ADCS attacks - Skills Assessment

Hello everyone,

I am stuck on the last exercise of the skills assessment. DEV01 has been compromised and the password of jimmy’s account too. But, I am not able to compromise DC01.

With this new credentials I found that this user belongs to a group that “has dangerous permissions”. But I am not able to execute the commands from the Linux machine.

Could anyone give me a hint on how to continue?

Hey there :slight_smile:

Try using the -debug option and see what your Certipy command line really does. Especially, where your certificate request is going.

Your answer to “why is the command not working ?” is the -debug output :wink: In case of ADCS attacks, because you perform complex chains that involve authentication to a service with different templates and multiple targets, you should always ask yourself "Where is my target CA ? Does this template gather all prerequisites ? Do I have the right permissions to exploit this template ?

In short : you should check where you’re trying to request the certificates

1 Like

Hello y00ga / community,

May I ask what you make of this error? I am targeting an other template though - but I cannot seem to get req to function.

Im not entirely certain what is expected of us, as none of this was explained in the course.

Your guidance is appreciated :pray:


EDIT: Your guidance was enough - “you should check where you’re trying to request the certificates”

Cheers :beers:

1 Like

Hello, does anyone know how to get the jimmy user password in the ADCS module skill assessment? I used hashcat to burst without results, can you give me some tips

Certipy relay

How did you figure it out, I get denied access when trying to add officer and if I try to issue a request I also get denied

Hi, I also have obtained the jimmy credentials and requested for administrator certificate. But, when I try to issue the request, I am getting the:
[-] Got access denied trying to issue certificate

could you give me any directions?