• Stars
    star
    260
  • Rank 153,519 (Top 4 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 2 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

MS-FSRVP coercion abuse PoC

ShadowCoerce

MS-FSRVP coercion abuse PoC

Credits: Lionel GILLES (a.k.a. Topotam) Source: https://twitter.com/topotam77/status/1475701014204461056

Explanation: https://www.thehacker.recipes/ad/movement/mitm-and-coerced-authentications/ms-fsrvp

MS Docs: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fsrvp/dae107ec-8198-4778-a950-faa7edad125b

"File Server VSS Agent Service" needs to be enabled on the target server.

shadowcoerce.py -d "domain" -u "user" -p "password" LISTENER TARGET

example

In my tests, the coercion needed to be attempted twice in order to work when the FssAgent hadn't been requested in a while. TL;DR: run the command twice if it doesn't work.

More Repositories

1

The-Hacker-Recipes

This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile apps, iot, social engineering, etc.
587
star
2

pywhisker

Python version of the C# tool for "Shadow Credentials" attacks
Python
548
star
3

Exegol

Exegol is a fully featured and community-driven hacking environment
Shell
468
star
4

shellerator

Simple CLI tool for the generation of bind and reverse shells in multiple languages
Python
344
star
5

smartbrute

Password spraying and bruteforcing tool for Active Directory Domain Services
Python
316
star
6

targetedKerberoast

Kerberoast with ACL abuse capabilities
Python
280
star
7

The-Hacker-Tools

This project is aimed at freely providing technical guides on various hacking tools.
75
star
8

telegram-bot-cli

This is a command line tool I use when I want to get notified, on Telegram (on my phone), that something has finished running (on my laptop).
Python
58
star
9

httpmethods

HTTP verb tampering & methods enumeration
Python
50
star
10

uberfile

Simple CLI tool for the generation of downloader oneliners for UNIX-like or Windows systems
Python
35
star
11

hashonymize

Anonymize your hashcat formatted files for online cracking
Python
26
star
12

Get-GPPPassword

Python script for extracting and decrypting Group Policy Preferences passwords
Python
19
star
13

CVE-2020-7961

Exploit script for CVE-2020-7961
Python
18
star
14

google-colab-hashcat

Jupyter Notebook
14
star
15

Exegol-images

Docker images of the Exegol project
Shell
1
star
16

CrackMapExec-MachineAccountQuota

CrackMapExec module that retrieves the "MachineAccountQuota" domain-level attribute.
Python
1
star