LDAP - Privileges Escalation
A list of LDAP Privileges Escalation Techniques.
ADCS: Active Directory Certificate Services
A list of privileges techniques for ADCS.
Certificate Template Exploit
Certificate templates in ADCS (Active Directory Certificate Services) are pre-configured templates that define the parameters for a particular type of certificate that can be issued by the certificate authority (CA).
We can use Certify.exe to find vulnerable certificate template.
Request a new certificate with the vulnerable template and try to impersonate.
This will produce a cert.pem
. Use openssl
to convert it into .pfx
.
Now ask the TGT using Certipy.
π‘You can find more information about this subject at links below:
ADCS privesc Ressources
Certify: tool to enumerate and abuse misconfigurations in ADCS ;
PKINITools: some utilities for playing with PKINIT and certificates.
Last updated