search

p0dalirius / Coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
https://podalirius.net/
GNU General Public License v2.0
1.81k stars 182 forks source link

[enhancement] Add NTLMv1 scan option #68

Closed AdrianVollmer closed 3 months ago

AdrianVollmer commented 1 year ago

See #67. I included portions of Responder's code with minimal modifications. This means that Coercer must be GPL licensed.

In this approach, we monkeypatch Responder's SaveToDb function to modify control_structure accordingly.

When setting --stop-on-ntlm-auth in scan mode, coercer stops scanning a target completely upon receiving an SMB connection with NTLM authentication. This is useful if we want to find DCs supporting NTLMv1.

This PR should be taken as a proposal. Happy to discuss details!

p0dalirius commented 1 year ago

Hey @AdrianVollmer,

This is a very good idea, I'll look into it in January 2024!

Best regards,

AdrianVollmer commented 5 months ago

Sooo looks like I forgot to add a dependency. I didn't notice for a while because responder catches the relevant ImportError and replaces the exception with a print statement which I did not see because it was overwritten by the Coercer logs. With that being said, I gotta say it's been working well for me for a while now.