ESC7 - Error when attempting to add an officer about certipy HOT 8 CLOSED

Yes, you can remove the CA officer afterwards with -remove-officer. The request fails because you're trying to connect to the DC. You should connect to the CA

from certipy.

I actually tried connecting to the ADCS server when I tested this but that failed as well :)

from certipy.

The second image makes more sense to me. It's a mistake in my implementation. I accidentally assumed the CA and the DC was on the same server, which results in Certipy trying to connect to LDAP on the CA, or connecting to the CA DCOM on the DC. Thanks for reporting this. I'll look into a fix soon

from certipy.

Should be fixed in 2.0.8. Can you please verify?

from certipy.

Using 2.0.8 I can now add the officer. Good!

The next step in my case is to enable the certificate template SubCA but that fails for me.

from certipy.

Should be fixed in 2.0.9. The new LDAP DNS resolution was not applied for the -enable-template. Can you verify that it is working now? I really appreciate that you report these issues. Thanks!

from certipy.

Great! This works now. I actually managed to execute the complete ESC7 attack this time. Don't worry about asking me to verify fixes, I will have so much fun owning my client's infrastructure using your tool :D No more hassle having to own a domain-joined machine, bypass AV, AMSI, Applocker, execution policies, language constrained mode and what not then having to upload and import powershell scripts! All I need now is essentially Responder, Hashcat, Bloodhound, BloodyAD, Impacket and Certipy :D

from certipy.

Great. Haha yes, Active Directory itself is full of attack vectors

from certipy.