Project README

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.
PyPI GitHub release (latest by date)

Features

Core:
- Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
- Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
- Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
- Random UNC paths generation to avoid caching failed attempts (all modes)
- Configurable delay between attempts with --delay
Options:
- Filter by method name with --filter-method-name, by protocol name with --filter-protocol-name or by pipe name with --filter-pipe-name (all modes)
- Target a single machine --target or a list of targets from a file with --targets-file
- Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
Exporting results
- Export results in SQLite format (modes scan and fuzz)
- Export results in JSON format (modes scan and fuzz)
- Export results in XSLX format (modes scan and fuzz)

Installation

You can now install it from pypi (latest version is PyPI ) with this command:

sudo python3 -m pip install coercer

Quick start

You want to assess the Remote Procedure Calls listening on a machine to see if they can be leveraged to coerce an authentication?
- Use scan mode, example:
https://user-images.githubusercontent.com/79218792/204374471-bc5094a3-8539-4df7-842e-faadcaf9c945.mp4
You want to exploit the Remote Procedure Calls on a remote machine to coerce an authentication to ntlmrelay or responder?
- Use coerce mode, example:
https://user-images.githubusercontent.com/79218792/204372851-4ba461ed-6812-4057-829d-0af6a06b0ecc.mp4
You are doing research and want to fuzz Remote Procedure Calls listening on a machine with various paths?
- Use fuzz mode, example:
https://user-images.githubusercontent.com/79218792/204373310-64f90835-b544-4760-b0a3-3071429b3940.mp4

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

Credits

@tifkin_ and @elad_shamir for finding and implementing PrinterBug on MS-RPRN
@topotam77 for finding and implementing PetitPotam on MS-EFSR
@topotam77 for finding and @_nwodtuhs for implementing ShadowCoerce on MS-FSRVP
@filip_dragovic for finding and implementing DFSCoerce on MS-DFSNM
@evilashz for finding and implementing CheeseOunce on MS-EVEN

Open Source Agenda is not affiliated with "Coercer" Project. README Source: p0dalirius/Coercer

Stars

1,564

Open Issues

Last Commit

2 weeks ago

Repository

p0dalirius/Coercer

License

GPL 2.0

Homepage

https://podalirius.net/

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/coercer"><img src="https://www.opensourceagenda.com/projects/coercer/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

Coercer Save

Features

Installation

Quick start

Contributing

Credits

Open Source Agenda Badge

From the blog

How to Choose Which Programming Language to Learn First?

From the blog

How to Choose Which Programming Language to Learn First?