Add the psexec execution method

[Dfte]

Description

This PR adds a new execution method, psexec, based on the psexesvc.py script that allows executing remote commands via the original PSEXESVC.exe script, helping evading most AV's and EDR's if they are shipped with default rules whitelisting M$ signed binaries.

Executing commands can be done:

• As the NT System account:

 poetry run nxc smb 192.168.56.70 -u Administrator -p Defte@WF -x whoami -em psexec

• As the account used to authenticate adding the --as-user flag:

 poetry run nxc smb 192.168.56.70 -u Administrator -p Defte@WF -x whoami -em psexec --as-user

Note that the --as-user flag can only be used providing a cleartext credential as it is required by the PSEXESVC.exe service to locally logon the user (everything is detailled there.

I also added a small -em option to the already existing --exec-method to make it easier to use.

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Deprecation of feature or functionality
• This change requires a documentation update
• This requires a third party update (such as Impacket, Dploot, lsassy, etc)
• This PR was created with the assistance of AI (list what type of assistance, tool(s)/model(s) in the description)

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

• I have ran Ruff against my changes (poetry: poetry run ruff check ., use --fix to automatically fix what it can)
• I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
• If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
• I have linked relevant sources that describes the added technique (blog posts, documentation, etc)
• I have performed a self-review of my own code (not an AI review)
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

[NeffIsBack]

Very nice, thanks for the PR!

[NeffIsBack]

Is it necessary to spawn new Threads (3 in total)? This can give quite a headache, especially considering we are already in a separate thread for each host.

[Dfte]

Yes we do have to spawn all three pipes so that the server's code flow arrives till the point of executing our command.

[Dfte]

I:

• Moved the embedded PSEXESVC.exe signed binary from b64 to a proper folder
• Ensured its path is always checked
• Removed the unecessary RemCom structure which was used before but not anymore
• Tested the all thing :)

Let me know ;)

[Dfte]

Note to myself: this pr breaks if chaining -x powershell -c "whoami"

The command is executed but you won't get the output