adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/CertRequest.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1688 lines
103 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::CertRequest
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::CertRequest";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (C)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span>
&raquo;
<span class="title">CertRequest</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::CertRequest
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="HTTP/WebEnrollment.html" title="Msf::Exploit::Remote::HTTP::WebEnrollment (module)">HTTP::WebEnrollment</a></span>, <span class='object_link'><a href="MsIcpr.html" title="Msf::Exploit::Remote::MsIcpr (module)">MsIcpr</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/cert_request.rb</dd>
</dl>
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#create_csr-instance_method" title="#create_csr (instance method)">#<strong>create_csr</strong>(opts = {}) &#x21d2; Array(Rex::Proto::X509::Request, OpenSSL::PKey::RSA, Hash) </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The signed CSR, the private key used to sign it, and a hash of enrollment request attributes (e.g. <code>CertificateTemplate</code>, <code>SAN</code>); when both <code>:pkcs12</code> and <code>:on_behalf_of</code> are supplied the first element is a <span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/Cms/ContentInfo.html" title="Rex::Proto::CryptoAsn1::Cms::ContentInfo (class)">Rex::Proto::CryptoAsn1::Cms::ContentInfo</a></span> wrapping the inner CMC request instead.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_msext_sid-instance_method" title="#get_cert_msext_sid (instance method)">#<strong>get_cert_msext_sid</strong>(cert) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Get the object security identifier (SID) from the certificate.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_msext_upn-instance_method" title="#get_cert_msext_upn (instance method)">#<strong>get_cert_msext_upn</strong>(cert) &#x21d2; Array&lt;String&gt; </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Get the User Principal Name (UPN) from the certificate.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_policy_oids-instance_method" title="#get_cert_policy_oids (instance method)">#<strong>get_cert_policy_oids</strong>(cert) &#x21d2; Array&lt;Rex::Proto::CryptoAsn1::ObjectId&gt; </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Get the certificate policy OIDs from the certificate.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_san-instance_method" title="#get_cert_san (instance method)">#<strong>get_cert_san</strong>(cert) &#x21d2; Rex::Proto::CryptoAsn1::X509::SubjectAltName </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Get the SubjectAltName (SAN) field from the certificate.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_san_dns-instance_method" title="#get_cert_san_dns (instance method)">#<strong>get_cert_san_dns</strong>(cert) &#x21d2; Array&lt;String&gt; </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Get the DNS hostnames from the certificate.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_san_email-instance_method" title="#get_cert_san_email (instance method)">#<strong>get_cert_san_email</strong>(cert) &#x21d2; Array&lt;String&gt; </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Get the E-mail addresses from the certificate.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_cert_san_uri-instance_method" title="#get_cert_san_uri (instance method)">#<strong>get_cert_san_uri</strong>(cert) &#x21d2; Array&lt;String&gt; </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Get the URI/URL from the certificate.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#with_adcs_certificate_request-instance_method" title="#with_adcs_certificate_request (instance method)">#<strong>with_adcs_certificate_request</strong>(opts) {|csr, attributes| ... } &#x21d2; OpenSSL::PKCS12<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Build a CSR and coordinate the full ADCS certificate enrollment lifecycle.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="create_csr-instance_method">
#<strong>create_csr</strong>(opts = {}) &#x21d2; <tt>Array(<span class='object_link'><a href="../../../Rex/Proto/X509/Request.html" title="Rex::Proto::X509::Request (class)">Rex::Proto::X509::Request</a></span>, OpenSSL::PKey::RSA, Hash)</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the signed CSR, the private key used to sign it, and a hash of enrollment request attributes (e.g. <code>CertificateTemplate</code>, <code>SAN</code>); when both <code>:pkcs12</code> and <code>:on_behalf_of</code> are supplied the first element is a <span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/Cms/ContentInfo.html" title="Rex::Proto::CryptoAsn1::Cms::ContentInfo (class)">Rex::Proto::CryptoAsn1::Cms::ContentInfo</a></span> wrapping the inner CMC request instead.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
</li>
</ul>
<p class="tag_title">Options Hash (<tt>opts</tt>):</p>
<ul class="option">
<li>
<span class="name">:username</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>the CN to embed in the CSR subject</p>
</div>
</li>
<li>
<span class="name">:private_key</span>
<span class="type">(<tt>OpenSSL::PKey::RSA</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>an existing key to sign with; a new one is generated when omitted</p>
</div>
</li>
<li>
<span class="name">:rsa_key_size</span>
<span class="type">(<tt>Integer</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>key size in bits (default: RSAKeySize datastore option, or 2048)</p>
</div>
</li>
<li>
<span class="name">:algorithm</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>digest algorithm (default: DigestAlgorithm datastore option, or SHA256)</p>
</div>
</li>
<li>
<span class="name">:alt_dns</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>DNS subjectAltName value</p>
</div>
</li>
<li>
<span class="name">:alt_upn</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>UPN subjectAltName value (Microsoft OID)</p>
