nxc-smb 命令

常用示例

说明

nxc smb performs SMB protocol operations for security testing. Part of NetExec (the community-maintained successor to CrackMapExec). It enumerates shares, users, sessions, groups, and password policies; validates credentials across entire subnets; and can execute commands remotely through WMI, scheduled tasks, or named pipes.

参数

-u _USER_

Username or username file (prefix with @ to read from file).

-p _PASS_

Password or password file.

-H _HASH_

NTLM hash (LM:NT or just NT).

-d, --domain _DOMAIN_

Authenticate against the given domain.

--local-auth

Authenticate locally (use the machine's SAM, skip domain lookup).

-x _CMD_

Execute _CMD_ via cmd.exe.

-X _CMD_

Execute _CMD_ via PowerShell.

--exec-method _METHOD_

Remote-execution technique: wmiexec, atexec, or smbexec.

--shares

Enumerate SMB shares and the current user's permissions on each.

--users

Enumerate domain users via SAMR.

--groups

Enumerate local or domain groups.

--sessions

List active SMB sessions on the target.

--loggedon-users

List users currently logged on to the target.

--pass-pol

Retrieve the effective password policy.

--sam

Dump the local SAM hash database (requires admin).

--lsa

Dump cached LSA secrets.

-M, --module _NAME_

Run a NetExec module (see nxc smb -L for the full list).