Merge pull request rapid7#19808 from jheysel-r7/fix_ms_icpr_esc15_patch

Fix icpr_cert to print an error when ESC15 is patched

Author: smcintyre-r7

lib/msf/core/exploit/remote/ms_icpr.rb

@@ -6,6 +6,7 @@
 # -*- coding: binary -*-
 
 require 'windows_error'
+require 'windows_error/h_result'
 require 'rex/proto/x509/request'
 
 module Msf
@@ -195,6 +196,19 @@ def do_request_cert(icpr, opts)
 
     return unless response[:certificate]
 
+    policy_oids = get_cert_policy_oids(response[:certificate])
+    if application_policies.present? && !(application_policies - policy_oids.map(&:value)).empty?
+      print_error('Certificate application policy OIDs were submitted, but some are missing in the response. This indicates the target has received the patch for ESC15 (CVE-2024-49019) or the template is not vulnerable.')
+      return
+    end
+
+    if policy_oids
+      print_status('Certificate Policies:')
+      policy_oids.each do |oid|
+        print_status("  * #{oid.value}" + (oid.label.present? ? " (#{oid.label})" : ''))
+      end
+    end
+
     unless (dns = get_cert_san_dns(response[:certificate])).empty?
       print_status("Certificate DNS: #{dns.join(', ')}")
     end
@@ -211,13 +225,6 @@ def do_request_cert(icpr, opts)
       print_status("Certificate UPN: #{upn.join(', ')}")
     end
 
-    unless (policy_oids = get_cert_policy_oids(response[:certificate])).empty?
-      print_status("Certificate Policies:")
-      policy_oids.each do |oid|
-        print_status("  * #{oid.value}" + (oid.label.present? ? " (#{oid.label})" : ''))
-      end
-    end
-
     pkcs12 = OpenSSL::PKCS12.create('', '', private_key, response[:certificate])
     # see: https://pki-tutorial.readthedocs.io/en/latest/mime.html#mime-types
     info = "#{simple.client.default_domain}\\#{datastore['SMBUser']} Certificate"