</div>
</li>
<li>
<span class="name">:alt_sid</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>SID subjectAltName value (Microsoft NTDS CA security extension)</p>
</div>
</li>
<li>
<span class="name">:add_cert_app_policy</span>
<span class="type">(<tt>Array&lt;String&gt;</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>application policy OIDs to embed</p>
</div>
</li>
<li>
<span class="name">:pkcs12</span>
<span class="type">(<tt>OpenSSL::PKCS12</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>agent certificate used to sign an on-behalf-of request</p>
</div>
</li>
<li>
<span class="name">:on_behalf_of</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>UPN of the subject to request a certificate on behalf of</p>
</div>
</li>
<li>
<span class="name">:cert_template</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>the AD CS certificate template to request</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array(<span class='object_link'><a href="../../../Rex/Proto/X509/Request.html" title="Rex::Proto::X509::Request (class)">Rex::Proto::X509::Request</a></span>, OpenSSL::PKey::RSA, Hash)</tt>)</span>
&mdash;
<div class='inline'>
<p>the signed CSR, the private key used to sign it, and a hash of enrollment request attributes (e.g. <code>CertificateTemplate</code>, <code>SAN</code>); when both <code>:pkcs12</code> and <code>:on_behalf_of</code> are supplied the first element is a <span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/Cms/ContentInfo.html" title="Rex::Proto::CryptoAsn1::Cms::ContentInfo (class)">Rex::Proto::CryptoAsn1::Cms::ContentInfo</a></span> wrapping the inner CMC request instead</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 28</span>
<span class='kw'>def</span> <span class='id identifier rubyid_create_csr'>create_csr</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rsa_key_size'>rsa_key_size</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:rsa_key_size</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RSAKeySize</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='int'>2048</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RSAKeySize</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span> <span class='rbrace'>}</span>
<span class='comment'># can we double check if the key size is correct here when we are passed a private key?
</span> <span class='id identifier rubyid_private_key'>private_key</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:private_key</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_rsa_key_size'>rsa_key_size</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_private_key'>private_key</span><span class='period'>.</span><span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span> <span class='op'>!=</span> <span class='id identifier rubyid_rsa_key_size'>rsa_key_size</span>
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>RSA key size mismatch</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>RSA key size mismatch in create_csr()</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_user'>user</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_status_msg'>status_msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Building a certificate signing request for user </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_user'>user</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_status_msg'>status_msg</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> - RSA key size: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_rsa_key_size'>rsa_key_size</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_alt_dns'>alt_dns</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:alt_dns</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ALT_DNS</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ALT_DNS</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_alt_sid'>alt_sid</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:alt_sid</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ALT_SID</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ALT_SID</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_alt_upn'>alt_upn</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:alt_upn</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ALT_UPN</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ALT_UPN</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_algorithm'>algorithm</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:algorithm</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DigestAlgorithm</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SHA256</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DigestAlgorithm</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_application_policies'>application_policies</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:add_cert_app_policy</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ADD_CERT_APP_POLICY</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ADD_CERT_APP_POLICY</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>[;,]\s*|\s+</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_cert_template'>cert_template</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:cert_template</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CERT_TEMPLATE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CERT_TEMPLATE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_status_msg'>status_msg</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> - alternate DNS: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alt_dns'>alt_dns</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_alt_dns'>alt_dns</span>
<span class='id identifier rubyid_status_msg'>status_msg</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> - alternate UPN: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alt_upn'>alt_upn</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_alt_upn'>alt_upn</span>
<span class='id identifier rubyid_status_msg'>status_msg</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> - digest algorithm: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_algorithm'>algorithm</span>
