Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Erlang

Groovy

Scala

R

TypeScript

Go

Kotlin

Crystal

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Dart

Groovy

Swift

Clojure

Lua

R

Java

Erlang

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇲🇴 Macao

🇭🇰 Hong Kong

🇬🇺 Guam

🇵🇦 Panama

🇲🇶 Martinique

🇲🇿 Mozambique

🇪🇹 Ethiopia

🇭🇺 Hungary

All Countries Compare Countries

ShutdownRepo/ShadowCoerce

Stars
260
Rank 153,812 (Top 4 %)
Language
Python
License
GNU General Publi...
Created over 2 years ago
Updated over 2 years ago

ShutdownRepo/ShadowCoerce

ShutdownRepo

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

MS-FSRVP coercion abuse PoC

ShadowCoerce

MS-FSRVP coercion abuse PoC

Credits: Lionel GILLES (a.k.a. Topotam) Source: https://twitter.com/topotam77/status/1475701014204461056

Explanation: https://www.thehacker.recipes/ad/movement/mitm-and-coerced-authentications/ms-fsrvp

MS Docs: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fsrvp/dae107ec-8198-4778-a950-faa7edad125b

"File Server VSS Agent Service" needs to be enabled on the target server.

shadowcoerce.py -d "domain" -u "user" -p "password" LISTENER TARGET

In my tests, the coercion needed to be attempted twice in order to work when the FssAgent hadn't been requested in a while. TL;DR: run the command twice if it doesn't work.

The-Hacker-Recipes

This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile apps, iot, social engineering, etc.

pywhisker

Python version of the C# tool for "Shadow Credentials" attacks

Exegol

Exegol is a fully featured and community-driven hacking environment

shellerator

Simple CLI tool for the generation of bind and reverse shells in multiple languages

smartbrute

Password spraying and bruteforcing tool for Active Directory Domain Services

targetedKerberoast

Kerberoast with ACL abuse capabilities

The-Hacker-Tools

This project is aimed at freely providing technical guides on various hacking tools.

telegram-bot-cli

This is a command line tool I use when I want to get notified, on Telegram (on my phone), that something has finished running (on my laptop).

httpmethods

HTTP verb tampering & methods enumeration

uberfile

Simple CLI tool for the generation of downloader oneliners for UNIX-like or Windows systems

hashonymize

Anonymize your hashcat formatted files for online cracking

Get-GPPPassword

Python script for extracting and decrypting Group Policy Preferences passwords

CVE-2020-7961

Exploit script for CVE-2020-7961

google-colab-hashcat

Jupyter Notebook

Exegol-images

Docker images of the Exegol project

CrackMapExec-MachineAccountQuota

CrackMapExec module that retrieves the "MachineAccountQuota" domain-level attribute.