Add --stop-on-ntlm-auth switch to scan mode args

p0dalirius · Jun 25, 2024 · 6e3cc84 · 6e3cc84
1 parent 28f3851
commit 6e3cc84
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/coercer/__main__.py b/coercer/__main__.py
@@ -51,6 +51,7 @@ def parseArgs():
     mode_scan_advanced_config.add_argument("--dce-port", default=135, type=int, help="DCERPC port (default: 135)")
     mode_scan_advanced_config.add_argument("--dce-ports", default=[], nargs='+', type=int, help="DCERPC ports")
     mode_scan_advanced_config.add_argument("--auth-type", default=None, type=str, help="Desired authentication type ('smb' or 'http').")
+    mode_scan_advanced_config.add_argument("--stop-on-ntlm-auth", default=False, action="store_true", help="Move on to next target on successful NTLM authentication.")
     # Filters
     mode_scan_filters = mode_scan.add_argument_group("Filtering")
     mode_scan_filters.add_argument("--filter-method-name", default=[], action='append', type=str, help="")

diff --git a/coercer/core/modes/scan.py b/coercer/core/modes/scan.py
@@ -145,6 +145,10 @@ def action_scan(target, available_methods, options, credentials, reporter):
                                             if result == TestResult.NCA_S_UNK_IF:
                                                 stop_exploiting_this_function = True
 
+                                            if options.stop_on_ntlm_auth and result in [TestResult.SMB_AUTH_RECEIVED_NTLMv1, TestResult.SMB_AUTH_RECEIVED_NTLMv2]:
+                                                print("[!] NTLM authentication received; moving on to next target")
+                                                return None
+
                                     if options.delay is not None:
                                         # Sleep between attempts
                                         time.sleep(options.delay)
@@ -213,6 +217,10 @@ def action_scan(target, available_methods, options, credentials, reporter):
                                             if result == TestResult.NCA_S_UNK_IF:
                                                 stop_exploiting_this_function = True
 
+                                            if options.stop_on_ntlm_auth and result in [TestResult.SMB_AUTH_RECEIVED_NTLMv1, TestResult.SMB_AUTH_RECEIVED_NTLMv2]:
+                                                print("[!] NTLM authentication received; moving on to next target")
+                                                return None
+
                                     if options.delay is not None:
                                         # Sleep between attempts
                                         time.sleep(options.delay)