automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit f766f49d6a5c · 2025-07-30T22:11:51.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -24116,19 +24116,21 @@
       "Spencer McIntyre",
       "jheysel-r7"
     ],
-    "description": "This module allows users to query a LDAP server for vulnerable certificate\n          templates and will print these certificates out in a table along with which\n          attack they are vulnerable to and the SIDs that can be used to enroll in that\n          certificate template.\n\n          Additionally the module will also print out a list of known certificate servers\n          along with info about which vulnerable certificate templates the certificate server\n          allows enrollment in and which SIDs are authorized to use that certificate server to\n          perform this enrollment operation.\n\n          Currently the module is capable of checking for certificates that are vulnerable to ESC1, ESC2, ESC3, ESC4,\n          ESC13, and ESC15. The module is limited to checking for these techniques due to them being identifiable\n          remotely from a normal user account by analyzing the objects in LDAP.",
+    "description": "This module allows users to query a LDAP server for vulnerable certificate\n          templates and will print these certificates out in a table along with which\n          attack they are vulnerable to and the SIDs that can be used to enroll in that\n          certificate template.\n\n          Additionally the module will also print out a list of known certificate servers\n          along with info about which vulnerable certificate templates the certificate server\n          allows enrollment in and which SIDs are authorized to use that certificate server to\n          perform this enrollment operation.\n\n          Currently the module is capable of checking for certificates that are vulnerable to ESC1, ESC2, ESC3, ESC4,\n          ESC13, and ESC15. The module is limited to checking for these techniques due to them being identifiable\n          remotely from a normal user account by analyzing the objects in LDAP.\n\n          The module can also check for ESC9, ESC10 and ESC16 but this requires an Administrative WinRM session to be\n          established to definitively check for these techniques.",
     "references": [
       "URL-https://posts.specterops.io/certified-pre-owned-d95910965cd2",
+      "URL-https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7",
       "URL-https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53",
-      "URL-https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc"
+      "URL-https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc",
+      "URL-https://github.com/ly4k/Certipy/wiki/06-%E2%80%90-Privilege-Escalation"
     ],
     "platform": "",
     "arch": "",
     "rport": 389,
     "autofilter_ports": [],
     "autofilter_services": [],
     "targets": null,
-    "mod_time": "2025-06-17 11:19:09 +0000",
+    "mod_time": "2025-07-30 12:13:33 +0000",
     "path": "/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb",
     "is_install_path": true,
     "ref_name": "gather/ldap_esc_vulnerable_cert_finder",
