iDigitalFlame
commented
2 months ago Hello!
I'm not a maintainer or anything for this project, but I had the same error as you do and I figured out how to fix it.
You need to manually edit the certipy/commands/forge.py file and edit line 231
Originally it's
cert = cert.sign(ca_key, signature_hash_algorithm())Change it to
from cryptography.hazmat.primitives.hashes import SHA256
cert = cert.sign(ca_key, SHA256())Once that's done, it should work fine for you!
Hello,
I have been trying to exploit the attack known as “Golden Certificate” using Certipy and have experienced some errors specific to this scenario. The CA is located on a fairly old Windows machine (I think it is Windows Server 2003 if I am not mistaken). The first step, the backup of the CA's private key and certificate, is successful. However, when I try to forge a certificate for a user (in this case, the Domain Administrator), an error occurs related to the creation of the certificate. Apparently SHA-1 is used, and I believe that this algorithm is completely deprecated and that is where the failure is.
I do not know much about certificates, so I do not know very well if you can implement an end to generate certificates using this algorithm, or you can edit the PFX of the CA, or something. It is a very particular scenario, I had never encountered a CA in such an old computer, so I report this bug so that if someone has the same thing, have a place to give more detail.
Greetings and thank you very much for the fantastic tool. Hopefully this can be solved.