From 0fefe063ad2d9f5933b8977633eeab1fa2f20a31 Mon Sep 17 00:00:00 2001 From: adfoster-r7 Date: Tue, 11 Feb 2025 20:49:08 +0000 Subject: [PATCH] Remove report note calls from vuln cert finder --- .../gather/ldap_esc_vulnerable_cert_finder.rb | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb b/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb index 74a95f9f605d..de063e90684b 100644 --- a/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb +++ b/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb @@ -543,7 +543,7 @@ def find_enrollable_vuln_certificate_templates ca_server_ip_address = get_ip_addresses_by_fqdn(ca_server_fqdn)&.first if ca_server_ip_address - service = report_service({ + report_service({ host: ca_server_ip_address, port: 445, proto: 'tcp', @@ -551,13 +551,6 @@ def find_enrollable_vuln_certificate_templates info: "AD CS CA name: #{ca_server[:name][0]}" }) - report_note({ - data: ca_server[:dn][0].to_s, - service: service, - host: ca_server_ip_address, - ntype: 'windows.ad.cs.ca.dn' - }) - report_host({ host: ca_server_ip_address, name: ca_server_fqdn @@ -618,7 +611,7 @@ def print_vulnerable_cert_info info = hash[:notes].select { |note| note.start_with?(prefix) }.map { |note| note.delete_prefix(prefix).strip }.join("\n") info = nil if info.blank? - hash[:ca_servers].each do |ca_fqdn, ca_server| + hash[:ca_servers].each_value do |ca_server| service = report_service({ host: ca_server[:ip_address], port: 445, @@ -641,14 +634,6 @@ def print_vulnerable_cert_info else vuln = nil end - - report_note({ - data: hash[:dn], - service: service, - host: ca_fqdn.to_s, - ntype: 'windows.ad.cs.ca.template.dn', - vuln_id: vuln&.id - }) end end end