automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 53c3396821d4 · 2025-07-30T22:45:10.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -823,6 +823,69 @@
       }
     ]
   },
+  "auxiliary_admin/dcerpc/esc_update_ldap_object": {
+    "name": "Exploits AD CS Template misconfigurations which involve updating an LDAP object: ESC9, ESC10, and ESC16",
+    "fullname": "auxiliary/admin/dcerpc/esc_update_ldap_object",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Will Schroeder",
+      "Lee Christensen",
+      "Oliver Lyak",
+      "Spencer McIntyre",
+      "jheysel-r7"
+    ],
+    "description": "This module exploits Active Directory Certificate Services (AD CS) template misconfigurations, specifically\n          ESC9, ESC10, and ESC16, by updating an LDAP object and requesting a certificate on behalf of a target user.\n          The module leverages the auxiliary/admin/ldap/ldap_object_attribute module to update the LDAP object and the\n          admin/ldap/shadow_credentials module to add shadow credentials for the target user. It then uses the\n          admin/kerberos/get_ticket module to retrieve the NTLM hash of the target user and requests a certificate via\n          MS-ICPR. The resulting certificate can be used for various operations, such as authentication.\n\n          The module ensures that any changes made by the ldap_object_attribute or shadow_credentials module are\n          reverted after execution to maintain system integrity.",
+    "references": [
+      "URL-https://github.com/GhostPack/Certify",
+      "URL-https://github.com/ly4k/Certipy",
+      "URL-https://medium.com/@offsecdeer/adcs-exploitation-series-part-2-certificate-mapping-esc15-6e19a6037760",
+      "URL-https://www.thehacker.recipes/ad/movement/adcs/certificate-templates#esc16-a-compatibility-mode"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 445,
+    "autofilter_ports": [
+      139,
+      445
+    ],
+    "autofilter_services": [
+      "netbios-ssn",
+      "microsoft-ds"
+    ],
+    "targets": null,
+    "mod_time": "2025-07-30 15:28:56 +0000",
+    "path": "/modules/auxiliary/admin/dcerpc/esc_update_ldap_object.rb",
+    "is_install_path": true,
+    "ref_name": "admin/dcerpc/esc_update_ldap_object",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Reliability": [],
+      "Stability": [],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "AKA": [
+        "ESC9",
+        "ESC10",
+        "ESC16"
+      ]
+    },
+    "session_types": [
+      "smb"
+    ],
+    "needs_cleanup": false,
+    "actions": [
+      {
+        "name": "REQUEST_CERT",
+        "description": "Request a certificate"
+      }
+    ]
+  },
   "auxiliary_admin/dcerpc/icpr_cert": {
     "name": "ICPR Certificate Management",
     "fullname": "auxiliary/admin/dcerpc/icpr_cert",
@@ -6970,6 +7033,64 @@
       }
     ]
   },
+  "auxiliary_admin/ldap/ldap_object_attribute": {
+    "name": "LDAP Update Object",
+    "fullname": "auxiliary/admin/ldap/ldap_object_attribute",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "jheysel"
+    ],
+    "description": "This module allows creating, reading, updating and deleting attributes of LDAP objects.\n          Users can specify the object and must specify a corresponding attribute.",
+    "references": [],
+    "platform": "",
+    "arch": "",
+    "rport": 389,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": null,
+    "mod_time": "2025-05-13 09:23:28 +0000",
+    "path": "/modules/auxiliary/admin/ldap/ldap_object_attribute.rb",
+    "is_install_path": true,
+    "ref_name": "admin/ldap/ldap_object_attribute",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [],
+      "SideEffects": [
+        "ioc-in-logs",
+        "config-changes"
+      ]
+    },
+    "session_types": [
+      "ldap"
+    ],
+    "needs_cleanup": false,
+    "actions": [
+      {
+        "name": "CREATE",
+        "description": "Create an LDAP object"
+      },
+      {
+        "name": "DELETE",
+        "description": "Delete the LDAP object"
+      },
+      {
+        "name": "READ",
+        "description": "Read the the LDAP object"
+      },
+      {
+        "name": "UPDATE",
+        "description": "Modify the LDAP object"
+      }
+    ]
+  },
   "auxiliary_admin/ldap/rbcd": {
     "name": "Role Base Constrained Delegation",
     "fullname": "auxiliary/admin/ldap/rbcd",
@@ -7053,7 +7174,7 @@
     "autofilter_ports": [],
     "autofilter_services": [],
     "targets": null,
-    "mod_time": "2025-06-23 18:39:19 +0000",
+    "mod_time": "2025-05-13 09:23:28 +0000",
     "path": "/modules/auxiliary/admin/ldap/shadow_credentials.rb",
     "is_install_path": true,
     "ref_name": "admin/ldap/shadow_credentials",