<span class='id identifier rubyid_status_msg'>status_msg</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> - template: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_template'>cert_template</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_cert_template'>cert_template</span>
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html" title="Rex::Proto::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509/Request.html" title="Rex::Proto::X509::Request (class)">Request</a></span></span><span class='period'>.</span><span class='id identifier rubyid_build_csr'><span class='object_link'><a href="../../../Rex/Proto/X509/Request.html#build_csr-class_method" title="Rex::Proto::X509::Request.build_csr (method)">build_csr</a></span></span><span class='lparen'>(</span>
<span class='label'>cn:</span> <span class='id identifier rubyid_user'>user</span><span class='comma'>,</span>
<span class='label'>private_key:</span> <span class='id identifier rubyid_private_key'>private_key</span><span class='comma'>,</span>
<span class='label'>dns:</span> <span class='id identifier rubyid_alt_dns'>alt_dns</span><span class='comma'>,</span>
<span class='label'>msext_sid:</span> <span class='id identifier rubyid_alt_sid'>alt_sid</span><span class='comma'>,</span>
<span class='label'>msext_upn:</span> <span class='id identifier rubyid_alt_upn'>alt_upn</span><span class='comma'>,</span>
<span class='label'>algorithm:</span> <span class='id identifier rubyid_algorithm'>algorithm</span><span class='comma'>,</span>
<span class='label'>application_policies:</span> <span class='id identifier rubyid_application_policies'>application_policies</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_key?'>key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:pkcs12</span><span class='rbracket'>]</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PFX</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span>
<span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_binread'>binread</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PFX</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_on_behalf_of'>on_behalf_of</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:on_behalf_of</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ON_BEHALF_OF</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ON_BEHALF_OF</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_status_msg'>status_msg</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> - on behalf of: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_on_behalf_of'>on_behalf_of</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_on_behalf_of'>on_behalf_of</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_on_behalf_of'>on_behalf_of</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Building certificate request on behalf of </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_on_behalf_of'>on_behalf_of</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html" title="Rex::Proto::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509/Request.html" title="Rex::Proto::X509::Request (class)">Request</a></span></span><span class='period'>.</span><span class='id identifier rubyid_build_on_behalf_of'><span class='object_link'><a href="../../../Rex/Proto/X509/Request.html#build_on_behalf_of-class_method" title="Rex::Proto::X509::Request.build_on_behalf_of (method)">build_on_behalf_of</a></span></span><span class='lparen'>(</span>
<span class='label'>csr:</span> <span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span>
<span class='label'>on_behalf_of:</span> <span class='id identifier rubyid_on_behalf_of'>on_behalf_of</span><span class='comma'>,</span>
<span class='label'>cert:</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_certificate'>certificate</span><span class='comma'>,</span>
<span class='label'>key:</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span>
<span class='label'>algorithm:</span> <span class='id identifier rubyid_algorithm'>algorithm</span>
<span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span> <span class='id identifier rubyid_status_msg'>status_msg</span>
<span class='id identifier rubyid_attributes'>attributes</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_attributes'>attributes</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CertificateTemplate</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_cert_template'>cert_template</span> <span class='kw'>if</span> <span class='id identifier rubyid_cert_template'>cert_template</span>
<span class='id identifier rubyid_san'>san</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_san'>san</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>dns=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alt_dns'>alt_dns</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_alt_dns'>alt_dns</span>
<span class='id identifier rubyid_san'>san</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>upn=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alt_upn'>alt_upn</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_alt_upn'>alt_upn</span>
<span class='kw'>if</span> <span class='id identifier rubyid_alt_sid'>alt_sid</span>
<span class='id identifier rubyid_san'>san</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>url=</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html" title="Rex::Proto::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html#SAN_URL_PREFIX-constant" title="Rex::Proto::X509::SAN_URL_PREFIX (constant)">SAN_URL_PREFIX</a></span></span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alt_sid'>alt_sid</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_san'>san</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>url=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alt_sid'>alt_sid</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_attributes'>attributes</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SAN</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_san'>san</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>&amp;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='kw'>unless</span> <span class='id identifier rubyid_san'>san</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span> <span class='id identifier rubyid_private_key'>private_key</span><span class='comma'>,</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_msext_sid-instance_method">
