|
|
@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging |
|
|
|
@g0tmi1k bump
Any updates on that? Would be nice to just install/update it via apt install NetExec (or apt-get). The old project (crackmapexec) is dead anyways. Recent pen testing and red team manuals refer to the new tool |
|
|
|
I've packaged dploot, one of the dependencies needed to package/use netexec: https://github.com/zblurx/dploot |
|
|
|
I have updated dploot from 2.1.4 to 2.6.0 |
|
|
|
EDITED - OUTDATED COMMENT |
|
|
|
EDITED - OUTDATED COMMENT |
|
|
|
netexec is packaged :) - https://gitlab.com/Arszilla/netexec
However, it should be noted that:
- There seems to be an error/problem with
python3-sqlalchemy. Despite the latest version of python3-sqlalchemy being 2.0.19+ds1-1 from Debian (https://salsa.debian.org/python-team/packages/sqlalchemy), the version in Kali is 1.4.50+ds1-1. netexec requires 2.0.4+.
As a result of this, I believe the following error is caused when executing/running netexec (perhaps only for the first time):
$ netexec -h
[*] First time use detected
[*] Creating home directory structure
[*] Creating missing folder logs
[*] Creating missing folder modules
[*] Creating missing folder protocols
[*] Creating missing folder workspaces
[*] Creating missing folder obfuscated_scripts
[*] Creating missing folder screenshots
[*] Creating default workspace
Traceback (most recent call last):
File "/usr/bin/netexec", line 5, in <module>
from nxc.netexec import main
File "/usr/lib/python3/dist-packages/nxc/netexec.py", line 14, in <module>
from nxc.config import nxc_config, nxc_workspace, config_log, ignore_opsec
File "/usr/lib/python3/dist-packages/nxc/config.py", line 16, in <module>
first_run_setup()
File "/usr/lib/python3/dist-packages/nxc/first_run.py", line 32, in first_run_setup
initialize_db()
File "/usr/lib/python3/dist-packages/nxc/database.py", line 97, in initialize_db
create_workspace("default")
File "/usr/lib/python3/dist-packages/nxc/database.py", line 71, in create_workspace
protocol_object = p_loader.load_protocol(protocols[protocol]["dbpath"])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/nxc/loaders/protocolloader.py", line 16, in load_protocol
loader.exec_module(protocol)
File "/usr/lib/python3/dist-packages/nxc/protocols/ftp/database.py", line 5, in <module>
from sqlalchemy.exc import (
ImportError: cannot import name 'IllegalStateChangeError' from 'sqlalchemy.exc' (/usr/lib/python3/dist-packages/sqlalchemy/exc.py)
- Both
dploot/python3-dploot and netexec seem to suffer from a SyntaxWarning warning, which I have shared with both repositories under https://github.com/zblurx/dploot/issues/16 and https://github.com/Pennyw0rth/NetExec/issues/200. Assuming these are fixable, expect a small version bump/fix on my repositories.
CC: @kali-team |
|
|
|
So, while chatting with @NeffIsBack a few issues were pointed out and will require them to be solved before netexec is moved to kali-dev:
python3-sqlalchemy problem (pointed out in https://bugs.kali.org/view.php?id=8533#c19010)- Instead of
python3-impacket, netexec requires https://github.com/Pennyw0rth/impacket/tree/gkdi (Their fork of python3-impacket - gkdi branch)
python3-oscrypto is has a critical bug - as a result https://github.com/Pennyw0rth/oscrypto must be used until https://github.com/wbond/oscrypto/issues/78 is solved by the maintainer/owner of oscrypto |
|
|
|
It was pointed out to me by Steev that Arnauld and Sophie have shared a patch with Debian upstream for oscrypto/python3-oscrypto, dealing with https://github.com/wbond/oscrypto/issues/78 - (Patch: https://salsa.debian.org/python-team/packages/oscrypto/-/blob/debian/latest/debian/patches/Make_OpenSSL_version_regexes_more_robust.patch?ref_type=heads)
I will test this later to ensure that the patch is working as intended for netexec. |
|
|
|
I have thought of packaging Pennyw0rth's fork of impacket as python3-impacket-netexec and using it instead of python3-impacket - maybe with a Conflicts: or Replaces: header (otherwise Python might have a hard time distinguishing between both).
While reviewing the reverse dependencies of impacket via apt-cache rdepends python3-impacket, I have noticed that 0000030:0000022 packages depend on python3-impacket, 4 of which are dependencies of netexec. Thus, my initial idea is out the window and sadly, I can't think of another solution where both packages could potentially co-exist within Kali etc.
As a result, I fear netexec's packaging might have hitten a standstill for now - either until a better solution could be figured out or if Fortra merges the netexec team's PR/MR requests to impacket.
Lastly: I have opened a ticket regarding sqlalchemy: https://bugs.kali.org/view.php?id=8667 regarding the point mentioned in https://bugs.kali.org/view.php?id=8533#c19010 |
|
|
|
Opened https://github.com/Pennyw0rth/NetExec/issues/205 as a requirement to package netexec. Once that is solved, the only obstacle might be the sqlalchemy version discrepancy, which is not something that netexec team can fix, but Kali/Debian. |
|
|
|
Had to republish dploot - as I fixed some stuff regarding licenses etc. and I've submitted a bug report for it to be added to the Kali repos: https://bugs.kali.org/view.php?id=8671 |
|
|
|
So, for netexec to work, Pennyw0rth/impacket (https://github.com/Pennyw0rth/impacket has to be packaged (the gdki branch, specifically). However, there is an issue: It will use the /usr/lib/python3/dist-packages/impacket directory if it's packaged as it is, which conflicts with python3-impacket.
After some discussions with @NeffIsBack and the other NetExec devs/maintainers, there seems to be only one option left to facilitate this: use patches for both python3-impacket-nxc (provisional name for the forked version of impacket) and netexec to rename all occurrences of impacket to impacket_nxc.
Currently, I have a provisional package for the impacket fork, so I will be working on packaging that.
However, I have also noticed that nearly a dozen packages require version bumps (both on Kali and Debian side) in order to package netexec, as seen here: https://github.com/Pennyw0rth/NetExec/issues/211
@NeffIsBack and the others will see if these packages could be downgraded to the versions available in Kali and Debian to facilitate the ease of packaging. For those that cannot be packaged, a ticket for upgrade will be opened on each respective OS. |
|
|
|
Great news everyone. After nearly 1.5-2 months of sorting out dependencies, NetExec is ready for Kali: https://gitlab.com/Arszilla/netexec
Please note that Kali will have to use the kali-packaging branch, due to dependency hell, but initial testing conducted by @NeffIsBack seems to be promising. From what I can tell, it seems like we are finally ready to move the package to Kali. |
|
|
|
The images failed to upload, retrying. |
|
|
|
|
|
|
|
|
|
|
|
@Arszilla thanks a lot for all the work with packaging!
@kali-team please wait with the upload until we publish version 1.2.0 soon. There are some bug-fix and feature PRs we would like to have in the release, so version 1.2.0 and therefore also the kali version is as stable as possible: https://github.com/Pennyw0rth/NetExec/milestone/3
I will reach out when we do the release. |
|
