Wednesday, September 7, 2022
HomeHackerA Python Script To Robotically Coerce A Home windows Server To Authenticate...

A Python Script To Robotically Coerce A Home windows Server To Authenticate On An Arbitrary Machine Via 9 Strategies




A python script to robotically coerce a Home windows server to authenticate on an arbitrary machine by 9 strategies.

Options

Utilization

$ ./Coercer.py -h                                                                                                  

______
/ ____/___ ___ _____________ _____
/ / / __ / _ / ___/ ___/ _ / ___/
/ /___/ /_/ / __/ / / /__/ __/ / v1.6
____/____/___/_/ ___/___/_/ by @podalirius_

utilization: Coercer.py [-h] [-u USERNAME] [-p PASSWORD] [-d DOMAIN] [--hashes [LMHASH]:NTHASH] [--no-pass] [-v] [-a] [-k] [--dc-ip ip address] [-l LISTENER] [-wh WEBDAV_HOST] [-wp WEBDAV_PORT]
(-t TARGET | -f TARGETS_FILE) [--target-ip ip address]

Computerized home windows authentication coercer over numerous RPC calls.

choices:
-h, --help present this assist message and exit
-u USERNAME, --username USERNAME
Username to authenticate to the endpoint.
-p PASSWORD, --password PASSWORD
Password to authenticate to the endpoint. (if omitted, will probably be requested until -no-pass is specified)
-d DOMAIN, --domain DOMAIN
Home windows area identify to authenticate to the endpoint.
--hashes [LMHASH]:NTHASH
NT/LM hashes (LM hash could be empty)
--no-pass Do not ask for password (helpful for -k)
-v, --verbose Verbose mode (default: False)
-a, --analyze Analyze mode (default: Assault mode)
-k, --kerberos Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based mostly on the right track parameters. If legitimate credentials can't be discovered, it's going to use those specified within the
command line
--dc-ip ip deal with IP Deal with of the area controller. If omitted it's going to use the area half (FQDN) specified within the goal parameter
-t TARGET, --target TARGET
IP deal with or hostname of the goal machine
-f TARGETS_FILE, --targets-file TARGETS_FILE
IP deal with or hostname of the goal machine
--target-ip ip deal with
IP Deal with of the goal machine. If omitted it's going to use no matter was specified as goal. That is helpful when goal is the NetBIOS identify or Kerberos identify and you can't resolve it

-l LISTENER, --listener LISTENER
IP deal with or hostname of the listener machine
-wh WEBDAV_HOST, --webdav-host WEBDAV_HOST
WebDAV IP of the server to authenticate to.
-wp WEBDAV_PORT, --webdav-port WEBDAV_PORT
WebDAV port of the server to authenticate to.

Instance output

In assault mode (with out --analyze possibility) you get the next output:

After all of the RPC calls, you get loads of authentications in Responder:

Contributing

Pull requests are welcome. Be happy to open a problem if you wish to add different options.

Credit



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments