Minor doc update

jheysel-r7 · jheysel-r7 · commit de15d1e449da · 2025-07-30T15:08:14.000-07:00
diff --git a/docs/metasploit-framework.wiki/ad-certificates/Attacking-AD-CS-ESC-Vulnerabilities.md b/docs/metasploit-framework.wiki/ad-certificates/Attacking-AD-CS-ESC-Vulnerabilities.md
@@ -1115,7 +1115,6 @@ msf6 auxiliary(admin/dcerpc/esc_update_ldap_object) > run
 We can then use the `kerberos/get_ticket` module to gain a Kerberos ticket granting ticket (TGT) as the `Administrator`
 domain administrator. See the [Getting A Kerberos Ticket](#getting-a-kerberos-ticket) section for more information.
 
-
 ## ESC9 Scenario 2
 Pre-requisites:
 - `StrongCertificateBindingEnforcement` is set to `1` (if it's set to `0` exploitation will still work but technically you're exploiting ESC10 in that case)
@@ -1130,7 +1129,6 @@ We will be changing the `dNSHostName` of the machine account `Test1$` to `DC2.ke
 
 `CERT_TEMPLATE` will be set to `ESC9-Template-Dns` which is the same template as `ESC9-Template` but with the `SubjectAltRequireDNS` flag set instead of the `SubjectAltRequireUPN` flag.
 
-
 ```
 msf6 auxiliary(admin/dcerpc/esc_update_ldap_object) > set rhosts 172.16.199.200
 rhosts => 172.16.199.200
@@ -1319,7 +1317,6 @@ Active sessions
 
 ```
 
-
 # Exploiting ESC13
 To exploit ESC13, we need to target a certificate that has an issuance policy linked to a universal group in Active
 Directory. Unlike some of the other ESC techniques, successfully exploiting ESC13 isn't necessarily guaranteed to yield
diff --git a/documentation/modules/auxiliary/admin/dcerpc/esc_update_ldap_object.md b/documentation/modules/auxiliary/admin/dcerpc/esc_update_ldap_object.md
@@ -60,10 +60,10 @@ An alternate DNS hostname to set for the target user, e.g., `host.domain.local`.
 1. Set `TARGET_USERNAME` to the user you want to update and then request a certificate for
 1. Set the `UPDATE_LDAP_OBJECT` to either `userPrincipalName` or `dNSHostName` depending on the scenario you are exploiting
 1. Set the `UPDATE_LDAP_OBJECT_VALUE` to the value you want to set for the `UPDATE_LDAP_OBJECT`, e.g., `Administrator`
-2. Set `CA` to the name of the CA you want to request a certificate and `cert_template` to the name of the certificate template you want to use
+1. Set `CA` to the name of the CA you want to request a certificate and `cert_template` to the name of the certificate template you want to use
 1. Run the module
 1. This should update the LDAP object attribute and request a certificate for the target user, which will be saved as a .pfx file.
-2. If the target is vulnerable to the scenario you are exploiting, the pfx file will allow for privilege escalation.
+1. If the target is vulnerable to the scenario you are exploiting, the pfx file will allow for privilege escalation.
 
 ## Scenarios
 
