┌──(kali㉿kali)-[~] └─$ certipy find -u judith.mader -p judith09 -dc-ip 10.10.11.41 -stdout -enabled Certipy v4.8.2 - by Oliver Lyak (ly4k) [*] Finding certificate templates [*] Found 34 certificate templates [*] Finding certificate authorities [*] Found 1 certificate authority [*] Found 12 enabled certificate templates [*] Trying to get CA configuration for 'certified-DC01-CA' via CSRA [!] Got error while trying to get CA configuration for 'certified-DC01-CA' via CSRA: CASessionError: code: 0x80070005 - E_ACCESSDENIED - General access denied error. [*] Trying to get CA configuration for 'certified-DC01-CA' via RRP [*] Got CA configuration for 'certified-DC01-CA' [*] Enumeration output: Certificate Authorities 0 CA Name : certified-DC01-CA DNS Name : DC01.certified.htb Certificate Subject : CN=certified-DC01-CA, DC=certified, DC=htb Certificate Serial Number : 36472F2C180FBB9B4983AD4D60CD5A9D Certificate Validity Start : 2024-05-13 15:33:41+00:00 Certificate Validity End : 2124-05-13 15:43:41+00:00 Web Enrollment : Disabled User Specified SAN : Disabled Request Disposition : Issue Enforce Encryption for Requests : Enabled Permissions Owner : CERTIFIED.HTB\Administrators Access Rights ManageCertificates : CERTIFIED.HTB\Administrators CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins ManageCa : CERTIFIED.HTB\Administrators CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Enroll : CERTIFIED.HTB\Authenticated Users Certificate Templates 0 Template Name : CertifiedAuthentication Display Name : Certified Authentication Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDirectoryPath SubjectAltRequireUpn Enrollment Flag : NoSecurityExtension AutoEnrollment PublishToDs Private Key Flag : 16842752 Extended Key Usage : Server Authentication Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1000 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\operator ca CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Administrator Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins CERTIFIED.HTB\Administrator Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins CERTIFIED.HTB\Administrator Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins CERTIFIED.HTB\Administrator 1 Template Name : KerberosAuthentication Display Name : Kerberos Authentication Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectAltRequireDns SubjectAltRequireDomainDns Enrollment Flag : AutoEnrollment Private Key Flag : AttestNone Extended Key Usage : Client Authentication Server Authentication Smart Card Logon KDC Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Enterprise Read-only Domain Controllers CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Domain Controllers CERTIFIED.HTB\Enterprise Admins CERTIFIED.HTB\Enterprise Domain Controllers Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 2 Template Name : DirectoryEmailReplication Display Name : Directory Email Replication Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : False Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectAltRequireDns SubjectAltRequireDirectoryGuid Enrollment Flag : AutoEnrollment PublishToDs IncludeSymmetricAlgorithms Private Key Flag : AttestNone Extended Key Usage : Directory Service Email Replication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Enterprise Read-only Domain Controllers CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Domain Controllers CERTIFIED.HTB\Enterprise Admins CERTIFIED.HTB\Enterprise Domain Controllers Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 3 Template Name : DomainControllerAuthentication Display Name : Domain Controller Authentication Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectAltRequireDns Enrollment Flag : AutoEnrollment Private Key Flag : AttestNone Extended Key Usage : Client Authentication Server Authentication Smart Card Logon Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Enterprise Read-only Domain Controllers CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Domain Controllers CERTIFIED.HTB\Enterprise Admins CERTIFIED.HTB\Enterprise Domain Controllers Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 4 Template Name : SubCA Display Name : Subordinate Certification Authority Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : True Any Purpose : True Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : None Private Key Flag : ExportableKey Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 5 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 5 Template Name : WebServer Display Name : Web Server Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : False Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : None Private Key Flag : AttestNone Extended Key Usage : Server Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 2 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 6 Template Name : DomainController Display Name : Domain Controller Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDnsAsCn SubjectAltRequireDns SubjectAltRequireDirectoryGuid Enrollment Flag : AutoEnrollment PublishToDs IncludeSymmetricAlgorithms Private Key Flag : AttestNone Extended Key Usage : Client Authentication Server Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Enterprise Read-only Domain Controllers CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Domain Controllers CERTIFIED.HTB\Enterprise Admins CERTIFIED.HTB\Enterprise Domain Controllers Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 7 Template Name : Machine Display Name : Computer Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDnsAsCn SubjectAltRequireDns Enrollment Flag : AutoEnrollment Private Key Flag : AttestNone Extended Key Usage : Client Authentication Server Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Domain Computers CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 8 Template Name : EFSRecovery Display Name : EFS Recovery Agent Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : False Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDirectoryPath SubjectAltRequireUpn Enrollment Flag : AutoEnrollment IncludeSymmetricAlgorithms Private Key Flag : ExportableKey Extended Key Usage : File Recovery Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 5 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 9 Template Name : Administrator Display Name : Administrator Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDirectoryPath SubjectRequireEmail SubjectAltRequireEmail SubjectAltRequireUpn Enrollment Flag : AutoEnrollment PublishToDs IncludeSymmetricAlgorithms Private Key Flag : ExportableKey Extended Key Usage : Microsoft Trust List Signing Encrypting File System Secure Email Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 10 Template Name : EFS Display Name : Basic EFS Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : False Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDirectoryPath SubjectAltRequireUpn Enrollment Flag : AutoEnrollment PublishToDs IncludeSymmetricAlgorithms Private Key Flag : ExportableKey Extended Key Usage : Encrypting File System Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Domain Users CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins 11 Template Name : User Display Name : User Certificate Authorities : certified-DC01-CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDirectoryPath SubjectRequireEmail SubjectAltRequireEmail SubjectAltRequireUpn Enrollment Flag : AutoEnrollment PublishToDs IncludeSymmetricAlgorithms Private Key Flag : ExportableKey Extended Key Usage : Encrypting File System Secure Email Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Domain Users CERTIFIED.HTB\Enterprise Admins Object Control Permissions Owner : CERTIFIED.HTB\Enterprise Admins Write Owner Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Dacl Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins Write Property Principals : CERTIFIED.HTB\Domain Admins CERTIFIED.HTB\Enterprise Admins