diff --git a/coercer/__main__.py b/coercer/__main__.py index ad75f52..24772e0 100755 --- a/coercer/__main__.py +++ b/coercer/__main__.py @@ -75,6 +75,7 @@ def parseArgs(): mode_scan_targets_listener = mode_scan.add_mutually_exclusive_group(required=False) mode_scan_targets_listener.add_argument("-i", "--interface", default=None, help="Interface to listen on incoming authentications.") mode_scan_targets_listener.add_argument("-I", "--ip-address", default=None, help="IP address to listen on incoming authentications.") + mode_scan_targets_listener.add_argument("--path-ip", default=None, help="IP address to use when generating exploit paths.") # Creating the "fuzz" subparser ============================================================================================================== mode_fuzz = argparse.ArgumentParser(add_help=False) @@ -114,7 +115,8 @@ def parseArgs(): mode_fuzz_targets_listener = mode_fuzz.add_mutually_exclusive_group(required=False) mode_fuzz_targets_listener.add_argument("-i", "--interface", default=None, help="Interface to listen on incoming authentications.") mode_fuzz_targets_listener.add_argument("-I", "--ip-address", default=None, help="IP address to listen on incoming authentications.") - + mode_fuzz_targets_listener.add_argument("--path-ip", default=None, help="IP address to use when generating exploit paths.") + # Creating the "coerce" subparser ============================================================================================================== mode_coerce = argparse.ArgumentParser(add_help=False) mode_coerce.add_argument("-v", "--verbose", default=False, action="store_true", help="Verbose mode (default: False)") diff --git a/coercer/core/modes/fuzz.py b/coercer/core/modes/fuzz.py index 1a23ee0..a3337d5 100644 --- a/coercer/core/modes/fuzz.py +++ b/coercer/core/modes/fuzz.py @@ -152,11 +152,14 @@ def action_fuzz(target, available_methods, options, credentials, reporter): exploitpath = generate_exploit_path_from_template( template=exploitpath, - listener=listening_ip, + listener=options.path_ip or listening_ip, http_listen_port=http_listen_port, smb_listen_port=options.smb_port ) + if options.path_ip: + print(" [+] Using user provided path %s" % exploitpath) + msprotocol_rpc_instance = msprotocol_class(path=exploitpath) dcerpc = DCERPCSession(credentials=credentials, verbose=True) dcerpc.connect_ncacn_ip_tcp(target=target, port=port) diff --git a/coercer/core/modes/scan.py b/coercer/core/modes/scan.py index fb73e9e..b57cfc4 100644 --- a/coercer/core/modes/scan.py +++ b/coercer/core/modes/scan.py @@ -110,11 +110,14 @@ def action_scan(target, available_methods, options, credentials, reporter): exploitpath = generate_exploit_path_from_template( template=exploitpath, - listener=listening_ip, + listener=options.path_ip or listening_ip, http_listen_port=options.http_port, smb_listen_port=options.smb_port ) + if options.path_ip: + print(" [+] Using user provided path %s" % exploitpath) + msprotocol_rpc_instance = msprotocol_class(path=exploitpath) dcerpc = DCERPCSession(credentials=credentials, verbose=True) dcerpc.connect_ncacn_ip_tcp(target=target, port=port)