search

GhostPack / Certify

Active Directory certificate abuse.
Other
1.46k stars 198 forks source link

Crash on Windows Server 2016 #6

Open BlackyFox opened 3 years ago

BlackyFox commented 3 years ago

Hi,

I was trying out some requests and an exception is returned during execution. Compiled on Windows Server 2022 with VS2019.

.\Certify.exe find /vulnerable or .\Certify.exe find /clientauth works fine. The error comes when I try the following command: .\Certify.exe request /ca:REDACTED /template:REDACTED /altname:DOMAIN\REDACTED

[*] Action: Request a Certificates

[!] Unhandled Certify exception:

System.IO.FileNotFoundException: Could not load file or assembly 'Interop.CERTENROLLLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.
File name: 'Interop.CERTENROLLLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'
   at Certify.Cert.RequestCert(String CA, Boolean machineContext, String templateName, String subject, String altName, Boolean install)
   at Certify.Commands.Request.Execute(Dictionary`2 arguments)
   at Certify.CommandCollection.ExecuteCommand(String commandName, Dictionary`2 arguments)
   at Certify.Program.MainExecute(String commandName, Dictionary`2 parsedArgs)

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

No cert is returned after the exception. The script is executed directly on a AD CS, with admin rights.

Edit: This exception also occurs when using the download function.

leechristensen commented 2 years ago

This should be fixed now with 4c24a835527e5524d5fd2777fc7185422cf5fe4d. If you could test and verify, please let us know if it solved your problem!

uzi3 commented 2 years ago

This still doesn't work even with 4c24a83. I was trying to run request command:

Certify.exe request /ca:SERVERname\ca-name /template:TemplateName /onbehalfof:DOMAIN\USER /enrollcert:C:\Temp\enroll.pfx /enrollcertpw:password

Getting this error:

System.IO.FileNotFoundException: Could not load file or assembly 'Interop.CERTENROLLLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified. File name: 'Interop.CERTENROLLLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' at Certify.Cert.CreateCertRequestOnBehalfMessage(String templateName, String onBehalfUser, String signerCertPath, String signerCertPassword, Boolean machineContext) at Certify.Cert.RequestCertOnBehalf(String CA, String templateName, String onBehalfUser, String signerCertPath, String signerCertPassword, Boolean machineContext) at Certify.Commands.Request.Execute(Dictionary2 arguments) at Certify.CommandCollection.ExecuteCommand(String commandName, Dictionary2 arguments) at Certify.Program.MainExecute(String commandName, Dictionary`2 parsedArgs)

WRN: Assembly binding logging is turned OFF. To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1. Note: There is some performance penalty associated with assembly bind failure logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

Envincion commented 1 year ago

Same issue ,can someone help how to solve this thing ..?

Julienpeps commented 11 months ago

Hey, just ran into the issue, found a quick fix. Just added the following in packages.config, hope it helps!

<package id="Interop.CERTENROLLLib" version="1.0.0" targetFramework="net40" developmentDependency="true" />