search

p0dalirius / Coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
https://podalirius.net/
GNU General Public License v2.0
1.81k stars 182 forks source link

[enhancement] Possible inclusion for id_rsa private keys ? #72

Closed Shellshock9001 closed 11 months ago

Shellshock9001 commented 11 months ago

A great addition would be adding id_rsa keys this way in case you don’t have the password.

p0dalirius commented 11 months ago

Hi!

You mean connecting to an account with certificates ?

Shellshock9001 commented 11 months ago

Hi!

You mean connecting to an account with certificates ?

When you find a private key and get an id_rsa key. That allows you to ssh without a password.

if we could use this tool without a password and use an id_rsa key

also if we could use the tool with a hash.

Since those are the 3 common ways to log in.

p0dalirius commented 11 months ago

Hi,

Coercer can already be used with LM or NT or both hashes, as stated in the help message:

  --hashes [LMHASH]:NTHASH
                        NT/LM hashes (LM hash can be empty)

I'm assuming you want to connect with a PFX certificate as stored in ms-DS-KeyCredentialLink, I'll add this

Best regards,