Connection Error: [Errno 104] Connection reset by peer

[Unreachabl]

Describe the bug
When performing an operation on a certain number of hosts (more than 5), the error "Connection Error: [Errno 104] Connection reset by peer" occurs. When reducing the number of hosts, the error does not occur. I tried to set timeouts, reduce the number of threads (-t), install jitter - to no avail.
In the previous version of pcbs (1.2.0.), this was not observed. This problem is repeated with different network configurations (with and without edr)

To Reproduce
Steps to reproduce the behavior i.e.:
Command: netexec smb -id hosts-id 1

NetExec info
OS: Kali
Version of nxc: 1.3.0
Installed from: pipx install git+https://github.com/Pennyw0rth/NetExec

[NeffIsBack]

So this happens with only logging in on multiple hosts? No command execution or anything else?

[Unreachabl]

Every time when I do something with multiple hosts. Including login, various kinds of credential dumps, command execution, and the rest.

[NeffIsBack]

So also simply logging in throws these exceptions? Or only when further command/logic execution? Could you also give me an exact command that fails, including the debug log?

[Unreachabl]

debug.log

I also attach this log file to the topic #478, since both errors are reflected in it.

[NeffIsBack]

This is really mysterious to me. We need more debug info to dig into this. Let me push a branch which contains more detailed logging.

Also do you have information about the domain/environment you are testing? Has one or more servers null auth enabled?
There are several tracebacks in the log where impacket fails to decrypt the domain/user from the NTLM response. The root cause could also be an encoding problem of some sorts. Could that "admin" user contain non ascii characters in the username or password? What about the domain?

Traceback (most recent call last):
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/impacket/ntlm.py", line 579, in getNTLMSSPType1
    domain.encode('utf-16le')
    ^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'encode'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/nxc/connection.py", line 166, in __init__
    self.proto_flow()
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/nxc/connection.py", line 233, in proto_flow
    if self.login() or (self.username == "" and self.password == ""):
       ^^^^^^^^^^^^
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/nxc/connection.py", line 561, in login
    if self.try_credentials(domain[user_index], user, owned[user_index], secr, cred_type[secr_index], data[secr_index]):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/nxc/connection.py", line 496, in try_credentials
    return self.plaintext_login(domain, username, secret)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/nxc/protocols/smb.py", line 413, in plaintext_login
    self.conn.login(self.username, self.password, domain)
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/impacket/smbconnection.py", line 278, in login
    return self._SMBConnection.login(user, password, domain, lmhash, nthash, ntlmFallback)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/impacket/smb.py", line 3504, in login
    self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = True)
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/impacket/smb.py", line 3344, in login_extended
    auth = ntlm.getNTLMSSPType1(self.get_client_name(),domain,self._SignatureRequired, use_ntlmv2 = use_ntlmv2)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/testuser/.local/share/pipx/venvs/netexec/lib/python3.12/site-packages/impacket/ntlm.py", line 581, in getNTLMSSPType1
    domain = domain.decode(encoding)
             ^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'decode'

To further track down the problem we should test these two commits:

• 754ca2d
• c1780a1

If the first one is working i have an idea what one of the problems could be. You can install specific commits with pipx:
pipx install git+https://github.com/Pennyw0rth/NetExec@754ca2d423ba06dd08b87c20b1ac8c722bfc4c2c --force

If not, i would suspect the database to be the root problem. There might be issues with sqlalchemy (the backbone of the database).

[NeffIsBack]

@Unreachabl after trying the two commits from the post before, please try the new branch:
pipx install git+https://github.com/Pennyw0rth/NetExec@neff-improve-logging

[Unreachabl]

1. Yes, there are 5 zero-access hosts on this network.
2. The domain, username, and password do not contain non-ASCII characters.
3. The first commit (754ca2d) works fine, no connection breaks.
4. The second commit (c1780a1) repeats the error "Connection Error: Error while reading from remote"
5. The third option (pipx install git+https://github.com/Pennyw0rth/NetExec@neff-improve-logging) also repeats the error "Connection Error: Error while reading from remote"

[NeffIsBack]

Could you provide a debug log from the third option?

[Unreachabl]

debug.log

[NeffIsBack]

Could you retry with pipx install git+https://github.com/Pennyw0rth/NetExec@neff-improve-logging?

[Unreachabl]

debug.log

[NeffIsBack]

Hi, still trying to figure out why this is happening. Pushed some changes, could you try again when you have time?
Btw, is this only happening when querying from the db? Or also when specifying them manually?

[Unreachabl]

1. Tested the version (pipx install git+https://github.com/Pennyw0rth/NetExec@neff-improve-logging):
   As before, I got the error^ "UnboundLocalError: cannot access local variable 'logged_in' where it is not associated with a value".
   After deleting the ~/.nxc directory, this error disappeared.

2. Tested on 12 hosts - the error "Connection Error: Error while reading from remote" disappeared, I think everything works fine in this part.

3. When authorizing using credentials from the database, the error "ERROR Invalid database credential ID 1!" (Invalid database credential ID #478) still appears. When authorizing using credentials entered manually (with the -u and -p flags), everything works fine.

[NeffIsBack]

2. Tested on 12 hosts - the error "Connection Error: Error while reading from remote" disappeared, I think everything works fine in this part.

This does not make sense to me, i just moved code from one function to another. Could you retry? Still trying to figure out why this does not work in the main branch. If it doesn't work please retry with specifying manually

[Unreachabl]

debug.log

increased the number of hosts to 35 - the error was reproduced
Tested both the main branch and @neff-improve-logging - the result is the same

[brettgus]

@Unreachabl were you on the same network segment as the targets?

I usually get Error 104 connection reset by peer from security products. Like, particularly when a client has multiple sites and I'm trying to connect to a host across a tunnel where they have their IPS functionality enabled on that link. It seems like sometimes it's good about stopping every attempt, and sometimes it's when you have a flurry of connections that they block it. I think that would explain why limiting the number of hosts resolves it for you too.