Assess whether ADCS is installed
Check if ADCS installed
Windows
- Presence of module ADCS:
Get-WindowsFeature -Name ADCS-Cert-Authority -ErrorAction SilentlyContinue
- Presence of built-in
Cert Publishers
group which authorizesCertificate Authorities
to publish certificates:net localgroup "Cert Publishers"
- Explore the
Public Key Services container
structure:CN=Public Key Services, CN=Services, CN=Configuration, DC={forest root domain}
Linux
- Netexec to identify presence of ADCS:
netexec ldap 10.10.10.10 -u "user@lab.local" -p "Password1" -M adcs
- Check vulnerable templates:
certipy find -vulnerable -u "user@lab.local" -p "Password1" -dc-ip 10.10.10.10 -stdout