Got error while trying to request TGT: Kerberos SessionError: KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type) about certipy HOT 3 CLOSED

Hello, to avoid this error in your lab KDC_ERR_PADATA_TYPE_NOSUPP, you can request a certificate using mmc on your domain controller and request for a certificiate.
For the exploit that you describie now, did someone know what can we do with the hash of the domain controller? I have folowed this https://tryhackme.com/room/cve202226923 and dumped the domain controller hash.

from certipy.

Yes. If you setup the environment yourself, you haven't configured the KDC for Kerberos authentication with certificates (PKINIT). This means that you cannot use the certificate to authenticate through Kerberos. There is however another option I'm working on implementing in Certipy. If we connect to the DC via LDAPS, we can present the certificate as authentication in the TLS connection. In the meantime, you could try this out https://cravaterouge.github.io/ad/privesc/2022/05/11/bloodyad-and-CVE-2022-26923.html

If you want to setup your DC for Kerberos authentication with certificates, you need to request the certificate template "Kerberos" for your DC computer account

from certipy.

Hello, i've folowed this tutorial https://cravaterouge.github.io/ad/privesc/2022/05/11/bloodyad-and-CVE-2022-26923.html and when i get into this part : " python bloodyAD.py -d crashlab.local -c ":crashdc.pem" -u 'cve$' --host 10.100.10.12 setRbcd 'CVE$' 'CRASHDC$'" i have an ssl/tls error from ldap3. Sorry, i can't provide my console error now but i will provide a screenshot later. I wonder if you can help me?

And do you know how to setup a DC for kerberos authentification? My lab consist of one main DC in which ADCS is enable so i really don't understand why i still get this error describes above.

Thank you,

from certipy.