adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HTTP/WebEnrollment.html
T

754 lines
43 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HTTP::WebEnrollment
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HTTP::WebEnrollment";
relpath = '../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../_index.html">Index (W)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span>
&raquo;
<span class="title">WebEnrollment</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HTTP::WebEnrollment
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../CertRequest.html" title="Msf::Exploit::Remote::CertRequest (module)">CertRequest</a></span>, <span class='object_link'><a href="../LDAP/ActiveDirectory/AdCsOpts.html" title="Msf::Exploit::Remote::LDAP::ActiveDirectory::AdCsOpts (module)">LDAP::ActiveDirectory::AdCsOpts</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http/web_enrollment.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module provides a way of interacting with the Microsoft AD/CS web enrollment portal</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#add_cert_entry-instance_method" title="#add_cert_entry (instance method)">#<strong>add_cert_entry</strong>(connection_identity, cert_template) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#cert_issued%3F-instance_method" title="#cert_issued? (instance method)">#<strong>cert_issued?</strong>(connection_identity, cert_template) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#do_request_cert-instance_method" title="#do_request_cert (instance method)">#<strong>do_request_cert</strong>(http_client, opts, csr, attributes) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_templates-instance_method" title="#get_cert_templates (instance method)">#<strong>get_cert_templates</strong>(http_client) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#report_web_enrollment_service-instance_method" title="#report_web_enrollment_service (instance method)">#<strong>report_web_enrollment_service</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#retrieve_cert-instance_method" title="#retrieve_cert (instance method)">#<strong>retrieve_cert</strong>(http_client, connection_identity, cert_template) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#retrieve_certs-instance_method" title="#retrieve_certs (instance method)">#<strong>retrieve_certs</strong>(http_client, connection_identity, cert_templates) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../LDAP/ActiveDirectory/AdCsOpts.html" title="Msf::Exploit::Remote::LDAP::ActiveDirectory::AdCsOpts (module)">LDAP::ActiveDirectory::AdCsOpts</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../LDAP/ActiveDirectory/AdCsOpts.html#initialize-instance_method" title="Msf::Exploit::Remote::LDAP::ActiveDirectory::AdCsOpts#initialize (method)">#initialize</a></span>, <span class='object_link'><a href="../LDAP/ActiveDirectory/AdCsOpts.html#validate-instance_method" title="Msf::Exploit::Remote::LDAP::ActiveDirectory::AdCsOpts#validate (method)">#validate</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../CertRequest.html" title="Msf::Exploit::Remote::CertRequest (module)">CertRequest</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../CertRequest.html#create_csr-instance_method" title="Msf::Exploit::Remote::CertRequest#create_csr (method)">#create_csr</a></span>, <span class='object_link'><a href="../CertRequest.html#get_cert_msext_sid-instance_method" title="Msf::Exploit::Remote::CertRequest#get_cert_msext_sid (method)">#get_cert_msext_sid</a></span>, <span class='object_link'><a href="../CertRequest.html#get_cert_msext_upn-instance_method" title="Msf::Exploit::Remote::CertRequest#get_cert_msext_upn (method)">#get_cert_msext_upn</a></span>, <span class='object_link'><a href="../CertRequest.html#get_cert_policy_oids-instance_method" title="Msf::Exploit::Remote::CertRequest#get_cert_policy_oids (method)">#get_cert_policy_oids</a></span>, <span class='object_link'><a href="../CertRequest.html#get_cert_san-instance_method" title="Msf::Exploit::Remote::CertRequest#get_cert_san (method)">#get_cert_san</a></span>, <span class='object_link'><a href="../CertRequest.html#get_cert_san_dns-instance_method" title="Msf::Exploit::Remote::CertRequest#get_cert_san_dns (method)">#get_cert_san_dns</a></span>, <span class='object_link'><a href="../CertRequest.html#get_cert_san_email-instance_method" title="Msf::Exploit::Remote::CertRequest#get_cert_san_email (method)">#get_cert_san_email</a></span>, <span class='object_link'><a href="../CertRequest.html#get_cert_san_uri-instance_method" title="Msf::Exploit::Remote::CertRequest#get_cert_san_uri (method)">#get_cert_san_uri</a></span>, <span class='object_link'><a href="../CertRequest.html#with_adcs_certificate_request-instance_method" title="Msf::Exploit::Remote::CertRequest#with_adcs_certificate_request (method)">#with_adcs_certificate_request</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="add_cert_entry-instance_method">
#<strong>add_cert_entry</strong>(connection_identity, cert_template) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
30
31
32
33
34
35
36</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/web_enrollment.rb', line 30</span>
<span class='kw'>def</span> <span class='id identifier rubyid_add_cert_entry'>add_cert_entry</span><span class='lparen'>(</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_template'>cert_template</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='ivar'>@issued_certs</span><span class='period'>.</span><span class='id identifier rubyid_key?'>key?</span><span class='lparen'>(</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='rparen'>)</span>
<span class='ivar'>@issued_certs</span><span class='lbracket'>[</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='rbracket'>]</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_cert_template'>cert_template</span>
<span class='kw'>else</span>
<span class='ivar'>@issued_certs</span><span class='lbracket'>[</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='lbracket'>[</span> <span class='id identifier rubyid_cert_template'>cert_template</span> <span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cert_issued?-instance_method">
#<strong>cert_issued?</strong>(connection_identity, cert_template) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
49
50
