Skip to content

Updated --clientauth to use mspki-certificate-application-policy instead of pKIExtendedKeyUsage #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Updated --clientauth to use mspki-certificate-application-policy instead of pKIExtendedKeyUsage #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e10307d
Update Program.cs
funnybananas Feb 18, 2022
f9b5d77
Update hStandIn.cs
funnybananas Feb 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions StandIn/StandIn/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3472,19 +3472,19 @@ public static void GetADCSTemplates(String sFilter = "", String sDomain = "", St
{
Console.WriteLine(" |_ Name Flags : " + (hStandIn.msPKICertificateNameFlag)Convert.ToInt32(srt.Properties["mspki-certificate-name-flag"][0].ToString()));
}
if (srt.Properties.Contains("pKIExtendedKeyUsage"))
if (srt.Properties.Contains("mspki-certificate-application-policy"))
{
var EKUs = srt.Properties["pKIExtendedKeyUsage"];
var EKUs = srt.Properties["mspki-certificate-application-policy"];
if (EKUs.Count > 0)
{
for (int e = 0; e < EKUs.Count; e++)
{
if (e == 0)
{
Console.WriteLine(" |_ pKIExtendedKeyUsage : " + (new Oid(srt.Properties["pKIExtendedKeyUsage"][e].ToString())).FriendlyName);
Console.WriteLine(" |_ mspki-certificate-application-policy : " + (new Oid(srt.Properties["mspki-certificate-application-policy"][e].ToString())).FriendlyName);
} else
{
Console.WriteLine(" | " + (new Oid(srt.Properties["pKIExtendedKeyUsage"][e].ToString())).FriendlyName);
Console.WriteLine(" | " + (new Oid(srt.Properties["mspki-certificate-application-policy"][e].ToString())).FriendlyName);
}
}
}
Expand Down Expand Up @@ -3654,20 +3654,20 @@ public static void ModifyADCSTemplate(String sFilter, Boolean bEKU, Boolean bNam
{
Console.WriteLine(" |_ Name Flags : " + (hStandIn.msPKICertificateNameFlag)Convert.ToInt32(srt.Properties["mspki-certificate-name-flag"][0].ToString()));
}
if (srt.Properties.Contains("pKIExtendedKeyUsage"))
if (srt.Properties.Contains("mspki-certificate-application-policy"))
{
var EKUs = srt.Properties["pKIExtendedKeyUsage"];
var EKUs = srt.Properties["mspki-certificate-application-policy"];
if (EKUs.Count > 0)
{
for (int e = 0; e < EKUs.Count; e++)
{
if (e == 0)
{
Console.WriteLine(" |_ pKIExtendedKeyUsage : " + (new Oid(srt.Properties["pKIExtendedKeyUsage"][e].ToString())).FriendlyName);
Console.WriteLine(" |_ mspki-certificate-application-policy : " + (new Oid(srt.Properties["mspki-certificate-application-policy"][e].ToString())).FriendlyName);
}
else
{
Console.WriteLine(" | " + (new Oid(srt.Properties["pKIExtendedKeyUsage"][e].ToString())).FriendlyName);
Console.WriteLine(" | " + (new Oid(srt.Properties["mspki-certificate-application-policy"][e].ToString())).FriendlyName);
}
}
}
Expand All @@ -3691,47 +3691,47 @@ public static void ModifyADCSTemplate(String sFilter, Boolean bEKU, Boolean bNam
List<String> lEKU = new List<String>();
try
{
foreach (var element in omProps["pKIExtendedKeyUsage"])
foreach (var element in omProps["mspki-certificate-application-policy"])
{
lEKU.Add(element.ToString());
}
}
catch
{
Console.WriteLine("[!] Failed to get pKIExtendedKeyUsage property..");
Console.WriteLine("[!] Failed to get mspki-certificate-application-policy property..");
return;
}

if (!bRemove)
{
if (lEKU.Contains("1.3.6.1.5.5.7.3.2"))
{
Console.WriteLine("\n[!] pKIExtendedKeyUsage already allows client authentication..");
Console.WriteLine("\n[!] mspki-certificate-application-policy already allows client authentication..");
return;
}

Console.WriteLine("\n[+] Adding pKIExtendedKeyUsage : Client Authentication");
Console.WriteLine("\n[+] Adding mspki-certificate-application-policy : Client Authentication");
lEKU.Add("1.3.6.1.5.5.7.3.2");
mde.Properties["pKIExtendedKeyUsage"].Value = (Array)lEKU.ToArray();
mde.Properties["mspki-certificate-application-policy"].Value = (Array)lEKU.ToArray();
}
else
{
if (lEKU.Count == 0)
{
Console.WriteLine("\n[!] pKIExtendedKeyUsage property does not exist..");
Console.WriteLine("\n[!] mspki-certificate-application-policy property does not exist..");
return;
}

if (!lEKU.Contains("1.3.6.1.5.5.7.3.2"))
{
Console.WriteLine("\n[!] pKIExtendedKeyUsage already disallows client authentication..");
Console.WriteLine("\n[!] mspki-certificate-application-policy already disallows client authentication..");
return;
}

Console.WriteLine("\n[+] Removing pKIExtendedKeyUsage : Client Authentication");
Console.WriteLine("\n[+] Removing mspki-certificate-application-policy : Client Authentication");

lEKU.Remove("1.3.6.1.5.5.7.3.2");
mde.Properties["pKIExtendedKeyUsage"].Value = (Array)lEKU.ToArray();
mde.Properties["mspki-certificate-application-policy"].Value = (Array)lEKU.ToArray();

}
} else if (bNameFalg)
Expand Down Expand Up @@ -3938,20 +3938,20 @@ public static void ModifyADCSPermissions(String sFilter, String sGrant, Boolean
{
Console.WriteLine(" |_ Name Flags : " + (hStandIn.msPKICertificateNameFlag)Convert.ToInt32(srt.Properties["mspki-certificate-name-flag"][0].ToString()));
}
if (srt.Properties.Contains("pKIExtendedKeyUsage"))
if (srt.Properties.Contains("mspki-certificate-application-policy"))
{
var EKUs = srt.Properties["pKIExtendedKeyUsage"];
var EKUs = srt.Properties["mspki-certificate-application-policy"];
if (EKUs.Count > 0)
{
for (int e = 0; e < EKUs.Count; e++)
{
if (e == 0)
{
Console.WriteLine(" |_ pKIExtendedKeyUsage : " + (new Oid(srt.Properties["pKIExtendedKeyUsage"][e].ToString())).FriendlyName);
Console.WriteLine(" |_ mspki-certificate-application-policy : " + (new Oid(srt.Properties["mspki-certificate-application-policy"][e].ToString())).FriendlyName);
}
else
{
Console.WriteLine(" | " + (new Oid(srt.Properties["pKIExtendedKeyUsage"][e].ToString())).FriendlyName);
Console.WriteLine(" | " + (new Oid(srt.Properties["mspki-certificate-application-policy"][e].ToString())).FriendlyName);
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion StandIn/StandIn/hStandIn.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,7 +377,7 @@ public static void getHelp()
"StandIn.exe --adcs --filter Kingsport\n" +
"StandIn.exe --adcs --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n\n" +

"# Add/remove \"Client Authentication\" from template pKIExtendedKeyUsage, filter should contain the exact name of the template\n" +
"# Add/remove \"Client Authentication\" from template mspki-certificate-application-policy, filter should contain the exact name of the template\n" +
"StandIn.exe --adcs --filter Kingsport --clientauth --add\n" +
"StandIn.exe --adcs --filter Kingsport --clientauth --remove --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n\n" +

Expand Down