Search
K
Links

Scan for Vulnerabilities

Check if a DC is vulnerable
When you start your internal pentest, these are the first modules you should try:

ZeroLogon

nxc smb <ip> -u '' -p '' -M zerologon

PetitPotam

nxc smb <ip> -u '' -p '' -M petitpotam

noPAC

nxc smb <ip> -u 'user' -p 'pass' -M nopac
You need a credential for this one
Or, try them all at once! Just list each one: -M zerologon -M petitpotam
Check out what other modules are available via nxc <protocol> -L