#<strong>get_cert_msext_sid</strong>(cert) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Get the object security identifier (SID) from the certificate. This is a Microsoft specific extension.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cert</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The SID if it was found, otherwise nil.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
246
247
248
249
250
251
252
253
254</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 246</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_msext_sid'>get_cert_msext_sid</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ext'>ext</span> <span class='op'>=</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_e'>e</span><span class='op'>|</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_oid'>oid</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html" title="Rex::Proto::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html#OID_NTDS_CA_SECURITY_EXT-constant" title="Rex::Proto::X509::OID_NTDS_CA_SECURITY_EXT (constant)">OID_NTDS_CA_SECURITY_EXT</a></span></span> <span class='rbrace'>}</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='id identifier rubyid_ext'>ext</span>
<span class='id identifier rubyid_ntds_ca_security_ext'>ntds_ca_security_ext</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/NtdsCaSecurityExt.html" title="Rex::Proto::CryptoAsn1::NtdsCaSecurityExt (class)">NtdsCaSecurityExt</a></span></span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_ext'>ext</span><span class='period'>.</span><span class='id identifier rubyid_value_der'>value_der</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='id identifier rubyid_ntds_ca_security_ext'>ntds_ca_security_ext</span><span class='lbracket'>[</span><span class='symbol'>:OtherName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:type_id</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html" title="Rex::Proto::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html#OID_NTDS_OBJECTSID-constant" title="Rex::Proto::X509::OID_NTDS_OBJECTSID (constant)">OID_NTDS_OBJECTSID</a></span></span>
<span class='id identifier rubyid_ntds_ca_security_ext'>ntds_ca_security_ext</span><span class='lbracket'>[</span><span class='symbol'>:OtherName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:value</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_msext_upn-instance_method">
#<strong>get_cert_msext_upn</strong>(cert) &#x21d2; <tt>Array&lt;String&gt;</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Get the User Principal Name (UPN) from the certificate. This is a Microsoft specific extension.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cert</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;String&gt;</tt>)</span>
&mdash;
<div class='inline'>
<p>The UPNs if any were found.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
260
261
262
263
264
265
266
267
268</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 260</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_msext_upn'>get_cert_msext_upn</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='lbracket'>[</span><span class='rbracket'>]</span> <span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_san'>san</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_san'>get_cert_san</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_san'>san</span><span class='lbracket'>[</span><span class='symbol'>:GeneralNames</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:otherName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:type_id</span><span class='rbracket'>]</span><span class='op'>&amp;.</span><span class='id identifier rubyid_value'>value</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html" title="Rex::Proto::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/X509.html#OID_NT_PRINCIPAL_NAME-constant" title="Rex::Proto::X509::OID_NT_PRINCIPAL_NAME (constant)">OID_NT_PRINCIPAL_NAME</a></span></span>
<span class='kw'>end</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>Utf8String</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:otherName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:value</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='label'>explicit:</span> <span class='int'>0</span><span class='comma'>,</span> <span class='label'>constructed:</span> <span class='kw'>true</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_policy_oids-instance_method">
#<strong>get_cert_policy_oids</strong>(cert) &#x21d2; <tt>Array&lt;<span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/ObjectId.html" title="Rex::Proto::CryptoAsn1::ObjectId (class)">Rex::Proto::CryptoAsn1::ObjectId</a></span>&gt;</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Get the certificate policy OIDs from the certificate.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cert</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;<span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/ObjectId.html" title="Rex::Proto::CryptoAsn1::ObjectId (class)">Rex::Proto::CryptoAsn1::ObjectId</a></span>&gt;</tt>)</span>
&mdash;
<div class='inline'>
<p>The policy OIDs if any were found.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 206</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_policy_oids'>get_cert_policy_oids</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='id identifier rubyid_all_oids'>all_oids</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='comment'># ms-app-policies (CertificatePolicies) - existing handling
