public void GetADCS() { var displayer = new DisplayADCS(); displayer.DisplayTitle("Certificate Services"); ADCS.CertificateServices = AsyncCollection.GetADCSAsync().Result; displayer.DisplayResult(ADCS.CertificateServices); displayer.DisplayTitle("Interesting Certificate Templates"); var certicateTemplates = AsyncCollection.GetInterestingCertTemplatesAsync().Result; displayer.DisplayResult(certicateTemplates); }
public static ADCS GetADCS(SearchResultEntry csEntry) { logger.Debug("Collecting ADCS"); string enrollServers = null; List <string> certTemplates = new List <string>(); List <X509Certificate2> caCertificates = new List <X509Certificate2>(); DACL acl; string caHostname = csEntry.Attributes["dnshostname"][0].ToString(); string caName = csEntry.Attributes["name"][0].ToString(); string whenCreated = Helper.ConvertWhenCreated(csEntry.Attributes["whencreated"][0].ToString()).ToString(); var enrollmentEndpoints = AsyncCollection.TestEnrollmentEndpointsAsync(caName, caHostname).Result; PkiCertificateAuthorityFlags flags = (PkiCertificateAuthorityFlags)Enum.Parse(typeof(PkiCertificateAuthorityFlags), csEntry.Attributes["flags"][0].ToString()); //The target attribute may not exist foreach (string attribute in csEntry.Attributes.AttributeNames) { if (attribute == "certificatetemplates") { foreach (var certTemp in csEntry.Attributes[attribute]) { certTemplates.Add(Encoding.UTF8.GetString((byte[])certTemp)); } } if (attribute == "mspki-enrollment-servers") { enrollServers = csEntry.Attributes[attribute][0].ToString().Replace("\n", ","); } if (attribute == "cacertificate") { caCertificates = GetCaCertificate(csEntry.Attributes[attribute]); } } bool allowSuppliedSAN = false; bool usingLDAP; var remoteReg = Helper.ReadRemoteReg(caHostname, RegistryHive.LocalMachine, $"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}\\PolicyModules\\CertificateAuthority_MicrosoftDefault.Policy"); //If the remote registry cannot be accessed, using LDAP to retrieve security descriptor instead usingLDAP = remoteReg == null ? true : false; if (usingLDAP) { acl = DACL.GetACLOnObject(csEntry.DistinguishedName); } else { int editFlags = (remoteReg == null) ? 0 : (int)(remoteReg).GetValue("EditFlags"); allowSuppliedSAN = ((editFlags & 0x00040000) == 0x00040000); //Reading DACL from the remote registry, nTSecurityDescriptor from LDAP does not have the necessary information var regSec = (byte[])(Helper.ReadRemoteReg(caHostname, RegistryHive.LocalMachine, $"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}")).GetValue("Security"); var regSecDescriptor = new ActiveDirectorySecurity(); regSecDescriptor.SetSecurityDescriptorBinaryForm(regSec, AccessControlSections.All); acl = DACL.GetCSACL($"{caHostname}:{RegistryHive.LocalMachine}:SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}", regSecDescriptor, out _, false); } return(new ADCS() { flags = flags, caCertificates = caCertificates, allowUserSuppliedSAN = allowSuppliedSAN, CAName = caName, whenCreated = whenCreated, dnsHostName = caHostname, enrollServers = enrollServers, DACL = acl, certTemplates = certTemplates, enrollmentEndpoints = enrollmentEndpoints }); }