# Learning Objective - 21 ## Across domain trusts - AD CS ### Buscando CAs ``` C:\AD\Tools>Certify.exe cas _____ _ _ __ / ____| | | (_)/ _| | | ___ _ __| |_ _| |_ _ _ | | / _ \ '__| __| | _| | | | | |___| __/ | | |_| | | | |_| | \_____\___|_| \__|_|_| \__, | __/ | |___./ v1.0.0 [*] Action: Find certificate authorities [*] Using the search base 'CN=Configuration,DC=moneycorp,DC=local' [*] Root CAs Cert SubjectName : CN=moneycorp-MCORP-DC-CA, DC=moneycorp, DC=local Cert Thumbprint : 8DA9C3EF73450A29BEB2C77177A5B02D912F7EA8 Cert Serial : 48D51C5ED50124AF43DB7A448BF68C49 Cert Start Date : 11/26/2022 1:59:16 AM Cert End Date : 11/26/2032 2:09:15 AM Cert Chain : CN=moneycorp-MCORP-DC-CA,DC=moneycorp,DC=local [*] NTAuthCertificates - Certificates that enable authentication: Cert SubjectName : CN=moneycorp-MCORP-DC-CA, DC=moneycorp, DC=local Cert Thumbprint : 8DA9C3EF73450A29BEB2C77177A5B02D912F7EA8 Cert Serial : 48D51C5ED50124AF43DB7A448BF68C49 Cert Start Date : 11/26/2022 1:59:16 AM Cert End Date : 11/26/2032 2:09:15 AM Cert Chain : CN=moneycorp-MCORP-DC-CA,DC=moneycorp,DC=local [*] Enterprise/Enrollment CAs: Enterprise CA Name : moneycorp-MCORP-DC-CA DNS Hostname : mcorp-dc.moneycorp.local FullName : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Flags : SUPPORTS_NT_AUTHENTICATION, CA_SERVERTYPE_ADVANCED Cert SubjectName : CN=moneycorp-MCORP-DC-CA, DC=moneycorp, DC=local Cert Thumbprint : 8DA9C3EF73450A29BEB2C77177A5B02D912F7EA8 Cert Serial : 48D51C5ED50124AF43DB7A448BF68C49 Cert Start Date : 11/26/2022 1:59:16 AM Cert End Date : 11/26/2032 2:09:15 AM Cert Chain : CN=moneycorp-MCORP-DC-CA,DC=moneycorp,DC=local [!] UserSpecifiedSAN : EDITF_ATTRIBUTESUBJECTALTNAME2 set, enrollees can specify Subject Alternative Names! CA Permissions : Owner: BUILTIN\Administrators S-1-5-32-544 Access Rights Principal Allow Enroll NT AUTHORITY\Authenticated UsersS-1-5-11 Allow ManageCA, ManageCertificates BUILTIN\Administrators S-1-5-32-544 Allow ManageCA, ManageCertificates mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 Allow ManageCA, ManageCertificates mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Enrollment Agent Restrictions : None Enabled Certificate Templates: CA-Integration HTTPSCertificates SmartCardEnrollment-Agent SmartCardEnrollment-Users DirectoryEmailReplication DomainControllerAuthentication KerberosAuthentication EFSRecovery EFS DomainController WebServer Machine User SubCA Administrator Certify completed in 00:00:36.5941105 ``` ### Enumerando Templates ``` C:\AD\Tools>Certify.exe find _____ _ _ __ / ____| | | (_)/ _| | | ___ _ __| |_ _| |_ _ _ | | / _ \ '__| __| | _| | | | | |___| __/ | | |_| | | | |_| | \_____\___|_| \__|_|_| \__, | __/ | |___./ v1.0.0 [*] Action: Find certificate templates [*] Using the search base 'CN=Configuration,DC=moneycorp,DC=local' [*] Listing info about the Enterprise CA 'moneycorp-MCORP-DC-CA' Enterprise CA Name : moneycorp-MCORP-DC-CA DNS Hostname : mcorp-dc.moneycorp.local FullName : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Flags : SUPPORTS_NT_AUTHENTICATION, CA_SERVERTYPE_ADVANCED Cert SubjectName : CN=moneycorp-MCORP-DC-CA, DC=moneycorp, DC=local Cert Thumbprint : 8DA9C3EF73450A29BEB2C77177A5B02D912F7EA8 Cert Serial : 48D51C5ED50124AF43DB7A448BF68C49 Cert Start Date : 11/26/2022 1:59:16 AM Cert End Date : 11/26/2032 2:09:15 AM Cert Chain : CN=moneycorp-MCORP-DC-CA,DC=moneycorp,DC=local [!] UserSpecifiedSAN : EDITF_ATTRIBUTESUBJECTALTNAME2 set, enrollees can specify Subject Alternative Names! CA Permissions : Owner: BUILTIN\Administrators S-1-5-32-544 Access Rights Principal Allow Enroll NT AUTHORITY\Authenticated UsersS-1-5-11 Allow ManageCA, ManageCertificates BUILTIN\Administrators S-1-5-32-544 Allow ManageCA, ManageCertificates mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 Allow ManageCA, ManageCertificates mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Enrollment Agent Restrictions : None [*] Available Certificates Templates : CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : User Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_ALT_REQUIRE_EMAIL, SUBJECT_REQUIRE_EMAIL, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Encrypting File System, Secure Email mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Domain Users S-1-5-21-335606122-960912869-3279953914-513 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : EFS Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Encrypting File System mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Domain Users S-1-5-21-335606122-960912869-3279953914-513 