Enumeration - Certificate Authority

Windows

Native

# AD Module
Get-ADObject -Filter * -SearchBase 'CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=security,DC=local'

Get-ADObject -LDAPFilter '(objectclass=certificationAuthority)' -SearchBase 'CN=Configuration,DC=security,DC=local' | fl *

# Get-CertificationAuthority -SearchBase LDAP://CN=Configuration,DC=security,DC=local

function Get-CertificationAuthority {
    param([string]$searchBase = "LDAP://CN=Configuration,DC=security,DC=local")
    
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($searchBase)
    $directorySearcher.Filter = "(objectclass=certificationAuthority)"
    $directorySearcher.PropertiesToLoad.Add("*") > $null
    
    try {
        $results = $directorySearcher.FindAll()
        foreach ($result in $results) {
            $properties = @{}
            foreach ($prop in $result.Properties.PropertyNames) {
                $properties[$prop] = $result.Properties[$prop][0]
            }
            
            $outputObj = New-Object PSObject -Property $properties
            Write-Output $outputObj
        }
    }
    catch {}
    finally {
        $results.Dispose()
    }
}

Certify

Github: https://github.com/GhostPack/Certify

Certify.exe cas 
Invoke-Certify cas

Linux

Certipy

Github: https://github.com/ly4k/Certipy

certipy find -u <user> -p <password> -dc-ip 10.10.10.100 -stdout

Last updated 1 year ago