[*] Collecting userlist, CA info and CRL on LDAP
[*] Found XX users in LDAP
[*] Loading CA certificate and private key from administrator.pfx
[*] Forging certificates for every users. This can take some time...
[*] PKINIT + UnPAC the hashes
[-] Got error: 'latin-1' codec can't encode characters in position 0-12: ordinal not in range(256)
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/certsync/entry.py", line 615, in main
certsync.run()
File "/usr/local/lib/python3.9/dist-packages/certsync/entry.py", line 252, in run
if user.auth(target=self.target):
File "/usr/local/lib/python3.9/dist-packages/certsync/entry.py", line 74, in auth
return self.authenticate(auth=auth)
File "/usr/local/lib/python3.9/dist-packages/certsync/entry.py", line 94, in authenticate
if auth.kerberos_authentication(
File "/usr/local/lib/python3.9/dist-packages/certipy/commands/auth.py", line 355, in kerberos_authentication
as_req, diffie = build_pkinit_as_req(username, domain, self.key, self.cert)
File "/usr/local/lib/python3.9/dist-packages/certipy/lib/pkinit.py", line 285, in build_pkinit_as_req
kdc_req_body_data['cname'] = PrincipalName({'name-type': NAME_TYPE.PRINCIPAL.value, 'name-string': [username]})
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 3430, in __init__
raise e
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 3414, in __init__
self.__setitem__(key, value[key])
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 3570, in __setitem__
new_value = self._make_value(field_name, field_spec, value_spec, field_params, value)
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 3825, in _make_value
new_value = value_spec(value, **field_params)
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 4204, in __init__
raise e
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 4195, in __init__
self.__setitem__(index, child)
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 4352, in __setitem__
new_value = self._make_value(value)
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 4302, in _make_value
return self._child_spec(value=value)
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 1677, in __init__
raise e
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 1669, in __init__
self.set(value)
File "/usr/local/lib/python3.9/dist-packages/asn1crypto/core.py", line 1797, in set
self.contents = value.encode(self._encoding)
UnicodeEncodeError: 'latin-1' codec can't encode characters in position 0-12: ordinal not in range(256)
It worth to mention that there are cyrillic users in AD. I was trying to look into different places and even patched asn1crypto/core.py with using utf-8 instead of latin-1. However it didn't help: exception gone, but result was [+] 0 users dumped.
P.S. It may be a problem of my lab since I'm not able to dump hash for single user (proper encoding). Feel free to ignore this issue so far
Hi, I'm testing certsync and getting following decoding error:
It worth to mention that there are cyrillic users in AD. I was trying to look into different places and even patched asn1crypto/core.py with using utf-8 instead of latin-1. However it didn't help: exception gone, but result was
[+] 0 users dumped.P.S. It may be a problem of my lab since I'm not able to dump hash for single user (proper encoding). Feel free to ignore this issue so far