You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying out Certipy in a cross-forest (inter-realm) attack scenario. I have a bidirectional trust between the forests adlab.local and adlab2.local. ADCS is installed in the adlab.local forest and has IP 10.0.0.200. IP 10.0.0.203 belongs to the DC in the adlab2.local forest.
Issue 1: The domain group domain [email protected] has been given enrollment rights on the certificate template ESC1. Still, the find command does not output this. See the top at the below screenshot. Below that you can see that the ESC1 attack actually works for accounts from the adlab2.local forest.
Issue 2: Despite that abusing ESC1 using accounts from the adlab2.local forest works, one cannot use accounts from the same forest for authentication when using the find command. No matter which DC you target. See the bottom half of the screenshot.
The text was updated successfully, but these errors were encountered:
Hi,
I am trying out Certipy in a cross-forest (inter-realm) attack scenario. I have a bidirectional trust between the forests adlab.local and adlab2.local. ADCS is installed in the adlab.local forest and has IP 10.0.0.200. IP 10.0.0.203 belongs to the DC in the adlab2.local forest.
Issue 1: The domain group
domain [email protected]
has been given enrollment rights on the certificate template ESC1. Still, thefind
command does not output this. See the top at the below screenshot. Below that you can see that the ESC1 attack actually works for accounts from the adlab2.local forest.Issue 2: Despite that abusing ESC1 using accounts from the adlab2.local forest works, one cannot use accounts from the same forest for authentication when using the
find
command. No matter which DC you target. See the bottom half of the screenshot.The text was updated successfully, but these errors were encountered: