Fix subject in generated certificate of shadow credentials

[martanne]

I had a recent engagement where shadow credentials were registered with a command like:

$ certipy shadow add -dc-ip 10.5.10.11 -scheme ldaps -u [email protected] -p password -account domainuser

However, authentication attempts over PKINIT would fail with (this is not the case in the Ludus environment):

[-] Name mismatch between certificate and user 'domainuser'

While investigating the generated certificate, it was noticed that the Subject contained a double CN=CN=.
This is due to the fact that the underlying pydsinternals library, internally assigns the CN property (not the whole subject).

$ openssl x509 -in domainuser.pfx -text | grep CN=CN=
        Issuer: CN=CN=domainuser
        Subject: CN=CN=domainuser

After applying the proposed changes, the certificate looks like this:

$ openssl x509 -in domainuser.pfx -text | grep CN=
        Issuer: CN=domainuser
        Subject: CN=domainuser

This matches the behavior of e.g. pywhisker (and impacket's ldap-shell, ntlmrelayx, ...):

$ pywhisker --dc-ip 10.5.10.11 -d ludus.domain -u domainadmin -p password --target domainuser --action add --filename pywhisker -P ''

Whose generated certificate looks like this:

$ openssl x509 -in pywhisker.pfx -text | grep CN=
        Issuer: CN=domainuser
        Subject: CN=domainuser

Authentication using PKINIT was tested and worked as expected with a command like:

$ certipy auth -dc-ip 10.5.10.11 -pfx domainuser.pfx -username domainuser -domain ludus.domain -no-hash

[zimedev]

thank you very much