killchain-compendium/Cryptography/Certificate Vulnerabilities.md

# Certificate Vulnerabilities

## Certipy

[ly4k's Certipy](https://github.com/ly4k/Certipy) is an offensive tool for
enumerating and abusing Active Directory Certificate Services (AD CS).

### Find Vulnerabilities Using Certipy

The `find` argument takes the DC's IP address a found user and a password.
Output is a text and JSON file containing information about the gathered
certificates and found vulnerabilities.

```sh
certipy find -u $USERNAME -p $PASSWORD -dc-ip $DC_IP
```

### Separate Certification and Keys from PFX Files Using Certipy

Separate a certificate and key from a `pfx` file in the following way

```sh
certipy cert -pfx file.pfx -nocert -out file.key
certipy cert -pfx file.pfx -nokey -out file.key
```
certipy 2023-08-16 17:22:04 +02:00			`# Certificate Vulnerabilities`

			`## Certipy`

			`[ly4k's Certipy](https://github.com/ly4k/Certipy) is an offensive tool for`
			`enumerating and abusing Active Directory Certificate Services (AD CS).`

			`### Find Vulnerabilities Using Certipy`

			The `find` argument takes the DC's IP address a found user and a password.
			`Output is a text and JSON file containing information about the gathered`
			`certificates and found vulnerabilities.`

			```sh
			`certipy find -u $USERNAME -p $PASSWORD -dc-ip $DC_IP`
			```

			`### Separate Certification and Keys from PFX Files Using Certipy`

			Separate a certificate and key from a `pfx` file in the following way

			```sh
			`certipy cert -pfx file.pfx -nocert -out file.key`
			`certipy cert -pfx file.pfx -nokey -out file.key`
			```