Add RPC helper class and migrate SMB/module callers

[azoxlpf]

Description

Following the discussion on PR #1104 (delegated Service Ticket reuse ) and @NeffIsBack ’s feedback, this change introduces a small helper under nxc/helpers/ instead of threading ad‑hoc SMBTransport / DCERPCTransportFactory setup through every caller.

NXCRPCConnection takes the NetExec protocol connection as its first argument, applies the same credentials, hashes, AES key, and Kerberos options as the parent connection, and either reuses the existing SMB session when conn.conn is already established (so delegated tickets from S4U2Proxy apply to named-pipe RPC) or builds a new SMB transport from the stored auth. A force_tcp flag selects TCP (ncacn_ip_tcp) when needed. Callers can still pass string_binding, target_ip, anonymous_rpc, and optional auth_level where interfaces require privacy/signing.

SMB core paths and the modules that were opening their own RPC transports have been migrated to use this helper. Special cases (e.g. EPM hept_lookup on port 135) keep using the helper for transport/credentials but avoid an inappropriate dce.bind() where the protocol does not expect it.

This addresses the original problem: operations after --delegate / --use-kcache no longer open “fresh” RPC transports that ignore the delegated ST and fall back to the machine (or other) password for Kerberos preauth.

I migrated the call sites I found and do not believe anything obvious was missed, but the codebase uses RPC in many places, so full coverage is not guaranteed without a wider audit.

Testing: I exercised the flows touching the modified files (SMB features and modules on lab targets), behavior matched expectations versus the pre-refactor behavior, including scenarios that previously failed with delegated ST propagation.

I used Claude Opus 4.6 mainly to draft and iterate on the implementation plan (structure of the RPC helper, migration order, and edge cases).

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Deprecation of feature or functionality
• This change requires a documentation update
• This requires a third party update (such as Impacket, Dploot, lsassy, etc)
• This PR was created with the assistance of AI (list what type of assistance, tool(s)/model(s) in the description)

Setup guide for the review

Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
In particular:

• Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
• Added Feature/Enhancement: Please specify what setup is needed in order to test the changes, such as:
  • Is additional software needed?
  • GPO changes required?
  • Specific registry settings that need to be changed?

Screenshots (if appropriate):

Example of delegated credentials being reused for subsequent RPC (atexec) after --delegate :

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

• I have ran Ruff against my changes (poetry: poetry run ruff check ., use --fix to automatically fix what it can)
• I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
• If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
• I have linked relevant sources that describes the added technique (blog posts, documentation, etc)
• I have performed a self-review of my own code (not an AI review)
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

[Dfte]

Jezzz that PR 😭

[NeffIsBack]

Thanks for the PR! Much needed!

[NeffIsBack]

Reminder to us: when #688 is merged we need to also replace RPC auth there with the class in here.