ly4k
commented
4 months ago Please upgrade to the latest version. This error should've been fixed in the latest one.
Open robertstrom opened 4 months ago
ly4k
commented
4 months ago Please upgrade to the latest version. This error should've been fixed in the latest one.
robertstrom
commented
4 months ago I believe that I have removed all previous traces of any previous versions of certipy and installed the current version and things appear to be mostly working. When running the command without the -vulnerable argument things appear to work and I do get a resulting text, json, and zip file with results.
When I run the command with the -vulnerable argument I get similar errors as shown below
This is running the command without the -vulnerable argument
This is the tail end of the results without the -vulnerable argument showing the results files created and it shows the basic error when running the command with the -vulnerable argument
This is a screenshot of the debug error when running the command with the -vulnerable argument
Here is the text of the error message
[*] Finding certificate templates
[-] Got error: unable to send message, socket is not open
Traceback (most recent call last):
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/entry.py", line 60, in main
actions[options.action](options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/parsers/find.py", line 12, in entry
find.entry(options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 1179, in entry
find.find()
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 185, in find
templates = self.get_certificate_templates()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 721, in get_certificate_templates
templates = self.connection.search(
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/lib/ldap.py", line 273, in search
entries = list(
^^^^^
File "/usr/lib/python3/dist-packages/ldap3/extend/standard/PagedSearch.py", line 56, in paged_search_generator
result = connection.search(search_base,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 853, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 336, in send
raise LDAPSocketOpenError(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketOpenError: unable to send message, socket is not openStrange. Can you try with -scheme ldap
robertstrom
commented
4 months ago Here are the things that I tried and the results
This command works without error and produces results files
/home/rstrom/.local/bin/certipy find -dc-ip <dc_ip> -u <user_id> -p $PASS -scheme ldapThis command errors
/home/rstrom/.local/bin/certipy find -dc-ip <dc_ip> -u <user_id> -p $PASS -scheme ldap - vulnerableThis is the same command as above with debug added
/home/rstrom/.local/bin/certipy find -dc-ip <dc_ip> -u <user_id> -p $PASS -scheme ldap -vulnerable -debugHere is the complete debug message
[*] Finding certificate templates
[-] Got error: unable to send message, socket is not open
Traceback (most recent call last):
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/entry.py", line 60, in main
actions[options.action](options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/parsers/find.py", line 12, in entry
find.entry(options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 1179, in entry
find.find()
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 185, in find
templates = self.get_certificate_templates()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 721, in get_certificate_templates
templates = self.connection.search(
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/lib/ldap.py", line 273, in search
entries = list(
^^^^^
File "/usr/lib/python3/dist-packages/ldap3/extend/standard/PagedSearch.py", line 56, in paged_search_generator
result = connection.search(search_base,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 853, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 336, in send
raise LDAPSocketOpenError(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketOpenError: unable to send message, socket is not open
AnubisSec
commented
3 months ago In case you haven't figure this out yet, I think the issue you are facing (similar to what i faced) is that the timeout isn't set long enough to resolve all the SIDs.
If you do -timeout 30, you should be good
I have tried running several certipy-ad find commands to try to determine whether any of our ADCS configurations are vulnerable and have been experiencing errors while running the tool.
Here is one of the commands that I have run
The output results are contained in the attached certipy_4.7_error.txt file.
Most of the checks seem to run and I am not sure what, if any, impact these errors are having on the functionality of the tool checks.
I am running certipy on Kali
PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" VERSION_ID="2023.4" VERSION="2023.4" VERSION_CODENAME=kali-rolling ID=kali
NOTE: This Kali has been upgraded from pervious versions and has had previous versions of certipy installed (not sure if that could be contributing to the problem so I figured that I would mention it).
VERY cool tool / thanks very much for all of your work on this!
certipy_4.7_error.txt