>
Sample Output:
TO-DO# Single user, Multiple passwords
nxc <PROTOCOL> <TARGET> -u '<USER>' -p <PASSWORDS> -d <DOMAIN>
Sample Output:
TO-DO# Multiple users, Single password
nxc <PROTOCOL> <TARGET> -u <USERS> -p '<PASSWORD>' -d <DOMAIN> --continue-on-success
Sample Output:
TO-DO# Multiple users, Multiple passwords
nxc <PROTOCOL> <TARGET> -u <USERS> -p <PASSWORDS> -d <DOMAIN> --continue-on-success
Sample Output:
TO-DO# Match username to corresponding password
nxc <PROTOCOL> <TARGET> -u <USERS> -p <PASSWORDS> --no-bruteforce --continue-on-success
Sample Output:
TO-DO# NTLM
nxc <PROTOCOL> <TARGET> -u '<USER>' -H <HASH> -d <DOMAIN>
Sample Output:
TO-DO# Password-based Kerberos
sudo ntpdate -s <DC_IP> && nxc <PROTOCOL> <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> -k --kdcHost <DC>
Sample Output:
TO-DO# NTLM-based Kerberos
sudo ntpdate -s <DC_IP> && nxc <PROTOCOL> <TARGET> -u '<USER>' -H <HASH> -d <DOMAIN> -k --kdcHost <DC>
Sample Output:
TO-DO# Ticket-based Kerberos
sudo ntpdate -s <DC_IP> && nxc <PROTOCOL> <TARGET> -u '<USER>' -d <DOMAIN> -k --kdcHost <DC> --use-kcache
Sample Output:
TO-DOHint: We can also run on multiple targets
Available Protocols
+----------------------------------------------------------------+
| ftp | wim | vnc | winrm | mssql | ldap | smb | rdp | nfs | ssh |
+----------------------------------------------------------------+
Sample Output:
TO-DOUsers Enum - Anonymous
nxc smb <TARGET> -u '' -p '' -d <DOMAIN> --users
Sample Output:
TO-DOnxc smb <TARGET> -u guest -p '' --rid-brute 10000
Sample Output:
TO-DOUsers Enum - Authenticated
# Password
nxc smb <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> --users
Sample Output:
TO-DO# NTLM
nxc smb <TARGET> -u '<USER>' -H <HASH> -d <DOMAIN> --users
Sample Output:
TO-DO# Password-based Kerberos
nxc smb <TARGET> -u '<USER>' -p '<PASSWORD>' -d <DOMAIN> -k --kdcHost <DC> --users
Sample Output:
TO-DO# NTLM-based Kerberos
nxc smb <TARGET> -u '<USER>' -H <HASH> -d <DOMAIN> -k --kdcHost <DC> --use-kcache --users
Sample Output:
TO-DO# Ticket-based Kerberos
nxc smb <TARGET> -u '<USER>' -d <DOMAIN> -k --kdcHost <DC> --use-kcache --users
Sample Output:
TO-DORef: nxc wiki