2.4.3: Fixed HTTP authentications

Release 2.4.3

2.4.2: Minor fixes

Release 2.4.2

2.3

This completely refactored release of Coercer is published alongside with the talk Searching for RPC Functions to Coerce Authentications in Microsoft Protocols presented at BlackHat Europe 2022 by Remi GASCOU (Podalirius)

Features:

• Core:
  • Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
  • Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
  • Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
  • Random UNC paths generation to avoid caching failed attempts (all modes)
  • Configurable delay between attempts with --delay
• Options:
  • Filter by method name with --filter-method-name or by protocol name with --filter-protocol-name (all modes)
  • Target a single machine --target or a list of targets from a file with --targets-file
  • Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
• Exporting results
  • Export results in SQLite format (modes scan and fuzz)
  • Export results in JSON format (modes scan and fuzz)
  • Export results in XSLX format (modes scan and fuzz)

Changelog:

• Various bug fixes
• Added MS-EVEN::ElfrOpenBELW (CheeseOunce) in a8fd037
• Complete refactor of the code base
• Created new modes scan, coerce and fuzz

2.2

This completely refactored release of Coercer is published alongside with the talk Searching for RPC Functions to Coerce Authentications in Microsoft Protocols presented at BlackHat Europe 2022 by Remi GASCOU (Podalirius)

Features:

• Core:
  • Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
  • Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
  • Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
  • Random UNC paths generation to avoid caching failed attempts (all modes)
  • Configurable delay between attempts with --delay
• Options:
  • Filter by method name with --filter-method-name or by protocol name with --filter-protocol-name (all modes)
  • Target a single machine --target or a list of targets from a file with --targets-file
  • Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
• Exporting results
  • Export results in SQLite format (modes scan and fuzz)
  • Export results in JSON format (modes scan and fuzz)
  • Export results in XSLX format (modes scan and fuzz)

Changelog:

• Various bug fixes
• Added MS-EVEN::ElfrOpenBELW (CheeseOunce) in a8fd037
• Complete refactor of the code base
• Created new modes scan, coerce and fuzz

2.1

This completely refactored release of Coercer is published alongside with the talk Searching for RPC Functions to Coerce Authentications in Microsoft Protocols presented at BlackHat Europe 2022 by Remi GASCOU (Podalirius)

Features:

• Core:
  • Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
  • Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
  • Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
  • Random UNC paths generation to avoid caching failed attempts (all modes)
  • Configurable delay between attempts with --delay
• Options:
  • Filter by method name with --filter-method-name or by protocol name with --filter-protocol-name (all modes)
  • Target a single machine --target or a list of targets from a file with --targets-file
  • Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
• Exporting results
  • Export results in SQLite format (modes scan and fuzz)
  • Export results in JSON format (modes scan and fuzz)
  • Export results in XSLX format (modes scan and fuzz)

Changelog:

• Complete refactor of the code base
• Created new modes scan, coerce and fuzz

2.4: BlackHat Edition

This completely refactored release of Coercer is published alongside with the talk Searching for RPC Functions to Coerce Authentications in Microsoft Protocols presented at BlackHat Europe 2022 by Remi GASCOU (Podalirius)

Features:

• Core:
  • Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
  • Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
  • Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
  • Random UNC paths generation to avoid caching failed attempts (all modes)
  • Configurable delay between attempts with --delay
• Options:
  • Filter by method name with --filter-method-name, by protocol name with --filter-protocol-name or by pipe name with --filter-pipe-name (all modes)
  • Target a single machine --target or a list of targets from a file with --targets-file
  • Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
• Exporting results
  • Export results in SQLite format (modes scan and fuzz)
  • Export results in JSON format (modes scan and fuzz)
  • Export results in XSLX format (modes scan and fuzz)

Changelog:

• Various bug fixes
• Added MS-EVEN::ElfrOpenBELW (CheeseOunce) in a8fd037
• Complete refactor of the code base
• Created new modes scan, coerce and fuzz

1.6: Bug fixes

• Fixed #10

1.5.1: Added setup.py installer

Merge pull request #8 from p0dalirius/add-setup-py-installer

Add setup py installer, fixes #7, release 1.5.1

1.4: Added MS-RPRN 'PrinterBug'

Added Added MS-RPRN 'PrinterBug' MS-RPRN:RpcRemoteFindFirstPrinterChangeNotificationEx()

1.3: Added WebDAV support

Update README.md