diff --git a/StandIn/StandIn/Program.cs b/StandIn/StandIn/Program.cs index 1261a4f..227b7db 100644 --- a/StandIn/StandIn/Program.cs +++ b/StandIn/StandIn/Program.cs @@ -3557,7 +3557,7 @@ public static void GetADCSTemplates(String sFilter = "", String sDomain = "", St } } - public static void ModifyADCSTemplate(String sFilter, Boolean bEKU, Boolean bNameFalg, Boolean bEnrollFlag, Boolean bRemove, String sDomain = "", String sUser = "", String sPass = "") + public static void ModifyADCSTemplate(String sFilter, Boolean bEKU, Boolean bNameFalg, Boolean bEnrollFlag, Boolean bRemove, Boolean bSignature, int iRestoreValue, String sDomain = "", String sUser = "", String sPass = "") { try { @@ -3812,6 +3812,26 @@ public static void ModifyADCSTemplate(String sFilter, Boolean bEKU, Boolean bNam Console.WriteLine("\n[+] Removing msPKI-Enrollment-Flag : PEND_ALL_REQUESTS"); mde.Properties["mspki-enrollment-flag"].Value = (Int32)(oEnrollFlags & ~hStandIn.msPKIEnrollmentFlag.PEND_ALL_REQUESTS); } + } else if (bSignature) + { + if (bRemove) + { + var currentSigVal = (int)mde.Properties["mspki-ra-signature"].Value; + if (currentSigVal == 0) + { + Console.WriteLine("\n[!] msPKI-RA-Signature flag is already set to 0"); + } + else + { + Console.WriteLine("\n[+] Removing msPKI-RA-Signature flag..."); + mde.Properties["mspki-ra-signature"].Value = 0; + } + } + else + { + Console.WriteLine("\n[+] Restoring msPKI-RA-Signature Value to " + iRestoreValue.ToString()); + mde.Properties["mspki-ra-signature"].Value = iRestoreValue; + } } mde.CommitChanges(); @@ -4219,6 +4239,12 @@ class ArgOptions [Option(null, "limit")] public UInt32 iLimit { get; set; } + + [Option(null, "signature")] + public Boolean bSig { get; set; } + + [Option(null, "restore")] + public int iSigValue { get; set; } } static void Main(string[] args) @@ -4409,10 +4435,10 @@ static void Main(string[] args) { if (ArgOptions.bAdd) { - ModifyADCSTemplate(ArgOptions.sFilter, true, false, false, false, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + ModifyADCSTemplate(ArgOptions.sFilter, true, false, false, false, false, ArgOptions.iSigValue = 0, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); } else { - ModifyADCSTemplate(ArgOptions.sFilter, true, false, false, true, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + ModifyADCSTemplate(ArgOptions.sFilter, true, false, false, true, false, ArgOptions.iSigValue = 0, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); } } else { @@ -4424,28 +4450,45 @@ static void Main(string[] args) { if (ArgOptions.bAdd) { - ModifyADCSTemplate(ArgOptions.sFilter, false, true, false, false, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + ModifyADCSTemplate(ArgOptions.sFilter, false, true, false, false, false, ArgOptions.iSigValue = 0, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); } else { - ModifyADCSTemplate(ArgOptions.sFilter, false, true, false, true, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + ModifyADCSTemplate(ArgOptions.sFilter, false, true, false, true, false, ArgOptions.iSigValue = 0, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); } } else { Console.WriteLine("[!] Insufficient arguments provided (--filter/--add/--remove).."); } + } else if (ArgOptions.bSig) + { + if (!String.IsNullOrEmpty(ArgOptions.sFilter) && ArgOptions.bRemove || (ArgOptions.iSigValue > 0)) + { + if (ArgOptions.iSigValue > 0) + { + ModifyADCSTemplate(ArgOptions.sFilter, false, false, false, false, true, ArgOptions.iSigValue, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + } + else + { + ModifyADCSTemplate(ArgOptions.sFilter, false, false, false, true, true, ArgOptions.iSigValue = 0, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + } + } + else + { + Console.WriteLine("[!] Insufficient arguments provided (--filter/--remove/--restore ).."); + } } else if (ArgOptions.bPend) { if (!String.IsNullOrEmpty(ArgOptions.sFilter) && ArgOptions.bAdd || ArgOptions.bRemove) { if (ArgOptions.bAdd) { - ModifyADCSTemplate(ArgOptions.sFilter, false, false, true, false, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + ModifyADCSTemplate(ArgOptions.sFilter, false, false, true, false, false, ArgOptions.iSigValue = 0, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); } else { - ModifyADCSTemplate(ArgOptions.sFilter, false, false, true, true, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); + ModifyADCSTemplate(ArgOptions.sFilter, false, false, true, true, false, ArgOptions.iSigValue = 0, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass); } } else diff --git a/StandIn/StandIn/hStandIn.cs b/StandIn/StandIn/hStandIn.cs index 8bb27c1..f1465f8 100644 --- a/StandIn/StandIn/hStandIn.cs +++ b/StandIn/StandIn/hStandIn.cs @@ -401,6 +401,12 @@ public static void getHelp() "StandIn.exe --adcs --filter Kingsport --ntaccount \"REDHOOK\\MBWillett\" --enroll --add\n" + "StandIn.exe --adcs --filter Kingsport --ntaccount \"REDHOOK\\MBWillett\" --enroll --remove --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n\n" + + "# Removes authorized signatures requirement by setting value to 0, can also restore signature value by specifying --restore , filter should contain exact name of the template\n" + + "StandIn.exe --adcs --filter Kingsport --signature --remove\n" + + "StandIn.exe --adcs --filter Kingsport --signature --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n\n" + + "StandIn.exe --adcs --filter Kingsport --signature --restore 1" + + "StandIn.exe --adcs --filter Kingsport --signature --restore 1 --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n\n" + + "# Create machine object\n" + "StandIn.exe --computer Innsmouth --make\n" + "StandIn.exe --computer Innsmouth --make --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n\n" +