Comments (3)
Hello, to avoid this error in your lab KDC_ERR_PADATA_TYPE_NOSUPP, you can request a certificate using mmc on your domain controller and request for a certificiate.
For the exploit that you describie now, did someone know what can we do with the hash of the domain controller? I have folowed this https://tryhackme.com/room/cve202226923 and dumped the domain controller hash.
from certipy.
Yes. If you setup the environment yourself, you haven't configured the KDC for Kerberos authentication with certificates (PKINIT). This means that you cannot use the certificate to authenticate through Kerberos. There is however another option I'm working on implementing in Certipy. If we connect to the DC via LDAPS, we can present the certificate as authentication in the TLS connection. In the meantime, you could try this out https://cravaterouge.github.io/ad/privesc/2022/05/11/bloodyad-and-CVE-2022-26923.html
If you want to setup your DC for Kerberos authentication with certificates, you need to request the certificate template "Kerberos" for your DC computer account
from certipy.
Hello, i've folowed this tutorial https://cravaterouge.github.io/ad/privesc/2022/05/11/bloodyad-and-CVE-2022-26923.html and when i get into this part : " python bloodyAD.py -d crashlab.local -c ":crashdc.pem" -u 'cve$' --host 10.100.10.12 setRbcd 'CVE$' 'CRASHDC$'" i have an ssl/tls error from ldap3. Sorry, i can't provide my console error now but i will provide a screenshot later. I wonder if you can help me?
And do you know how to setup a DC for kerberos authentification? My lab consist of one main DC in which ADCS is enable so i really don't understand why i still get this error describes above.
Thank you,
from certipy.
Related Issues (20)
- Unclear output when running from a machine account
- LDAPSocketOpenError HOT 2
- ESC 4 - Separate the -save-old functionality with the write vulnerable properties functionality.
- Report Schema Version During Template Enumeration (feature request) HOT 1
- digestmod issue HOT 6
- certipy: error: unrecognized arguments: ESC7 HOT 6
- [Errno 104] Connection reset by peer HOT 4
- ESC4 > ESC1 to CERTSRV_E_UNSUPPORTED_CERT_TYPE HOT 5
- Am I doing this ESC3 abuse wrong?
- The requested certificate template is not supported by this CA. HOT 5
- ESC4 Restore Old Configuration Not Working HOT 1
- LDAP3 not getting detected with Certipy HOT 4
- Errors when running v4.7 HOT 5
- Changing LDAP/LDAPS port in find HOT 8
- Domain Computers Can Enroll HOT 1
- Help determining if ESC8 vulnerability is false positive? HOT 3
- KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type) [Need Urgent Help] HOT 1
- auth error 1.2.840.10046.2.1 HOT 1
- pip install requires
- KB5014754 - SID Extension Policy Module HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certipy.