Skip to content

ShutdownRepo/ShadowCoerce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.assets
.assets
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
shadowcoerce.py
shadowcoerce.py
 
 

Repository files navigation

ShadowCoerce

MS-FSRVP coercion abuse PoC

Credits: Lionel GILLES (a.k.a. Topotam) Source: https://twitter.com/topotam77/status/1475701014204461056

Explanation: https://www.thehacker.recipes/ad/movement/mitm-and-coerced-authentications/ms-fsrvp

MS Docs: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fsrvp/dae107ec-8198-4778-a950-faa7edad125b

"File Server VSS Agent Service" needs to be enabled on the target server.

shadowcoerce.py -d "domain" -u "user" -p "password" LISTENER TARGET

example

In my tests, the coercion needed to be attempted twice in order to work when the FssAgent hadn't been requested in a while. TL;DR: run the command twice if it doesn't work.

About

MS-FSRVP coercion abuse PoC

Resources

Readme

License

GPL-3.0 license
Activity

Stars

302 stars

Watchers

5 watching

Forks

41 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages