Certipy.exe on windows - (sspi/ptt issue)

[YB1-cyber]

I've just read the article: https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7

I Learned of the new features '-sspi' and '-ptt'.

I compiled Certipy on windows using the command 'pyinstaller ./Certipy.spec', exactly as recommended in the article.
having session on a win VM as standard AD User, it works fine with user/password:
Certipy.exe find -u user -p password

But when I try the new feature '-sspi' that had been added in Certipy V4.0.0 it does not work, I use this command:
Certipy.exe find -sspi
And I get error:
[-] Got error: No module named 'unicrypto.backends.pycryptodomex'

I added a debug switch:
Certipy.exe find -sspi -debug
And I get this detailed error message:
[-] Got error: No module named 'unicrypto.backends.pycryptodomex' Traceback (most recent call last): File "certipy\entry.py", line 60, in main File "certipy\commands\parsers\find.py", line 12, in entry File "certipy\commands\find.py", line 1181, in entry File "certipy\lib\target.py", line 191, in from_options File "certipy\lib\target.py", line 109, in get_logon_session File "PyInstaller\loader\pyimod02_importers.py", line 352, in exec_module File "certipy\lib\sspi\__init__.py", line 1, in <module> File "PyInstaller\loader\pyimod02_importers.py", line 352, in exec_module File "certipy\lib\sspi\kerberos.py", line 3, in <module> File "PyInstaller\loader\pyimod02_importers.py", line 352, in exec_module File "certipy\lib\sspi\encryption.py", line 57, in <module> File "PyInstaller\loader\pyimod02_importers.py", line 352, in exec_module File "unicrypto\symmetric.py", line 82, in <module> File "unicrypto\__init__.py", line 79, in get_preferred_cipher File "unicrypto\__init__.py", line 57, in get_cipher_by

I Tried with the Latest version of Certipy 4.4.0 and got same error.

I even went back to the win Vm where I compiled , uninstalled unicrypto and pycryptodomex and installed again and re-compiled but, still, I get the same error.

Also Same error when I try to use Certipy.exe auth -ptt:
[*] Trying to inject ticket into session [-] Failed to inject ticket into session: No module named 'unicrypto.backends.pycryptodomex'

So maybe there's a problem with my compilation or maybe Win-Compiled Certipy does not support these new features: sspi,ptt ...

I Wonder if some1 else that reads this issue, can check it in his/her own computer and report?
maybe Certipy Authors ?

Thanks
YB1

[Ppsoft1991]

first need install unicrypto

and

.\pyinstaller.exe -F certipy.py --hidden-import unicrypto.backends.pycryptodomex

enjoy

[Ppsoft1991]

It probably means certipy.spec needs to be updated with that as a hidden import @ly4k

[0xVavaldi]

Ran into the same issue and solved it the same way. Successfully works with --sspi when running pyinstaller .\Certipy.spec