Last updated 8 months ago
# AD Module Get-ADObject -Filter * -SearchBase 'CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=security,DC=local' Get-ADObject -LDAPFilter '(objectclass=certificationAuthority)' -SearchBase 'CN=Configuration,DC=security,DC=local' | fl *
# Get-CertificationAuthority -SearchBase LDAP://CN=Configuration,DC=security,DC=local function Get-CertificationAuthority { param([string]$searchBase = "LDAP://CN=Configuration,DC=security,DC=local") $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher $directorySearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($searchBase) $directorySearcher.Filter = "(objectclass=certificationAuthority)" $directorySearcher.PropertiesToLoad.Add("*") > $null try { $results = $directorySearcher.FindAll() foreach ($result in $results) { $properties = @{} foreach ($prop in $result.Properties.PropertyNames) { $properties[$prop] = $result.Properties[$prop][0] } $outputObj = New-Object PSObject -Property $properties Write-Output $outputObj } } catch {} finally { $results.Dispose() } }
Github: https://github.com/GhostPack/Certify
Certify.exe cas Invoke-Certify cas
Github: https://github.com/ly4k/Certipy
certipy find -u <user> -p <password> -dc-ip 10.10.10.100 -stdout
