New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certipy: error: unrecognized arguments #67
Comments
Hello @robertstrom This way of specify the target string (username, domain, password, and target host) has been changed in version 4. Now username and domain should be specified in -username user@domain, password in -password and target in -target (if required). :) It's explained in the blog post on version 4, and you can also see some examples in the README. Let me know if you have more issues or questions |
@ly4k - many thanks!! I did take a look at the README but mostly to get installed since I saw the link to the blog which I saw was giving a number of examples so I relied on it for the more detailed instructions. My bad for sure, but I would suggest that you note something near the link to the blog post that it still has valuable information but that the syntax / authentication has changed. Just a thought / suggestion ... So I have gotten a lot farther and believe that I may have some issues. I have now tested this in two of our domains and have gotten the same results.
|
@ly4k - It appears to definitely be an issue with version 4. I was able to install version 2.09 on another instance of Kali and pretty much get it working. I was able to retrieve the information using find, but the request is failing
|
Hello @robertstrom The problem you're experiencing with 4.0 is that the user's membership query takes too long to execute, so I'll have to come up with a better way of finding nested group memberships. Thanks for reporting this. And the problem with 2.0.9, (and the same you'll have in 4.0), is probably that the target parameter is incorrect. When you request the certificate, you have to specify the host name or IP of the CA server, and not the domain controller. I'll look into the LDAP issue. Thanks again! |
@ly4k - Thanks much for the response / info! I have been able to take that info and make v2.0.9 work as expected. Thanks so much for the tool!! It is making it possible for us to discover any issues, fix and test. Very much appreciate the work that you have done on this. I'll keep checking back for any update on v4 so that I can test it again. |
Hello @robertstrom It seems that while this method of retrieving nested group memberships is not the fastes, it's the most efficient one when it comes to stealth and low bandwidth. All the logic is handled at the server, and the client just waits too long for the response in your case. As such, I've added a receive timeout which is a factor 10 of the -timeout parameter that is used in other cases. Furthermore, I've handled the error now so you can continue but without having any nested group memberships found. Fixed in 4b54ceb and 7f4f225 Thank you for reporting! |
@ly4k Sorry, I am not a GitHub expert at pulling different versions, etc. Am I going to be able to get this version update for testing or do I need to wait for you to publish the full update? If I can get and test I would appreciate some guidance in what commands I would use to do so. Thanks very much! |
Hello,
I have cloned the repo using the command
I then cd'd into the Certipy directory and ran the command
I am trying to execute the basic certipy find command and I am getting an error regarding unrecognized commands
The command that I am executing is:
After running the command I am getting the error message
I have been to the blog post and read through it but no luck- https://research.ifcr.dk/certipy-2-0-bloodhound-new-escalations-shadow-credentials-golden-certificates-and-more-34d1c26f0dc6
All documentation that I am seeing is on version 2. Could this be a version 4 issue?
Thanks!
The text was updated successfully, but these errors were encountered: