Skip to content

Commit c72c78b

Browse files
jakehildrethjakehildreth
authored
Merge branch 'testing' into esc13-detections
2 parents d0bbe92 + 3210fe7 commit c72c78b

6 files changed

+136
-25
lines changed

Invoke-Locksmith.ps1

+68-11
Original file line numberDiff line numberDiff line change
@@ -1144,7 +1144,7 @@ function Find-ESC6 {
11441144
Name = $_.Name
11451145
DistinguishedName = $_.DistinguishedName
11461146
Technique = 'ESC6'
1147-
Issue = $_.AuditFilter
1147+
Issue = $_.SANFlag
11481148
Fix = 'N/A'
11491149
Revert = 'N/A'
11501150
}
@@ -2468,17 +2468,35 @@ function Set-AdditionalCAProperty {
24682468

24692469
begin {
24702470
$CAEnrollmentEndpoint = @()
2471-
$code = @"
2472-
using System.Net;
2473-
using System.Security.Cryptography.X509Certificates;
2474-
public class TrustAllCertsPolicy : ICertificatePolicy {
2475-
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
2476-
return true;
2477-
}
2478-
}
2471+
if (-not ([System.Management.Automation.PSTypeName]'TrustAllCertsPolicy') ) {
2472+
if ($PSVersionTable.PSEdition -eq 'Desktop') {
2473+
$code = @"
2474+
using System.Net;
2475+
using System.Security.Cryptography.X509Certificates;
2476+
public class TrustAllCertsPolicy : ICertificatePolicy {
2477+
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
2478+
return true;
2479+
}
2480+
}
2481+
"@
2482+
Add-Type -TypeDefinition $code -Language CSharp
2483+
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
2484+
}
2485+
else {
2486+
Add-Type @"
2487+
using System.Net;
2488+
using System.Security.Cryptography.X509Certificates;
2489+
using System.Net.Security;
2490+
public class TrustAllCertsPolicy {
2491+
public static bool TrustAllCerts(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
2492+
return true;
2493+
}
2494+
}
24792495
"@
2480-
Add-Type -TypeDefinition $code -Language CSharp
2481-
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
2496+
# Set the ServerCertificateValidationCallback
2497+
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [TrustAllCertsPolicy]::TrustAllCerts
2498+
}
2499+
}
24822500
}
24832501

24842502
process {
@@ -2662,6 +2680,44 @@ function Set-Severity {
26622680
}
26632681
}
26642682

2683+
function Show-LocksmithLogo {
2684+
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
2685+
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
2686+
Write-Host '%%%%%%%%%%%%%%%%%#+==============#%%%%%%%%%%%%%%%%%'
2687+
Write-Host '%%%%%%%%%%%%%%#=====================#%%%%%%%%%%%%%%'
2688+
Write-Host '%%%%%%%%%%%%#=========================#%%%%%%%%%%%%'
2689+
Write-Host '%%%%%%%%%%%=============================%%%%%%%%%%%'
2690+
Write-Host '%%%%%%%%%#==============+++==============#%%%%%%%%%'
2691+
Write-Host '%%%%%%%%#===========#%%%%%%%%%#===========#%%%%%%%%'
2692+
Write-Host '%%%%%%%%==========%%%%%%%%%%%%%%%==========%%%%%%%%'
2693+
Write-Host '%%%%%%%*=========%%%%%%%%%%%%%%%%%=========*%%%%%%%'
2694+
Write-Host '%%%%%%%+========*%%%%%%%%%%%%%%%%%#=========%%%%%%%'
2695+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
2696+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
2697+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
2698+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
2699+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
2700+
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
2701+
Write-Host '#=================================================#'
2702+
Write-Host '#=================================================#'
2703+
Write-Host '#=================+%%%============================#'
2704+
Write-Host '#==================%%%%*==========================#'
2705+
Write-Host '#===================*%%%%+========================#'
2706+
Write-Host '#=====================#%%%%=======================#'
2707+
Write-Host '#======================+%%%%#=====================#'
2708+
Write-Host '#========================*%%%%*===================#'
2709+
Write-Host '#========================+%%%%%===================#'
2710+
Write-Host '#======================#%%%%%+====================#'
2711+
Write-Host '#===================+%%%%%%=======================#'
2712+
Write-Host '#=================#%%%%%+=========================#'
2713+
Write-Host '#==============+%%%%%#============================#'
2714+
Write-Host '#============*%%%%%+====+%%%%%%%%%%===============#'
2715+
Write-Host '#=============%%*========+********+===============#'
2716+
Write-Host '#=================================================#'
2717+
Write-Host '#=================================================#'
2718+
Write-Host '#=================================================#'
2719+
}
2720+
26652721
function Test-IsADAdmin {
26662722
<#
26672723
.SYNOPSIS
@@ -3170,6 +3226,7 @@ function Invoke-Locksmith {
31703226
)
31713227

31723228
$Version = '2024.11.10'
3229+
31733230
$LogoPart1 = @"
31743231
_ _____ _______ _ _ _______ _______ _____ _______ _ _
31753232
| | | | |____/ |______ | | | | | |_____|

Private/Find-ESC6.ps1

+1-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636
Name = $_.Name
3737
DistinguishedName = $_.DistinguishedName
3838
Technique = 'ESC6'
39-
Issue = $_.AuditFilter
39+
Issue = $_.SANFlag
4040
Fix = 'N/A'
4141
Revert = 'N/A'
4242
}

Private/Invoke-Scans.ps1

+2-2
Original file line numberDiff line numberDiff line change
@@ -99,9 +99,9 @@ function Invoke-Scans {
9999
Write-Host 'Identifying HTTP-based certificate enrollment interfaces (ESC8)...'
100100
[array]$ESC8 = Find-ESC8 -ADCSObjects $ADCSObjects
101101
}
102-
ESC6 {
102+
ESC11 {
103103
Write-Host 'Identifying Issuing CAs with IF_ENFORCEENCRYPTICERTREQUEST disabled (ESC11)...'
104-
[array]$ESC6 = Find-ESC6 -ADCSObjects $ADCSObjects
104+
[array]$ESC11 = Find-ESC11 -ADCSObjects $ADCSObjects
105105
}
106106
All {
107107
Write-Host 'Identifying auditing issues...'

Private/New-Dictionary.ps1

+1-1
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ descriptions, code used to find, code used to fix, and reference URLs. This is i
2121

2222
function New-Dictionary {
2323
class VulnerableConfigurationItem {
24-
static [string] $Version = '2023.10.01.000'
24+
static [string] $Version = '2024.11.03.000'
2525
[string]$Name
2626
[ValidateSet('Escalation Path','Server Configuration','GPO Setting')][string]$Category
2727
[string]$Subcategory

Private/Set-AdditionalCAProperty.ps1

+27-10
Original file line numberDiff line numberDiff line change
@@ -37,17 +37,34 @@
3737

3838
begin {
3939
$CAEnrollmentEndpoint = @()
40-
$code= @"
41-
using System.Net;
42-
using System.Security.Cryptography.X509Certificates;
43-
public class TrustAllCertsPolicy : ICertificatePolicy {
44-
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
45-
return true;
46-
}
47-
}
40+
if (-not ([System.Management.Automation.PSTypeName]'TrustAllCertsPolicy') ) {
41+
if ($PSVersionTable.PSEdition -eq 'Desktop') {
42+
$code= @"
43+
using System.Net;
44+
using System.Security.Cryptography.X509Certificates;
45+
public class TrustAllCertsPolicy : ICertificatePolicy {
46+
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
47+
return true;
48+
}
49+
}
50+
"@
51+
Add-Type -TypeDefinition $code -Language CSharp
52+
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
53+
} else {
54+
Add-Type @"
55+
using System.Net;
56+
using System.Security.Cryptography.X509Certificates;
57+
using System.Net.Security;
58+
public class TrustAllCertsPolicy {
59+
public static bool TrustAllCerts(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
60+
return true;
61+
}
62+
}
4863
"@
49-
Add-Type -TypeDefinition $code -Language CSharp
50-
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
64+
# Set the ServerCertificateValidationCallback
65+
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [TrustAllCertsPolicy]::TrustAllCerts
66+
}
67+
}
5168
}
5269

5370
process {

Private/Show-LocksmithLogo.ps1

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
function Show-LocksmithLogo {
2+
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
3+
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
4+
Write-Host '%%%%%%%%%%%%%%%%%#+==============#%%%%%%%%%%%%%%%%%'
5+
Write-Host '%%%%%%%%%%%%%%#=====================#%%%%%%%%%%%%%%'
6+
Write-Host '%%%%%%%%%%%%#=========================#%%%%%%%%%%%%'
7+
Write-Host '%%%%%%%%%%%=============================%%%%%%%%%%%'
8+
Write-Host '%%%%%%%%%#==============+++==============#%%%%%%%%%'
9+
Write-Host '%%%%%%%%#===========#%%%%%%%%%#===========#%%%%%%%%'
10+
Write-Host '%%%%%%%%==========%%%%%%%%%%%%%%%==========%%%%%%%%'
11+
Write-Host '%%%%%%%*=========%%%%%%%%%%%%%%%%%=========*%%%%%%%'
12+
Write-Host '%%%%%%%+========*%%%%%%%%%%%%%%%%%#=========%%%%%%%'
13+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
14+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
15+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
16+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
17+
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
18+
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
19+
Write-Host '#=================================================#'
20+
Write-Host '#=================================================#'
21+
Write-Host '#=================+%%%============================#'
22+
Write-Host '#==================%%%%*==========================#'
23+
Write-Host '#===================*%%%%+========================#'
24+
Write-Host '#=====================#%%%%=======================#'
25+
Write-Host '#======================+%%%%#=====================#'
26+
Write-Host '#========================*%%%%*===================#'
27+
Write-Host '#========================+%%%%%===================#'
28+
Write-Host '#======================#%%%%%+====================#'
29+
Write-Host '#===================+%%%%%%=======================#'
30+
Write-Host '#=================#%%%%%+=========================#'
31+
Write-Host '#==============+%%%%%#============================#'
32+
Write-Host '#============*%%%%%+====+%%%%%%%%%%===============#'
33+
Write-Host '#=============%%*========+********+===============#'
34+
Write-Host '#=================================================#'
35+
Write-Host '#=================================================#'
36+
Write-Host '#=================================================#'
37+
}

0 commit comments

Comments
 (0)