Skip to main content

Assess whether ADCS is installed

Check if ADCS installed

Windows

  • Presence of module ADCS:
    Get-WindowsFeature -Name ADCS-Cert-Authority -ErrorAction SilentlyContinue
    
  • Presence of built-in Cert Publishers group which authorizes Certificate Authorities to publish certificates:
    net localgroup "Cert Publishers"
    
  • Explore the Public Key Services container structure:
    CN=Public Key Services, CN=Services, CN=Configuration, DC={forest root domain}
    

Linux

  • Netexec to identify presence of ADCS:
    netexec ldap 10.10.10.10 -u "user@lab.local" -p "Password1" -M adcs
    
  • Check vulnerable templates:
    certipy find -vulnerable -u "user@lab.local" -p "Password1" -dc-ip 10.10.10.10 -stdout