Open 0xGreen opened 1 week ago
bloodyAD is specialized in Active Directory attacks while certipy is specialized in AD certificate attacks. That's why bloodyAD only do the first part of the exploit by writing into the AD and lets the kerberos part to another tool specialized for it.
But if you want to add this feature feel free to add it. I would ask you not to include more dependencies than what bloodyAD already has (so no impacket dependency, only minikerberos).
Wondering if it is possible to enhance the shadowCredential attack to remove the use of another tool?
So, the attack is a success but need another tool PKINITtools to get the TGT.
If it is possible to implement something like what
certipy
did would be awesome, it perform the same attack and provide TGT. (In the past, i guess PKINITtools was required for certipy as well)