Enumeration - Certificate Authority
Last updated
Was this helpful?
Last updated
Was this helpful?
# AD Module
Get-ADObject -Filter * -SearchBase 'CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=security,DC=local'
Get-ADObject -LDAPFilter '(objectclass=certificationAuthority)' -SearchBase 'CN=Configuration,DC=security,DC=local' | fl *# Get-CertificationAuthority -SearchBase LDAP://CN=Configuration,DC=security,DC=local
function Get-CertificationAuthority {
param([string]$searchBase = "LDAP://CN=Configuration,DC=security,DC=local")
$directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
$directorySearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($searchBase)
$directorySearcher.Filter = "(objectclass=certificationAuthority)"
$directorySearcher.PropertiesToLoad.Add("*") > $null
try {
$results = $directorySearcher.FindAll()
foreach ($result in $results) {
$properties = @{}
foreach ($prop in $result.Properties.PropertyNames) {
$properties[$prop] = $result.Properties[$prop][0]
}
$outputObj = New-Object PSObject -Property $properties
Write-Output $outputObj
}
}
catch {}
finally {
$results.Dispose()
}
}Github: https://github.com/GhostPack/Certify
Certify.exe cas
Invoke-Certify casGithub: https://github.com/ly4k/Certipy
certipy find -u <user> -p <password> -dc-ip 10.10.10.100 -stdout
