MS-FSRVP coercion abuse PoC

Last update: Dec 28, 2022

Related tags

Security related resources ShadowCoerce

Overview

ShadowCoerce

MS-FSRVP coercion abuse PoC

Credits: Gilles LIONEL (a.k.a. Topotam) Source: https://twitter.com/topotam77/status/1475701014204461056

Explanation: https://www.thehacker.recipes/ad/movement/mitm-and-coerced-authentications/ms-fsrvp

MS Docs: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fsrvp/dae107ec-8198-4778-a950-faa7edad125b

"File Server VSS Agent Service" needs to be enabled on the target server.

shadowcoerce.py -d "domain" -u "user" -p "password" LISTENER TARGET

In my tests, the coercion needed to be attempted twice in order to work when the FssAgent hadn't been requested in a while. TL;DR: run the command twice if it doesn't work.

Owner

Shutdown

GitHub Repository

a cool, easily usable and customisable subdomains scanner

Subdah 🔎 another subdomains scanner. Installation ⚠️ Python 3.10 required ⚠️ $ git clone https://github.com/traumatism/subdah $ cd subdah $ pip3 inst

14 Oct 18, 2022

cve-2021-21985 exploit

cve-2021-21985 exploit 0x01 漏洞点分析可见： https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构

105 Nov 22, 2022

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

168 Nov 09, 2022

Threat Intelligence Gathering 威胁情报收集，旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。

0x00 介绍 tig Threat Intelligence Gathering 威胁情报收集，旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率，目前已集成微步、IP 域名反查、Fofa 信息收集、ICP 备案查询、IP 存活检测五个模块，现已支持以下信息的查询： ✅ 微步标签 ✅ I

698 Dec 09, 2022

Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

CorrelAid Machine Learning Spring School Welcome to the CorrelAid ML Spring School! In this repository you can find the slides and other files for the

12 Nov 23, 2022

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

PocOrExp in Github 聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网注意：只通过通用的CVE号聚合，因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞，还是自己检索一下比较好 Usage python3 exp.py -h usage: ex

567 Dec 30, 2022

WhPhisher: a Phishing tool With Python

WhPhisher Herramienta para hacer phishing con muchos métodos de túneling -----Como Instalarlo------- pkg install python3 pkg install git git clone htt

80 Jan 02, 2023

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

Re-Scripts IA32-VMX-Helper (IDA-Script) IA32-MSR-Decoder (IDA-Script) IA32 VMX Helper It's an IDA script (Updated IA32 MSR Decoder) which helps you to

16 Oct 08, 2022

RCE 0-day for GhostScript 9.50 - Payload generator

RCE-0-day-for-GhostScript-9.50 PoC for RCE 0-day for GhostScript 9.50 - Payload generator The PoC in python generates payload when exploited for a 0-d

534 Dec 14, 2022

A knockoff social-engineer toolkit

The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s

48 Nov 26, 2022

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o

2 Nov 09, 2022

Repo for The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk

Repo for "The Crown: Exploratory Analysis of Nim Malware" DEF CON 615 talk

43 Dec 03, 2022

A python implementation of the windows 95 product key check.

Windows 95 Product Key Check Info: This is a python implementation of the windows 95 product key check. This was just a bit of fun and a massive 5 hou

11 Aug 07, 2022

A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

5 Aug 25, 2022

An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

Log4JHunt An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability. Video demo: Usage Here the help usage: $ python3 log4jhunt.py

39 Nov 21, 2022

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effec

2 Mar 23, 2022

MS-FSRVP coercion abuse PoC

Related tags

Overview

ShadowCoerce

Owner

Shutdown

a cool, easily usable and customisable subdomains scanner

cve-2021-21985 exploit

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

Threat Intelligence Gathering 威胁情报收集，旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。

Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

WhPhisher: a Phishing tool With Python

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

RCE 0-day for GhostScript 9.50 - Payload generator

A knockoff social-engineer toolkit

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

Repo for The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk

A python implementation of the windows 95 product key check.

A Radare2 based Python module for Binary Analysis and Reverse Engineering.

An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Proof of concept GnuCash Webinterface

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

An All-In-One Pure Python PoC for CVE-2021-44228