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : Administrator Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_ALT_REQUIRE_EMAIL, SUBJECT_REQUIRE_EMAIL, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Encrypting File System, Microsoft Trust List Signing, Secure Email mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : EFSRecovery Schema Version : 1 Validity Period : 5 years Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : File Recovery mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : Machine Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_DNS, SUBJECT_REQUIRE_DNS_AS_CN mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Server Authentication mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Domain Computers S-1-5-21-335606122-960912869-3279953914-515 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : DomainController Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_DIRECTORY_GUID, SUBJECT_ALT_REQUIRE_DNS, SUBJECT_REQUIRE_DNS_AS_CN mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Server Authentication mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Domain Controllers S-1-5-21-335606122-960912869-3279953914-516 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 mcorp\Enterprise Read-only Domain ControllersS-1-5-21-335606122-960912869-3279953914-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : WebServer Schema Version : 1 Validity Period : 2 years Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT mspki-enrollment-flag : NONE Authorized Signatures Required : 0 pkiextendedkeyusage : Server Authentication mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : SubCA Schema Version : 1 Validity Period : 5 years Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT mspki-enrollment-flag : NONE Authorized Signatures Required : 0 pkiextendedkeyusage : mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : DomainControllerAuthentication Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_DNS mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Server Authentication, Smart Card Logon mspki-certificate-application-policy : Client Authentication, Server Authentication, Smart Card Logon Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Domain Controllers S-1-5-21-335606122-960912869-3279953914-516 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 mcorp\Enterprise Read-only Domain ControllersS-1-5-21-335606122-960912869-3279953914-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 AutoEnrollment Rights : mcorp\Domain Controllers S-1-5-21-335606122-960912869-3279953914-516 mcorp\Enterprise Read-only Domain ControllersS-1-5-21-335606122-960912869-3279953914-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : DirectoryEmailReplication Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_DIRECTORY_GUID, SUBJECT_ALT_REQUIRE_DNS mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Directory Service Email Replication mspki-certificate-application-policy : Directory Service Email Replication Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Domain Controllers S-1-5-21-335606122-960912869-3279953914-516 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 mcorp\Enterprise Read-only Domain ControllersS-1-5-21-335606122-960912869-3279953914-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 AutoEnrollment Rights : mcorp\Domain Controllers S-1-5-21-335606122-960912869-3279953914-516 mcorp\Enterprise Read-only Domain ControllersS-1-5-21-335606122-960912869-3279953914-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : KerberosAuthentication Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_DOMAIN_DNS, SUBJECT_ALT_REQUIRE_DNS mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, KDC Authentication, Server Authentication, Smart Card Logon mspki-certificate-application-policy : Client Authentication, KDC Authentication, Server Authentication, Smart Card Logon Permissions Enrollment Permissions Enrollment Rights : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Domain Controllers S-1-5-21-335606122-960912869-3279953914-516 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 mcorp\Enterprise Read-only Domain ControllersS-1-5-21-335606122-960912869-3279953914-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 AutoEnrollment Rights : mcorp\Domain Controllers S-1-5-21-335606122-960912869-3279953914-516 mcorp\Enterprise Read-only Domain ControllersS-1-5-21-335606122-960912869-3279953914-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteOwner Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : SmartCardEnrollment-Agent Schema Version : 2 Validity Period : 10 years Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Certificate Request Agent mspki-certificate-application-policy : Certificate Request Agent Permissions Enrollment Permissions Enrollment Rights : dcorp\Domain Users S-1-5-21-719815819-3726368948-3917688648-513 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 WriteOwner Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : SmartCardEnrollment-Users Schema Version : 2 Validity Period : 10 years Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 1 Application Policies : Certificate Request Agent pkiextendedkeyusage : Client Authentication, Encrypting File System, Secure Email mspki-certificate-application-policy : Client Authentication, Encrypting File System, Secure Email Permissions Enrollment Permissions Enrollment Rights : dcorp\Domain Users S-1-5-21-719815819-3726368948-3917688648-513 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 WriteOwner Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : HTTPSCertificates Schema Version : 2 Validity Period : 10 years Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Encrypting File System, Secure Email mspki-certificate-application-policy : Client Authentication, Encrypting File System, Secure Email Permissions Enrollment Permissions Enrollment Rights : dcorp\RDPUsers S-1-5-21-719815819-3726368948-3917688648-1123 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 WriteOwner Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : CA-Integration Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Encrypting File System, Secure Email mspki-certificate-application-policy : Client Authentication, Encrypting File System, Secure Email Permissions Enrollment Permissions Enrollment Rights : dcorp\RDPUsers S-1-5-21-719815819-3726368948-3917688648-1123 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 WriteOwner Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Certify completed in 00:00:22.0812867 ``` ### Buscando Templates Vulnerables ``` C:\AD\Tools>Certify.exe find /vulnerable _____ _ _ __ / ____| | | (_)/ _| | | ___ _ __| |_ _| |_ _ _ | | / _ \ '__| __| | _| | | | | |___| __/ | | |_| | | | |_| | \_____\___|_| \__|_|_| \__, | __/ | |___./ v1.0.0 [*] Action: Find certificate templates [*] Using the search base 'CN=Configuration,DC=moneycorp,DC=local' [*] Listing info about the Enterprise CA 'moneycorp-MCORP-DC-CA' Enterprise CA Name : moneycorp-MCORP-DC-CA DNS Hostname : mcorp-dc.moneycorp.local FullName : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Flags : SUPPORTS_NT_AUTHENTICATION, CA_SERVERTYPE_ADVANCED Cert SubjectName : CN=moneycorp-MCORP-DC-CA, DC=moneycorp, DC=local Cert Thumbprint : 8DA9C3EF73450A29BEB2C77177A5B02D912F7EA8 Cert Serial : 48D51C5ED50124AF43DB7A448BF68C49 Cert Start Date : 11/26/2022 1:59:16 AM Cert End Date : 11/26/2032 2:09:15 AM Cert Chain : CN=moneycorp-MCORP-DC-CA,DC=moneycorp,DC=local [!] UserSpecifiedSAN : EDITF_ATTRIBUTESUBJECTALTNAME2 set, enrollees can specify Subject Alternative Names! CA Permissions : Owner: BUILTIN\Administrators S-1-5-32-544 Access Rights Principal Allow Enroll NT AUTHORITY\Authenticated UsersS-1-5-11 Allow ManageCA, ManageCertificates BUILTIN\Administrators S-1-5-32-544 Allow ManageCA, ManageCertificates mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 Allow ManageCA, ManageCertificates mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Enrollment Agent Restrictions : None [!] Vulnerable Certificates Templates : CA Name : mcorp-dc.moneycorp.local\moneycorp-MCORP-DC-CA Template Name : SmartCardEnrollment-Agent Schema Version : 2 Validity Period : 10 years Renewal Period : 6 weeks msPKI-Certificates-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Certificate Request Agent mspki-certificate-application-policy : Certificate Request Agent Permissions Enrollment Permissions Enrollment Rights : dcorp\Domain Users S-1-5-21-719815819-3726368948-3917688648-513 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Object Control Permissions Owner : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 WriteOwner Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteDacl Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 WriteProperty Principals : mcorp\Administrator S-1-5-21-335606122-960912869-3279953914-500 mcorp\Domain Admins S-1-5-21-335606122-960912869-3279953914-512 mcorp\Enterprise Admins S-1-5-21-335606122-960912869-3279953914-519 Certify completed in 00:00:23.0443059 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://infra.desdes.xyz/group-1/crtp-notes/learning-objective-21.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.