Skip to content

2.2
Compare
Choose a tag to compare
@p0dalirius p0dalirius released this 12 Dec 11:55
· 45 commits to master since this release
2.2
9b830bd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This completely refactored release of Coercer is published alongside with the talk Searching for RPC Functions to Coerce Authentications in Microsoft Protocols presented at BlackHat Europe 2022 by Remi GASCOU (Podalirius)

Features:

  • Core:
    • Lists open SMB pipes on the remote machine (in modes scan authenticated and fuzz authenticated)
    • Tries to connect on a list of known SMB pipes on the remote machine (in modes scan unauthenticated and fuzz unauthenticated)
    • Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.
    • Random UNC paths generation to avoid caching failed attempts (all modes)
    • Configurable delay between attempts with --delay
  • Options:
    • Filter by method name with --filter-method-name or by protocol name with --filter-protocol-name (all modes)
    • Target a single machine --target or a list of targets from a file with --targets-file
    • Specify IP address OR interface to listen on for incoming authentications. (modes scan and fuzz)
  • Exporting results
    • Export results in SQLite format (modes scan and fuzz)
    • Export results in JSON format (modes scan and fuzz)
    • Export results in XSLX format (modes scan and fuzz)

Changelog:

  • Various bug fixes
  • Added MS-EVEN::ElfrOpenBELW (CheeseOunce) in a8fd037
  • Complete refactor of the code base
  • Created new modes scan, coerce and fuzz
Assets 2
Loading