From 2c7e23d8ed8c84ca97fcfa241e10bb3409740446 Mon Sep 17 00:00:00 2001 From: whackx Date: Wed, 16 Aug 2023 17:22:04 +0200 Subject: [PATCH] certipy --- .../Active Directory/AD Enumeration.md | 0 .../Active Directory/AD Gaining Foothold.md | 0 .../Active Directory/AD Hardening.md | 0 .../Active Directory/AD Lateral Movement.md | 0 .../Active Directory/AD Misconfiguration.md | 0 .../Active Directory/AD Persistance.md | 0 .../Active Directory Basics.md | 0 .../Active Directory Certificate Service.md | 0 .../ad_hardening_tryhackme.png | Bin .../Active Directory/powerview.ps1 | 0 Cryptography/Certificate Vulnerabilities.md | 25 ++++++++++++++++++ 11 files changed, 25 insertions(+) rename {Miscellaneous => Cryptography}/Active Directory/AD Enumeration.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/AD Gaining Foothold.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/AD Hardening.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/AD Lateral Movement.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/AD Misconfiguration.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/AD Persistance.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/Active Directory Basics.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/Active Directory Certificate Service.md (100%) rename {Miscellaneous => Cryptography}/Active Directory/ad_hardening_tryhackme.png (100%) rename {Miscellaneous => Cryptography}/Active Directory/powerview.ps1 (100%) create mode 100644 Cryptography/Certificate Vulnerabilities.md diff --git a/Miscellaneous/Active Directory/AD Enumeration.md b/Cryptography/Active Directory/AD Enumeration.md similarity index 100% rename from Miscellaneous/Active Directory/AD Enumeration.md rename to Cryptography/Active Directory/AD Enumeration.md diff --git a/Miscellaneous/Active Directory/AD Gaining Foothold.md b/Cryptography/Active Directory/AD Gaining Foothold.md similarity index 100% rename from Miscellaneous/Active Directory/AD Gaining Foothold.md rename to Cryptography/Active Directory/AD Gaining Foothold.md diff --git a/Miscellaneous/Active Directory/AD Hardening.md b/Cryptography/Active Directory/AD Hardening.md similarity index 100% rename from Miscellaneous/Active Directory/AD Hardening.md rename to Cryptography/Active Directory/AD Hardening.md diff --git a/Miscellaneous/Active Directory/AD Lateral Movement.md b/Cryptography/Active Directory/AD Lateral Movement.md similarity index 100% rename from Miscellaneous/Active Directory/AD Lateral Movement.md rename to Cryptography/Active Directory/AD Lateral Movement.md diff --git a/Miscellaneous/Active Directory/AD Misconfiguration.md b/Cryptography/Active Directory/AD Misconfiguration.md similarity index 100% rename from Miscellaneous/Active Directory/AD Misconfiguration.md rename to Cryptography/Active Directory/AD Misconfiguration.md diff --git a/Miscellaneous/Active Directory/AD Persistance.md b/Cryptography/Active Directory/AD Persistance.md similarity index 100% rename from Miscellaneous/Active Directory/AD Persistance.md rename to Cryptography/Active Directory/AD Persistance.md diff --git a/Miscellaneous/Active Directory/Active Directory Basics.md b/Cryptography/Active Directory/Active Directory Basics.md similarity index 100% rename from Miscellaneous/Active Directory/Active Directory Basics.md rename to Cryptography/Active Directory/Active Directory Basics.md diff --git a/Miscellaneous/Active Directory/Active Directory Certificate Service.md b/Cryptography/Active Directory/Active Directory Certificate Service.md similarity index 100% rename from Miscellaneous/Active Directory/Active Directory Certificate Service.md rename to Cryptography/Active Directory/Active Directory Certificate Service.md diff --git a/Miscellaneous/Active Directory/ad_hardening_tryhackme.png b/Cryptography/Active Directory/ad_hardening_tryhackme.png similarity index 100% rename from Miscellaneous/Active Directory/ad_hardening_tryhackme.png rename to Cryptography/Active Directory/ad_hardening_tryhackme.png diff --git a/Miscellaneous/Active Directory/powerview.ps1 b/Cryptography/Active Directory/powerview.ps1 similarity index 100% rename from Miscellaneous/Active Directory/powerview.ps1 rename to Cryptography/Active Directory/powerview.ps1 diff --git a/Cryptography/Certificate Vulnerabilities.md b/Cryptography/Certificate Vulnerabilities.md new file mode 100644 index 0000000..73d9326 --- /dev/null +++ b/Cryptography/Certificate Vulnerabilities.md @@ -0,0 +1,25 @@ +# Certificate Vulnerabilities + +## Certipy + +[ly4k's Certipy](https://github.com/ly4k/Certipy) is an offensive tool for +enumerating and abusing Active Directory Certificate Services (AD CS). + +### Find Vulnerabilities Using Certipy + +The `find` argument takes the DC's IP address a found user and a password. +Output is a text and JSON file containing information about the gathered +certificates and found vulnerabilities. + +```sh +certipy find -u $USERNAME -p $PASSWORD -dc-ip $DC_IP +``` + +### Separate Certification and Keys from PFX Files Using Certipy + +Separate a certificate and key from a `pfx` file in the following way + +```sh +certipy cert -pfx file.pfx -nocert -out file.key +certipy cert -pfx file.pfx -nokey -out file.key +```