51</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/web_enrollment.rb', line 49</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cert_issued?'>cert_issued?</span><span class='lparen'>(</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_template'>cert_template</span><span class='rparen'>)</span>
<span class='op'>!</span><span class='op'>!</span><span class='ivar'>@issued_certs</span><span class='lbracket'>[</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='rbracket'>]</span><span class='op'>&amp;.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="do_request_cert-instance_method">
#<strong>do_request_cert</strong>(http_client, opts, csr, attributes) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/web_enrollment.rb', line 71</span>
<span class='kw'>def</span> <span class='id identifier rubyid_do_request_cert'>do_request_cert</span><span class='lparen'>(</span><span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_raw'>send_request_raw</span><span class='lparen'>(</span>
<span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>client</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>POST</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>TARGETURI</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>certfnsh.asp</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ctype</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/x-www-form-urlencoded</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>vars_post</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Mode</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>newreq</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CertRequest</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_encode_base64'>encode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CertAttrib</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_k'>k</span><span class='comma'>,</span> <span class='id identifier rubyid_v'>v</span><span class='op'>|</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_k'>k</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_v'>v</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>TargetStoreFlags</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='int'>0</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SaveCert</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>yes</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ThumbPrint</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>cgi</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_cert_template'>cert_template</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert_template</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_connection_identity'>connection_identity</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:domain</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_print_bad'>print_bad</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Certificate request failed, no response was received from the server</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>request was denied</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_bad'>print_bad</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate request denied using template </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='embexpr_end'>}</span><span class='tstring_content'> for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>request failed</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_bad'>print_bad</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate request failed using template </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='embexpr_end'>}</span><span class='tstring_content'> for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>401</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>invalid credentials</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_bad'>print_bad</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Invalid Credential Error returned when using template </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='embexpr_end'>}</span><span class='tstring_content'> for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate generated using template </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='embexpr_end'>}</span><span class='tstring_content'> for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_add_cert_entry'>add_cert_entry</span><span class='lparen'>(</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_template'>cert_template</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_location_tag'>location_tag</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^.*location=&quot;(.*)&quot;</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='kw'>rescue</span> <span class='const'>NoMethodError</span>
<span class='id identifier rubyid_print_bad'>print_bad</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Unable to locate location tag</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_location_uri'>location_uri</span> <span class='op'>=</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='comma'>,</span> <span class='id identifier rubyid_location_tag'>location_tag</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Attempting to download the certificate from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_location_uri'>location_uri</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_raw'>send_request_raw</span><span class='lparen'>(</span>
<span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>client</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>GET</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_location_uri'>location_uri</span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_templates-instance_method">
#<strong>get_cert_templates</strong>(http_client) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/web_enrollment.rb', line 14</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_templates'>get_cert_templates</span><span class='lparen'>(</span><span class='id identifier rubyid_http_client'>http_client</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Retrieving available template list, this may take a few minutes</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_raw'>send_request_raw</span><span class='lparen'>(</span>
<span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>client</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>GET</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>certrqxt.asp</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span>