</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_ext'>ext</span> <span class='op'>=</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_e'>e</span><span class='op'>|</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_oid'>oid</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ms-app-policies</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_cert_policies'>cert_policies</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/X509.html" title="Rex::Proto::CryptoAsn1::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/X509/CertificatePolicies.html" title="Rex::Proto::CryptoAsn1::X509::CertificatePolicies (class)">CertificatePolicies</a></span></span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_ext'>ext</span><span class='period'>.</span><span class='id identifier rubyid_value_der'>value_der</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cert_policies'>cert_policies</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_policy_info'>policy_info</span><span class='op'>|</span>
<span class='id identifier rubyid_oid_string'>oid_string</span> <span class='op'>=</span> <span class='id identifier rubyid_policy_info'>policy_info</span><span class='lbracket'>[</span><span class='symbol'>:policyIdentifier</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_all_oids'>all_oids</span> <span class='op'>&lt;&lt;</span> <span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/OIDs.html" title="Rex::Proto::CryptoAsn1::OIDs (class)">OIDs</a></span></span><span class='period'>.</span><span class='id identifier rubyid_value'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/OIDs.html#value-class_method" title="Rex::Proto::CryptoAsn1::OIDs.value (method)">value</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_oid_string'>oid_string</span><span class='rparen'>)</span> <span class='op'>||</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/ObjectId.html" title="Rex::Proto::CryptoAsn1::ObjectId (class)">ObjectId</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/ObjectId.html#initialize-instance_method" title="Rex::Proto::CryptoAsn1::ObjectId#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_oid_string'>oid_string</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='const'>StandardError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to parse ms-app-policies from certificate with subject:\&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot; and issuer:\&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot;. </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span><span class='embexpr_end'>}</span><span class='tstring_content'>: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='comment'># extendedKeyUsage - SEQUENCE OF OBJECT IDENTIFIER
</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_eku_ext'>eku_ext</span> <span class='op'>=</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_e'>e</span><span class='op'>|</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_oid'>oid</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>extendedKeyUsage</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_asn1'>asn1</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='period'>.</span><span class='id identifier rubyid_decode'>decode</span><span class='lparen'>(</span><span class='id identifier rubyid_eku_ext'>eku_ext</span><span class='period'>.</span><span class='id identifier rubyid_value_der'>value_der</span><span class='rparen'>)</span>
<span class='comment'># asn1 should be a Sequence whose children are OBJECT IDENTIFIER nodes
</span> <span class='kw'>if</span> <span class='id identifier rubyid_asn1'>asn1</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>Sequence</span><span class='rparen'>)</span>
<span class='id identifier rubyid_asn1'>asn1</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_node'>node</span><span class='op'>|</span>
<span class='kw'>next</span> <span class='kw'>unless</span> <span class='id identifier rubyid_node'>node</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ObjectId</span><span class='rparen'>)</span>
<span class='id identifier rubyid_oid_string'>oid_string</span> <span class='op'>=</span> <span class='id identifier rubyid_node'>node</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_all_oids'>all_oids</span> <span class='op'>&lt;&lt;</span> <span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/OIDs.html" title="Rex::Proto::CryptoAsn1::OIDs (class)">OIDs</a></span></span><span class='period'>.</span><span class='id identifier rubyid_value'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/OIDs.html#value-class_method" title="Rex::Proto::CryptoAsn1::OIDs.value (method)">value</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_oid_string'>oid_string</span><span class='rparen'>)</span> <span class='op'>||</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/ObjectId.html" title="Rex::Proto::CryptoAsn1::ObjectId (class)">ObjectId</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/ObjectId.html#initialize-instance_method" title="Rex::Proto::CryptoAsn1::ObjectId#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_oid_string'>oid_string</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='const'>StandardError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to parse extendedKeyUsage from certificate with subject:\&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot; and issuer:\&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot;. </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span><span class='embexpr_end'>}</span><span class='tstring_content'>: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_all_oids'>all_oids</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_san-instance_method">
#<strong>get_cert_san</strong>(cert) &#x21d2; <tt><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/X509/SubjectAltName.html" title="Rex::Proto::CryptoAsn1::X509::SubjectAltName (class)">Rex::Proto::CryptoAsn1::X509::SubjectAltName</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Get the SubjectAltName (SAN) field from the certificate.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cert</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/X509/SubjectAltName.html" title="Rex::Proto::CryptoAsn1::X509::SubjectAltName (class)">Rex::Proto::CryptoAsn1::X509::SubjectAltName</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The parsed SAN.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
274
275
276
277
278
279</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 274</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_san'>get_cert_san</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ext'>ext</span> <span class='op'>=</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_e'>e</span><span class='op'>|</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_oid'>oid</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>subjectAltName</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='id identifier rubyid_ext'>ext</span>
<span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/X509.html" title="Rex::Proto::CryptoAsn1::X509 (module)">X509</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/X509/SubjectAltName.html" title="Rex::Proto::CryptoAsn1::X509::SubjectAltName (class)">SubjectAltName</a></span></span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_ext'>ext</span><span class='period'>.</span><span class='id identifier rubyid_value_der'>value_der</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_san_dns-instance_method">
#<strong>get_cert_san_dns</strong>(cert) &#x21d2; <tt>Array&lt;String&gt;</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Get the DNS hostnames from the certificate.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cert</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;String&gt;</tt>)</span>
&mdash;
<div class='inline'>
<p>The DNS names if any were found.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
285
286
287
288
289
290
291
292
293</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 285</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_san_dns'>get_cert_san_dns</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='lbracket'>[</span><span class='rbracket'>]</span> <span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_san'>san</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_san'>get_cert_san</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_san'>san</span><span class='lbracket'>[</span><span class='symbol'>:GeneralNames</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:dNSName</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value?'>value?</span>
<span class='kw'>end</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:dNSName</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_san_email-instance_method">
#<strong>get_cert_san_email</strong>(cert) &#x21d2; <tt>Array&lt;String&gt;</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Get the E-mail addresses from the certificate.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cert</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;String&gt;</tt>)</span>
&mdash;
<div class='inline'>
<p>The E-mail addresses if any were found.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
299
300
301
302
303
304
305
306
307</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 299</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_san_email'>get_cert_san_email</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='lbracket'>[</span><span class='rbracket'>]</span> <span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_san'>san</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_san'>get_cert_san</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_san'>san</span><span class='lbracket'>[</span><span class='symbol'>:GeneralNames</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:rfc822Name</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value?'>value?</span>
<span class='kw'>end</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:rfc822Name</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_cert_san_uri-instance_method">
#<strong>get_cert_san_uri</strong>(cert) &#x21d2; <tt>Array&lt;String&gt;</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Get the URI/URL from the certificate.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cert</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;String&gt;</tt>)</span>
&mdash;
<div class='inline'>
<p>The URIs/URLs if any were found.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
313
314
315
316
317
318
319
320
321</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 313</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_cert_san_uri'>get_cert_san_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='lbracket'>[</span><span class='rbracket'>]</span> <span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_san'>san</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_san'>get_cert_san</span><span class='lparen'>(</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_san'>san</span><span class='lbracket'>[</span><span class='symbol'>:GeneralNames</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:uniformResourceIdentifier</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value?'>value?</span>
<span class='kw'>end</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_gn'>gn</span><span class='op'>|</span>
<span class='id identifier rubyid_gn'>gn</span><span class='lbracket'>[</span><span class='symbol'>:uniformResourceIdentifier</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="with_adcs_certificate_request-instance_method">
#<strong>with_adcs_certificate_request</strong>(opts) {|csr, attributes| ... } &#x21d2; <tt>OpenSSL::PKCS12</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Build a CSR and coordinate the full ADCS certificate enrollment lifecycle.</p>
<p>Constructs a CSR via <span class='object_link'><a href="#create_csr-instance_method" title="Msf::Exploit::Remote::CertRequest#create_csr (method)">#create_csr</a></span>, yields it together with the enrollment attributes to the caller-supplied block, which is responsible for the actual transport (MS-ICPR, Web Enrollment, etc.). After the block returns a certificate, this method validates policy OIDs, logs certificate fields, stores the PKCS#12 as loot, and optionally records a credential.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>options forwarded to <span class='object_link'><a href="#create_csr-instance_method" title="Msf::Exploit::Remote::CertRequest#create_csr (method)">#create_csr</a></span> plus the following:</p>
