ly4k · Hackndo · Dec 16, 2024
diff --git a/certipy/commands/auth.py b/certipy/commands/auth.py
@@ -106,6 +106,7 @@ def __init__(
         self,
         target: Target = None,
         pfx: str = None,
+        password: str = None,
         cert: x509.Certificate = None,
         key: rsa.RSAPublicKey = None,
         no_save: bool = False,
@@ -123,6 +124,7 @@ def __init__(
     ):
         self.target = target
         self.pfx = pfx
+        self.password = password
         self.cert = cert
         self.key = key
         self.no_save = no_save
@@ -144,8 +146,13 @@ def __init__(
         self.lm_hash: str = None
 
         if self.pfx is not None:
+            password = None
+            if self.password:
+                password = self.password.encode()
             with open(self.pfx, "rb") as f:
-                self.key, self.cert = load_pfx(f.read())
+                pfx = f.read()
+            self.key, self.cert = load_pfx(pfx, password)
+
 
     def authenticate(
         self, username: str = None, domain: str = None, is_key_credential=False

diff --git a/certipy/commands/parsers/auth.py b/certipy/commands/parsers/auth.py
@@ -23,6 +23,10 @@ def add_subparser(subparsers: argparse._SubParsersAction) -> Tuple[str, Callable
         required=True,
     )
 
+    subparser.add_argument(
+        "-password", action="store", metavar="password", help="Set import password"
+    )
+
     subparser.add_argument(
         "-no-save", action="store_true", help="Don't save TGT to file"
     )