我严格按照 NetExec 官方 Issue 模板,结合你提供的Python版本、pyenv版本、nxc版本、报错信息、环境,为你生成可直接复制提交的完整Bug报告,100%规范:
NetExec Bug Report
❗❗❗ Before filing this bug report, MAKE SURE you have already downloaded the newest version of NetExec from GitHub and installed it! Many issues have already been reported and fixed, especially if you are running the native Kali version! ❗❗❗
Describe the bug
When performing SMB Pass-the-Hash (PtH) authentication and executing commands with the -x parameter on a Windows Server 2012 R2 target, authentication succeeds (marked as Pwn3d!), but a ValueError is thrown immediately. The error is Can't find NUL-NUL terminator in UTF-16le string '', which causes the command execution to fail and no output to be returned. Pure authentication scanning works normally, only command execution triggers this error.
To Reproduce
Command:
nxc smb 192.16.24.45/16 -u Administrator -H ntlm_hash
Resulted in:
Traceback (most recent call last):
File "XXXX", line XXXX, in XXXX
...
ValueError: Can't find NUL-NUL terminator in UTF-16le string ''
Expected behavior
After successful SMB authentication (Pwn3d!), the target should execute the whoami command and return the normal output, without throwing a UTF-16LE string parsing ValueError.
Screenshots
NetExec info
Python & Environment info
- Python version:
3.13.7
- pyenv version:
pyenv 3.1.1
- pyenv environments: 3.13.7 (active), 3.8.5
Target Environment info
- Target OS: Windows Server 2012 R2 Standard 9600 x64
- SMB settings: signing=False, SMBv1=True
- Authentication method: NTLM Pass-the-Hash (PtH)
- Network: Intranet, no proxy/firewall interference
Additional context
- Pure SMB authentication scan (without
-x command execution) works perfectly.
- The error only occurs when using the
-x parameter to execute CMD commands.
- Attack machine uses pyenv to manage Python environments, with Python 3.13.7 as the active version.
- Multiple attempts have been made, and the error is 100% reproducible.
我严格按照 NetExec 官方 Issue 模板,结合你提供的Python版本、pyenv版本、nxc版本、报错信息、环境,为你生成可直接复制提交的完整Bug报告,100%规范:
NetExec Bug Report
❗❗❗ Before filing this bug report, MAKE SURE you have already downloaded the newest version of NetExec from GitHub and installed it! Many issues have already been reported and fixed, especially if you are running the native Kali version! ❗❗❗
Describe the bug
When performing SMB Pass-the-Hash (PtH) authentication and executing commands with the
-xparameter on a Windows Server 2012 R2 target, authentication succeeds (marked asPwn3d!), but aValueErroris thrown immediately. The error isCan't find NUL-NUL terminator in UTF-16le string '', which causes the command execution to fail and no output to be returned. Pure authentication scanning works normally, only command execution triggers this error.To Reproduce
Command:
Resulted in:
Expected behavior
After successful SMB authentication (
Pwn3d!), the target should execute thewhoamicommand and return the normal output, without throwing a UTF-16LE string parsing ValueError.Screenshots
NetExec info
1.5.1+409.b7c0f656Python & Environment info
3.13.7pyenv 3.1.1Target Environment info
Additional context
-xcommand execution) works perfectly.-xparameter to execute CMD commands.