26 lines
727 B
Markdown
26 lines
727 B
Markdown
# Certificate Vulnerabilities
|
|
|
|
## Certipy
|
|
|
|
[ly4k's Certipy](https://github.com/ly4k/Certipy) is an offensive tool for
|
|
enumerating and abusing Active Directory Certificate Services (AD CS).
|
|
|
|
### Find Vulnerabilities Using Certipy
|
|
|
|
The `find` argument takes the DC's IP address a found user and a password.
|
|
Output is a text and JSON file containing information about the gathered
|
|
certificates and found vulnerabilities.
|
|
|
|
```sh
|
|
certipy find -u $USERNAME -p $PASSWORD -dc-ip $DC_IP
|
|
```
|
|
|
|
### Separate Certification and Keys from PFX Files Using Certipy
|
|
|
|
Separate a certificate and key from a `pfx` file in the following way
|
|
|
|
```sh
|
|
certipy cert -pfx file.pfx -nocert -out file.key
|
|
certipy cert -pfx file.pfx -nokey -out file.key
|
|
```
|