Scan for Vulnerabilities
Check if a DC is vulnerable
When you start your internal pentest, these are the first modules you should try:
ZeroLogon
nxc smb <ip> -u '' -p '' -M zerologon
PetitPotam
nxc smb <ip> -u '' -p '' -M petitpotam
noPAC
nxc smb <ip> -u 'user' -p 'pass' -M nopac
You need a credential for this one
Or, try them all at once! Just list each one: -M zerologon -M petitpotam
Check out what other modules are available via nxc <protocol> -L
Last updated