killchain-compendium/Cryptography/Certificate Vulnerabilities.md

26 lines
727 B
Markdown
Raw Normal View History

2023-08-16 17:22:04 +02:00
# Certificate Vulnerabilities
## Certipy
[ly4k's Certipy](https://github.com/ly4k/Certipy) is an offensive tool for
enumerating and abusing Active Directory Certificate Services (AD CS).
### Find Vulnerabilities Using Certipy
The `find` argument takes the DC's IP address a found user and a password.
Output is a text and JSON file containing information about the gathered
certificates and found vulnerabilities.
```sh
certipy find -u $USERNAME -p $PASSWORD -dc-ip $DC_IP
```
### Separate Certification and Keys from PFX Files Using Certipy
Separate a certificate and key from a `pfx` file in the following way
```sh
certipy cert -pfx file.pfx -nocert -out file.key
certipy cert -pfx file.pfx -nokey -out file.key
```