Comments (3)
Hello. First of all, you should make sure that the certificate requests are targeted the CA server and not the domain controller, which might explain the "STSTATUS_OBJECT_NAME_NOT_FOUND". Secondly, it sounds like this is a standalone CA server and not an enterprise CA server, which might explain the "ERR_CLIENT_NOT_TRUSTED". Can you verify or did you resolve the issues?
from certipy.
Hi. Thanks for your reply. Unfortunately I can no longer check or test things since I do not have access to the mentioned infrastructure anymore. However, according to https://serverfault.com/questions/826444/difference-between-microsoft-adcs-standalone-ca-and-enterprise-ca only enterprise CA servers have templates and as I mentioned there were plenty of those. You can also see that the ESC8 attack worked against the same ADCS server.
It is of course obvious to you but I wonder if the web interface is used for all ESCX attacks as it is for the ESC8 attack? Or put in other words, does the ESC8 attack, which worked, require using named pipes? Also, I think it is possible to restrict access to named pipes using ACLs. Could that be a explanation?
from certipy.
Hello @jsdhasfedssad Sorry for the late reply. I still haven't figured out why this is the case. However, I have implemented web enrollment in the upcoming version of Certipy, such that if web enrollment is enabled (HTTP/HTTPS), then it's possible to abuse ESC1-ESC3 (certificate templates) through that in case RPC is not available.
from certipy.
Related Issues (20)
- Traceback
- Certificate vulnerable but there is no Certificate Authority
- Unclear output when running from a machine account
- LDAPSocketOpenError HOT 2
- ESC 4 - Separate the -save-old functionality with the write vulnerable properties functionality.
- Report Schema Version During Template Enumeration (feature request) HOT 1
- digestmod issue HOT 6
- certipy: error: unrecognized arguments: ESC7 HOT 6
- [Errno 104] Connection reset by peer HOT 4
- ESC4 > ESC1 to CERTSRV_E_UNSUPPORTED_CERT_TYPE HOT 5
- Am I doing this ESC3 abuse wrong?
- The requested certificate template is not supported by this CA. HOT 5
- ESC4 Restore Old Configuration Not Working HOT 1
- LDAP3 not getting detected with Certipy HOT 4
- Errors when running v4.7 HOT 5
- Changing LDAP/LDAPS port in find HOT 8
- Domain Computers Can Enroll HOT 1
- Help determining if ESC8 vulnerability is false positive? HOT 3
- KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type) [Need Urgent Help] HOT 1
- auth error 1.2.840.10046.2.1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certipy.