Skip to content
/ Coercer Public

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

podalirius.net/

License

GPL-2.0 license
2k stars 199 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

p0dalirius/Coercer

BranchesTags

Repository files navigation

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.
PyPI GitHub release (latest by date) YouTube Channel Subscribers

Windows Support

To build a binary for Windows, download the installer.ps1 script from this repository. Run it simply with no arguments to create a binary in the working directory. Use -h or --help for the help menu with options.

Features

  • Core:
    • Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
    • Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
    • Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
    • Random UNC paths generation to avoid caching failed attempts (all modes)
    • Configurable delay between attempts with --delay
  • Options:
    • Filter by method name with --filter-method-name, by protocol name with --filter-protocol-name or by pipe name with --filter-pipe-name (all modes)
    • Target a single machine --target or a list of targets from a file with --targets-file
    • Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
  • Exporting results
    • Export results in SQLite format (modes scan and fuzz)
    • Export results in JSON format (modes scan and fuzz)
    • Export results in XSLX format (modes scan and fuzz)

Installation

You can now install it from pypi (latest version is PyPI) with this command:

sudo python3 -m pip install coercer

Shell Completions

Coercer uses argcomplete to autogenerate tab completions for your shell (bash, zsh, fish, ...). See the argcomplete README for how to enable tab completions.

Quick start

  • You want to assess the Remote Procedure Calls listening on a machine to see if they can be leveraged to coerce an authentication?

    demo-scan.mp4

  • You want to exploit the Remote Procedure Calls on a remote machine to coerce an authentication to ntlmrelay or responder?

    demo-coerce.mp4

  • You are doing research and want to fuzz Remote Procedure Calls listening on a machine with various paths?

    demo-fuzz.mp4

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

Credits

About

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

podalirius.net/

Topics

authentication rpc call automatic ntlm fuzzing privilege-escalation coerce

Resources

Readme

License

GPL-2.0 license
Activity

Stars

2k stars

Watchers

24 watching

Forks

199 forks
Report repository

Releases 11

2.4.3: Fixed HTTP authentications Latest
Oct 4, 2023
+ 10 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Contributors 16

+ 2 contributors

Languages