Skip to content

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

License

Notifications You must be signed in to change notification settings

p0dalirius/Coercer

Repository files navigation

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.
PyPI GitHub release (latest by date) YouTube Channel Subscribers

Features

  • Core:
    • Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
    • Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
    • Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
    • Random UNC paths generation to avoid caching failed attempts (all modes)
    • Configurable delay between attempts with --delay
  • Options:
    • Filter by method name with --filter-method-name, by protocol name with --filter-protocol-name or by pipe name with --filter-pipe-name (all modes)
    • Target a single machine --target or a list of targets from a file with --targets-file
    • Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
  • Exporting results
    • Export results in SQLite format (modes scan and fuzz)
    • Export results in JSON format (modes scan and fuzz)
    • Export results in XSLX format (modes scan and fuzz)

Installation

You can now install it from pypi (latest version is PyPI) with this command:

sudo python3 -m pip install coercer

Quick start

  • You want to assess the Remote Procedure Calls listening on a machine to see if they can be leveraged to coerce an authentication?

    demo-scan.mp4
  • You want to exploit the Remote Procedure Calls on a remote machine to coerce an authentication to ntlmrelay or responder?

    demo-coerce.mp4
  • You are doing research and want to fuzz Remote Procedure Calls listening on a machine with various paths?

    demo-fuzz.mp4

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

Credits