</div>
</li>
</ul>
<p class="tag_title">Options Hash (<tt>opts</tt>):</p>
<ul class="option">
<li>
<span class="name">:username</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>the CN to embed in the CSR subject</p>
</div>
</li>
<li>
<span class="name">:domain</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>the AD domain used as the credential realm when a UPN domain cannot be derived from the certificate</p>
</div>
</li>
<li>
<span class="name">:service_data</span>
<span class="type">(<tt>Hash</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>service attributes used to create a credential record; when omitted no credential is stored</p>
</div>
</li>
</ul>
<p class="tag_title">Yield Parameters:</p>
<ul class="yieldparam">
<li>
<span class='name'>csr</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Proto/X509/Request.html" title="Rex::Proto::X509::Request (class)">Rex::Proto::X509::Request</a></span></tt>, <tt><span class='object_link'><a href="../../../Rex/Proto/CryptoAsn1/Cms/ContentInfo.html" title="Rex::Proto::CryptoAsn1::Cms::ContentInfo (class)">Rex::Proto::CryptoAsn1::Cms::ContentInfo</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>the signed CSR (or CMC-wrapped request for on-behalf-of enrollments)</p>
</div>
</li>
<li>
<span class='name'>attributes</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>enrollment request attributes (e.g. <code>CertificateTemplate</code>, <code>SAN</code>) to pass to the CA</p>
</div>
</li>
</ul>
<p class="tag_title">Yield Returns:</p>
<ul class="yieldreturn">
<li>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>the issued certificate, or <code>nil</code> to abort enrollment</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>OpenSSL::PKCS12</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>the PKCS#12 bundle containing the issued certificate and private key, or <code>nil</code> if the block returned <code>nil</code> or policy OID validation failed</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/cert_request.rb', line 120</span>
<span class='kw'>def</span> <span class='id identifier rubyid_with_adcs_certificate_request'>with_adcs_certificate_request</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='comma'>,</span> <span class='op'>&amp;</span><span class='id identifier rubyid_block'>block</span><span class='rparen'>)</span>
<span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span> <span class='id identifier rubyid_private_key'>private_key</span><span class='comma'>,</span> <span class='id identifier rubyid_attributes'>attributes</span> <span class='op'>=</span> <span class='id identifier rubyid_create_csr'>create_csr</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Submitting the certificate signing request to the target...</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_certificate'>certificate</span> <span class='op'>=</span> <span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='id identifier rubyid_certificate'>certificate</span>
<span class='id identifier rubyid_application_policies'>application_policies</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:add_cert_app_policy</span><span class='rparen'>)</span> <span class='kw'>do</span>
<span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ADD_CERT_APP_POLICY</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ADD_CERT_APP_POLICY</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>[;,]\s*|\s+</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_policy_oids'>policy_oids</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_policy_oids'>get_cert_policy_oids</span><span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_application_policies'>application_policies</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span> <span class='op'>&amp;&amp;</span> <span class='op'>!</span><span class='lparen'>(</span><span class='id identifier rubyid_application_policies'>application_policies</span> <span class='op'>-</span> <span class='id identifier rubyid_policy_oids'>policy_oids</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span><span class='lparen'>(</span><span class='op'>&amp;</span><span class='symbol'>:value</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Certificate application policy OIDs were submitted, but some are missing in the response. This indicates the target has received the patch for ESC15 (CVE-2024-49019) or the template is not vulnerable.</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_policy_oids'>policy_oids</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Certificate Policies:</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_policy_oids'>policy_oids</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_oid'>oid</span><span class='op'>|</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> * </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_oid'>oid</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='lparen'>(</span><span class='id identifier rubyid_oid'>oid</span><span class='period'>.</span><span class='id identifier rubyid_label'>label</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_oid'>oid</span><span class='period'>.