Certipy icon indicating copy to clipboard operation
Certipy copied to clipboard
verified publisher icon ly4k

Added ability to overwrite Object SID when forging Golden Certificate…

Open RazzburyPi opened this issue 3 years ago • 2 comments

…s to bypass szOID_NTDS_CA_SECURITY_EXT checks

RazzburyPi avatar Aug 31 '22 23:08 RazzburyPi

Hello @RazzburyPi This is a great addition, thank you! I am however unsure of the prefix you add. Have you tested with different length of SIDs? I'd prefer if this prefix was an ASN1 structure object rather than a hard coded string to make it more clear. If you don't have much experience with ASN1, you can use an online decoder and look at some of my ASN1 structure objects. Otherwise, I'll see if I can make it for you 🙂

ly4k avatar Sep 01 '22 05:09 ly4k

@ly4k The prefix is something I identified by simply hexdumping the existing value for that extension from a valid certificate, and then finding a way to "make it work" when modifying that attribute. So far this change has been successful in two different environments. I do not have any experience with ASN1 objects, but am looking into incorporate a more "proper" solution, would love any help you can provide with incorporating the ASN1 object

RazzburyPi avatar Sep 02 '22 17:09 RazzburyPi

@ly4k Implemented ASN1 structure when building the security extension as you requested, also added ability to provide extension when requesting certificate as well to maintain ESC1 functionality post-certificate authentication patching.

RazzburyPi avatar Nov 11 '22 19:11 RazzburyPi

Added in latest release. Thank you though!

ly4k avatar Jun 19 '23 00:06 ly4k