VULHUB ™

This Metasploit module allows users to query a LDAP server for vulnerable certificate templates and will print these certificates out in a table along with which attack they are vulnerable to and the SIDs that can be used to enroll in that certificate template. Additionally the module will also print out a list of known certificate servers along with info about which vulnerable certificate templates the certificate server allows enrollment in and which SIDs are authorized to use that certificate server to perform this enrollment operation. Currently the module is capable of checking for certificates that are vulnerable to ESC1, ESC2, ESC3, and ESC13. The module is limited to checking for these techniques due to them being identifiable remotely from a normal user account by analyzing the objects in LDAP.

This Metasploit module allows users to query a LDAP server for vulnerable certificate templates and will print these certificates out in a table along with which attack they are vulnerable to and the SIDs that can be used to enroll in that certificate template. Additionally the module will also print out a list of known certificate servers along with info about which vulnerable certificate templates the certificate server allows enrollment in and which SIDs are authorized to use that certificate server to perform this enrollment operation. Currently the module is capable of checking for certificates that are vulnerable to ESC1, ESC2, ESC3, and ESC13. The module is limited to checking for these techniques due to them being identifiable remotely from a normal user account by analyzing the objects in LDAP.