</span><span class='id identifier rubyid_label'>label</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>&quot;</span></span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_dns'>dns</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_san_dns'>get_cert_san_dns</span><span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate DNS: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_dns'>dns</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>, </span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_email'>email</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_san_email'>get_cert_san_email</span><span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate Email: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_email'>email</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>, </span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_sid'>sid</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_msext_sid'>get_cert_msext_sid</span><span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate SID: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sid'>sid</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_upn'>upn</span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_msext_upn'>get_cert_msext_upn</span><span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate UPN: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_upn'>upn</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>, </span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span> <span class='op'>=</span> <span class='id identifier rubyid_get_cert_san_uri'>get_cert_san_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate URI: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>, </span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_private_key'>private_key</span><span class='comma'>,</span> <span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
<span class='id identifier rubyid_upn_username'>upn_username</span> <span class='op'>=</span> <span class='id identifier rubyid_upn_domain'>upn_domain</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_upn'>upn</span><span class='op'>&amp;.</span><span class='id identifier rubyid_first'>first</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span>
<span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_upn'>upn</span><span class='op'>&amp;.</span><span class='id identifier rubyid_first'>first</span><span class='embexpr_end'>}</span><span class='tstring_content'> Certificate</span><span class='tstring_end'>&quot;</span></span>
<span class='comment'># TODO: I was under the impression a single certificate can only have one UPN associated with it.
</span> <span class='comment'># But here, `upn` can be an array of UPN&#39;s. This will need to be sorted out.
</span> <span class='id identifier rubyid_upn_username'>upn_username</span><span class='comma'>,</span> <span class='id identifier rubyid_upn_domain'>upn_domain</span> <span class='op'>=</span> <span class='id identifier rubyid_upn'>upn</span><span class='op'>&amp;.</span><span class='id identifier rubyid_first'>first</span><span class='op'>&amp;.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>@</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:domain</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> Certificate</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_service'>service</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:service</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='comment'># Only log a credential if we have service data to associate with it
</span> <span class='id identifier rubyid_credential_data'>credential_data</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='label'>workspace_id:</span> <span class='id identifier rubyid_myworkspace_id'>myworkspace_id</span><span class='comma'>,</span>
<span class='label'>username:</span> <span class='id identifier rubyid_upn_username'>upn_username</span> <span class='op'>||</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>private_type:</span> <span class='symbol'>:pkcs12</span><span class='comma'>,</span>
<span class='label'>private_data:</span> <span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_encode64'>strict_encode64</span><span class='lparen'>(</span><span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='label'>private_metadata:</span> <span class='lbrace'>{</span>
<span class='label'>adcs_ca:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CA</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>adcs_template:</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:cert_template</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CERT_TEMPLATE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CERT_TEMPLATE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>realm_key:</span> <span class='const'><span class='object_link'><a href="../../../Metasploit.html" title="Metasploit (module)">Metasploit</a></span></span><span class='op'>::</span><span class='const'>Model</span><span class='op'>::</span><span class='const'>Realm</span><span class='op'>::</span><span class='const'>Key</span><span class='op'>::</span><span class='const'>ACTIVE_DIRECTORY_DOMAIN</span><span class='comma'>,</span>
<span class='label'>realm_value:</span> <span class='id identifier rubyid_upn_domain'>upn_domain</span> <span class='op'>||</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:domain</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>origin_type:</span> <span class='symbol'>:service</span><span class='comma'>,</span>
<span class='label'>service:</span> <span class='id identifier rubyid_service'>service</span><span class='comma'>,</span>
<span class='label'>module_fullname:</span> <span class='id identifier rubyid_fullname'>fullname</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_create_credential'>create_credential</span><span class='lparen'>(</span><span class='id identifier rubyid_credential_data'>credential_data</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_stored_path'>stored_path</span> <span class='op'>=</span> <span class='id identifier rubyid_store_loot'>store_loot</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>windows.ad.cs</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/x-pkcs12</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_rhost'>rhost</span><span class='comma'>,</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>certificate.pfx</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Certificate stored at: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_stored_path'>stored_path</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_pkcs12'>pkcs12</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:04 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink