Allow for specifying specific users to kerberoast

[Marshall-Hallenbeck]

Description

Allows users to specify a list of users to Kerberoast via the command line or text file.

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Deprecation of feature or functionality
• This change requires a documentation update
• This requires a third party update (such as Impacket, Dploot, lsassy, etc)

Setup guide for the review

Shouldn't need anything other than kerberoastable users in your lab - just define them via --kerberoast-users and list them either by --kerberoast-users user1 user2 user3 or --kerberoast-users kerb-users.txt

Screenshots (if appropriate):

I can provide some if needed

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

• I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
• I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
• New and existing e2e tests pass locally with my changes
• If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

[azoxlpf]

What do you think about adding a universal --users flag that could be used across --kerberoast, --asreproast, and in my PR (Add targeted Kerberoasting by injecting/removing temporary SPNs) --targetedkerberoast ? It might help simplify things a bit and make the interface more consistent overall.

For example:

• nxc ldap ip -u user -p password --kerberoast --user 1

• nxc ldap ip -u user -p password --asreproast --user 1

• nxc ldap ip -u user -p password --targetedkerberoast --user 1

[Marshall-Hallenbeck]

I think that might be confusing with the -u and --username flags

[azoxlpf]

I think that might be confusing with the -u and --username flags

I mentioned --user because in SMB we already use it for --ntds. The main point is just to have a universal targeting flag, whatever the final name is, it could very well be --target or something similar

[Copilot]

Pull Request Overview

This PR adds functionality to allow users to specify specific users for kerberoasting attacks, rather than targeting all available users. The implementation allows users to provide a list of usernames either directly via command line arguments or through a text file.

• Adds --kerberoast-users argument to specify target users for kerberoasting
• Refactors duplicate get_conditional_action function to a shared location
• Implements conditional argument requirement where --kerberoast-users requires --kerberoasting

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
nxc/helpers/args.py	Adds shared get_conditional_action function for argument dependencies
nxc/protocols/ldap/proto_args.py	Adds --kerberoast-users argument with conditional requirement on --kerberoasting
nxc/protocols/ldap.py	Implements logic to filter kerberoast targets based on specified users
nxc/protocols/ssh/proto_args.py	Removes duplicate get_conditional_action function
nxc/protocols/smb/proto_args.py	Removes duplicate get_conditional_action function

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[NeffIsBack]

uhh what happened here? Why is the commit history so messed up?

[Marshall-Hallenbeck]

uhh what happened here? Why is the commit history so messed up?

I have no idea. I'll have to fix it.

[Marshall-Hallenbeck]

Nuking this PR, the branch got entirely feffed.