Last active
November 20, 2020 12:26
-
-
Save FriedrichWeinmann/927a2c1663c9f20f39e32ea565a00510 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Sample snippet to interact with the NTDS certificate store using windows APIs | |
| #> | |
| $source = @' | |
| using System; | |
| using System.Runtime.InteropServices; | |
| public static class StoreHelper | |
| { | |
| [DllImport("CRYPT32.DLL", EntryPoint="CertOpenStore", CharSet=CharSet.Auto, SetLastError=true)] | |
| public static extern IntPtr CertOpenStore( int storeProvider, int encodingType, IntPtr hcryptProv, int flags, IntPtr pvPara); | |
| [DllImport("Advapi32.dll", EntryPoint = "RegOpenKeyExW", CharSet = CharSet.Unicode)] | |
| public static extern int RegOpenKeyEx(IntPtr hKey, string lpSubKey, int ulOptions, int samDesired, out IntPtr phkResult); | |
| public static IntPtr RegOpenHklmKey(string Path) | |
| { | |
| IntPtr output = IntPtr.Zero; | |
| RegOpenKeyEx(new IntPtr(-2147483646), Path, 0, 983103, out output); | |
| return output; | |
| } | |
| } | |
| '@ | |
| Add-Type $source | |
| $reg = [StoreHelper]::RegOpenHklmKey("SOFTWARE\Microsoft\Cryptography\Services\NTDS\SystemCertificates\My\") | |
| # 'CERT_STORE_PROV_REG' = 4 | |
| $storePointer = [StoreHelper]::CertOpenStore(4, 1, [IntPtr]::Zero, 0, $reg) | |
| $store = [System.Security.Cryptography.X509Certificates.X509Store]::new($storePointer) | |
| # List Certificates | |
| $store.Certificates | |
| # Add Certificate | |
| $store.Add($cert) | |
| # Remove Certificate | |
| $store.Remove($cert) | |
| <# | |
| $cert is object of type: | |
| System.Security.Cryptography.X509Certificates.X509Certificate2 | |
| #> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment