Coercer icon indicating copy to clipboard operation
Coercer copied to clipboard

Published 20 hours ago verified publisher icon p0dalirius

[enhancement] Add NTLMv1 scan option

Open AdrianVollmer opened this issue 1 year ago • 1 comments

See #67. I included portions of Responder's code with minimal modifications. This means that Coercer must be GPL licensed.

In this approach, we monkeypatch Responder's SaveToDb function to modify control_structure accordingly.

When setting --stop-on-ntlm-auth in scan mode, coercer stops scanning a target completely upon receiving an SMB connection with NTLM authentication. This is useful if we want to find DCs supporting NTLMv1.

This PR should be taken as a proposal. Happy to discuss details!

AdrianVollmer avatar Nov 09 '23 09:11 AdrianVollmer

Hey @AdrianVollmer,

This is a very good idea, I'll look into it in January 2024!

Best regards,

p0dalirius avatar Nov 09 '23 09:11 p0dalirius

Sooo looks like I forgot to add a dependency. I didn't notice for a while because responder catches the relevant ImportError and replaces the exception with a print statement which I did not see because it was overwritten by the Coercer logs. With that being said, I gotta say it's been working well for me for a while now.

AdrianVollmer avatar Jun 26 '24 07:06 AdrianVollmer