<span class='id identifier rubyid_cert_templates'>cert_templates</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_scan'>scan</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^.*Option Value=&quot;[E|O];(.*?);</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span><span class='lparen'>(</span><span class='op'>&amp;</span><span class='symbol'>:first</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_bad'>print_bad</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Found no available certificate templates</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_cert_templates'>cert_templates</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_cert_templates'>cert_templates</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="report_web_enrollment_service-instance_method">
#<strong>report_web_enrollment_service</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
133
134
135
136
137
138
139
140
141
142
143
144</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/web_enrollment.rb', line 133</span>
<span class='kw'>def</span> <span class='id identifier rubyid_report_web_enrollment_service'>report_web_enrollment_service</span>
<span class='id identifier rubyid_common'>common</span> <span class='op'>=</span> <span class='lbrace'>{</span> <span class='label'>host:</span> <span class='id identifier rubyid_rhost'>rhost</span><span class='comma'>,</span> <span class='label'>port:</span> <span class='id identifier rubyid_rport'>rport</span><span class='comma'>,</span> <span class='label'>proto:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_report_service'>report_service</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='label'>name:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>AD CS Web Enrollment</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>parents:</span> <span class='lbrace'>{</span>
<span class='label'>name:</span> <span class='id identifier rubyid_ssl'>ssl</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>https</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>http</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>parents:</span> <span class='lbrace'>{</span>
<span class='label'>name:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_merge'>merge</span><span class='lparen'>(</span><span class='id identifier rubyid_common'>common</span><span class='rparen'>)</span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_merge'>merge</span><span class='lparen'>(</span><span class='id identifier rubyid_common'>common</span><span class='rparen'>)</span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_merge'>merge</span><span class='lparen'>(</span><span class='id identifier rubyid_common'>common</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="retrieve_cert-instance_method">
#<strong>retrieve_cert</strong>(http_client, connection_identity, cert_template) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/web_enrollment.rb', line 53</span>
<span class='kw'>def</span> <span class='id identifier rubyid_retrieve_cert'>retrieve_cert</span><span class='lparen'>(</span><span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span> <span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_template'>cert_template</span><span class='rparen'>)</span>
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='label'>username:</span> <span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_last'>last</span><span class='comma'>,</span>
<span class='label'>domain:</span> <span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span><span class='comma'>,</span> <span class='comment'># this is slightly inconsistent since it&#39;s the NETBIOS domain name not FQDN
</span> <span class='label'>cert_template:</span> <span class='id identifier rubyid_cert_template'>cert_template</span><span class='comma'>,</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_with_adcs_certificate_request'>with_adcs_certificate_request</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span> <span class='op'>=</span> <span class='id identifier rubyid_do_request_cert'>do_request_cert</span><span class='lparen'>(</span><span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='comment'># Unlike with MS-ICPR we&#39;re not confident the target is the AD CS service we think it is until a
</span> <span class='comment'># certificate is issued so wait and only report the service if it worked
</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:service</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_report_web_enrollment_service'>report_web_enrollment_service</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_certificate'>certificate</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="retrieve_certs-instance_method">
#<strong>retrieve_certs</strong>(http_client, connection_identity, cert_templates) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
38
39
40
41
42
43
44
45
46
47</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/web_enrollment.rb', line 38</span>
<span class='kw'>def</span> <span class='id identifier rubyid_retrieve_certs'>retrieve_certs</span><span class='lparen'>(</span><span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span> <span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_templates'>cert_templates</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cert_templates'>cert_templates</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_cert_issued?'>cert_issued?</span><span class='lparen'>(</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_template'>cert_template</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate already created for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='embexpr_end'>}</span><span class='tstring_content'> using </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='embexpr_end'>}</span><span class='tstring_content'>, skipping...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>next</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_retrieve_cert'>retrieve_cert</span><span class='lparen'>(</span><span class='id identifier rubyid_http_client'>http_client</span><span class='comma'>,</span> <span class='id identifier rubyid_connection_identity'>connection_identity</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_template'>cert_template</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:28 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink