Coercer

Coercer is designed for security researchers and penetration testers working with Active Directory environments. Its primary purpose is to coerce Windows servers into authenticating against attacker-controlled machines, enabling techniques like NTLM relay attacks. The tool automates multiple coercion methods, making it efficient for testing authentication relay vulnerabilities across different Windows services and paths.

Use cases include AD certificate services attacks, lateral movement testing, and identification of misconfigured authentication endpoints. The scan mode tests known working paths across all methods to detect successful authentications, while coerce mode triggers authentications systematically. Fuzz mode tests every method with custom exploit paths to discover new coercion opportunities.

The tool integrates with OffSec's PEN-300 training, specifically covering NTLM relay to ADCS HTTP endpoints, providing practical context for real-world Active Directory exploitation scenarios.

Coercer leverages multiple Windows authentication coercion techniques to force a target server to authenticate against a specified machine, typically for NTLM relay attacks. It supports three operational modes: scan tests all known methods with verified working paths and reports successful authentications; coerce systematically triggers authentications across all known methods; fuzz tests each method against a list of exploit paths to identify new coercion vectors. The tool uses Python libraries like impacket for network interactions and handles various Windows services and authentication protocols.