-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
multiples errors #1
Comments
Hey there, I can't seem to replicate the issue on my end, started a fresh VM to go through things step by step. Happy to try again if you can provide more info on how to replicate it. Scroll down for some screenshots, but first: Based on your post, the script works right up until the point where the templates are to be imported: These are the errors that appear over and over again:
Either you ran the script before and now it's trying to overwrite objects and can't because the AD objects already exist, or it might potentially have to do with this: Quick search comes up with that troubleshooting page on Microsoft and suggests this might have to do with language implementation, is your VM not in English, have you created custom users that have diacritic marks or umlauts in the name?
This seems to suggest an identity couldn't be found, therefore the references to it can't be "translated". If you're running a custom setup, importing the templates into it might not map properly to the environment.
This last one seems to be associated with inability to create the required ACLs. Have you followed the steps exactly? If you're going for something more custom, it's better to recreate the templates yourself, the provided requirements and screenshots show which options are needed for each one. My first thought was that maybe the PowerShell module had been updated and no longer works as before, but it went smoothly here. Here's some screenshots of when I tried the setup from scratch: Step 1 to set up the DC: Step 2 to add the users and some firewall rules: Step 3 to install AD CS: And finally importing the templates, either by downloading and running the script or copying and pasting it: I reset to a previous snapshot in order to try both variants. Templates imported as expected: |
PS C:> # Install NuGet package provider
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Write-Host "[*] Installing required package provider."
Install ADCSTemplate
Write-Host "[*] Installing ADCSTemplate module."
Install-Module ADCSTemplate -Force
Import the ADCSTemplate module if not already loaded
if (-not (Get-Module -Name ADCSTemplate -ErrorAction SilentlyContinue)) {
Import-Module ADCSTemplate
}
Write-Host "[*] Required module installed and imported."
Create temporary new directory
cd
md ADCS
cd ADCS
Write-Host "[*] Temporary directory created."
Download .json template files from GitHub repo
Define the filenames to download
$fileNames = @(
"Vuln-ESC1.json",
"Vuln-ESC2.json",
"Vuln-ESC3-1.json",
"Vuln-ESC3-2.json",
"Vuln-ESC4.json"
)
$baseURL = "https://raw.githubusercontent.com/arth0sz/Practice-AD-CS-Domain-Escalation/main/Vulnerable-Templates/"
Loop through each filename and download the corresponding file
foreach ($fileName in $fileNames) {
$url = $baseURL + $fileName
Invoke-WebRequest -URI $url -OutFile $fileName
}
Write-Host "[*] Vulnerable template files downloaded."
$folderPath = Get-Location
$templates = Get-ChildItem -Path $folderPath -File
foreach ($template in $templates) {
# Get the template names from the files
$templateName = $template.BaseName
#Import and publish templates
New-ADCSTemplate -DisplayName $templateName -JSON (Get-Content .$templateName.json -Raw) -Publish
# Issue templates
Set-ADCSTemplateACL -DisplayName $templateName -Identity 'certipied\domain users' -Enroll -AutoEnroll
}
Write-Host "[*] Vulnerable templates published and issued."
Download self-signed ssl certificate template files from GitHub repo
separation needed to ensure it's not vulnerable
Invoke-WebRequest -URI "https://raw.githubusercontent.com/arth0sz/Practice-AD-CS-Domain-Escalation/main/Vulnerable-Templates/IP-ssl.json" -OutFile .\IP-ssl.json
New-ADCSTemplate -DisplayName IP-ssl -JSON (Get-Content .\IP-ssl.json -Raw) -Publish
Set-ADCSTemplateACL -DisplayName IP-ssl -Identity 'certipied\domain admins' -Enroll -AutoEnroll
cd
Remove-Item -Path ADCS -Recurse
Write-Host "[*] Temporary directory removed."
Name Version Source Summary
nuget 2.8.5.208 https://onege... NuGet provider for the OneGet meta-package manager
[] Installing required package provider.
[] Installing ADCSTemplate module.
[*] Required module installed and imported.
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\ADCS
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:
PSChildName : ADCS
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : True
Name : ADCS
FullName : C:\ADCS
Parent :
Exists : True
Root : C:
Extension :
CreationTime : 5/15/2024 12:22:42 AM
CreationTimeUtc : 5/14/2024 10:22:42 PM
LastAccessTime : 5/15/2024 12:22:42 AM
LastAccessTimeUtc : 5/14/2024 10:22:42 PM
LastWriteTime : 5/15/2024 12:22:42 AM
LastWriteTimeUtc : 5/14/2024 10:22:42 PM
Attributes : Directory
Mode : d-----
BaseName : ADCS
Target : {}
LinkType :
[] Temporary directory created.
[] Vulnerable template files downloaded.
New-ADObject : An attempt was made to add an object to the directory with a name that is already in use
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:341 char:5
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:137 char:9
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:142 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:144 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:149 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:151 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:156 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:158 char:13
New-ADObject : An attempt was made to add an object to the directory with a name that is already in use
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:341 char:5
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:137 char:9
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:142 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:144 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:149 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:151 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:156 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:158 char:13
New-ADObject : An attempt was made to add an object to the directory with a name that is already in use
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:341 char:5
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:137 char:9
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:142 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:144 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:149 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:151 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:156 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:158 char:13
New-ADObject : An attempt was made to add an object to the directory with a name that is already in use
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:341 char:5
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:137 char:9
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:142 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:144 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:149 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:151 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:156 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:158 char:13
New-ADObject : An attempt was made to add an object to the directory with a name that is already in use
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:341 char:5
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:137 char:9
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:142 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:144 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:149 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:151 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:156 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:158 char:13
[*] Vulnerable templates published and issued.
New-ADObject : An attempt was made to add an object to the directory with a name that is already in use
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:341 char:5
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:137 char:9
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:142 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:144 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:149 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:151 char:13
New-Object : Exception calling ".ctor" with "6" argument(s): "Value cannot be null.
Parameter name: identity"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:156 char:27
Exception calling "AddAccessRule" with "1" argument(s): "Value cannot be null.
Parameter name: rule"
At C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate\1.0.1.0\ADCSTemplate.psm1:158 char:13
[*] Temporary directory removed.
PS C:>
The text was updated successfully, but these errors were encountered: