Update module data to improve discoverability

Author: zeroSteiner

documentation/modules/auxiliary/admin/dcerpc/icpr_cert.md

@@ -3,6 +3,8 @@ Request certificates via MS-ICPR (Active Directory Certificate Services). Depend
 template's configuration the resulting certificate can be used for various operations such as authentication.
 PFX certificate files that are saved are encrypted with a blank password.
 
+This module is capable of exploiting ESC1, ESC2, ESC3 and ESC13.
+
 ## Module usage 
 
 1. From msfconsole

documentation/modules/auxiliary/admin/ldap/ad_cs_cert_template.md

@@ -1,9 +1,13 @@
-## RBCD Exploitation
+## AD CS Certificate Template Exploitation
 
 This module can read, write, update, and delete AD CS certificate templates from a Active Directory Domain Controller.
 
-The READ, UPDATE, and DELETE actions will write a copy of the certificate template to disk that can be restored using
-the CREATE or UPDATE actions.
+The READ, UPDATE, and DELETE actions will write a copy of the certificate template to disk that can be
+restored using the CREATE or UPDATE actions. The CREATE and UPDATE actions require a certificate template data
+file to be specified to define the attributes. Template data files are provided to create a template that is
+vulnerable to ESC1, ESC2, and ESC3.
+
+This module is capable of exploiting ESC4.
 
 In order for the `auxiliary/admin/ldap/ad_cs_cert_template` module to succeed, the authenticated user must have the 
 necessary permissions to perform the specified action on the target object (the certificate specified in

modules/auxiliary/admin/dcerpc/icpr_cert.rb

@@ -20,6 +20,8 @@ def initialize(info = {})
           Request certificates via MS-ICPR (Active Directory Certificate Services). Depending on the certificate
           template's configuration the resulting certificate can be used for various operations such as authentication.
           PFX certificate files that are saved are encrypted with a blank password.
+
+          This module is capable of exploiting ESC1, ESC2, ESC3 and ESC13.
         },
         'License' => MSF_LICENSE,
         'Author' => [

modules/auxiliary/admin/ldap/ad_cs_cert_template.rb

@@ -42,11 +42,15 @@ def initialize(info = {})
         info,
         'Name' => 'AD CS Certificate Template Management',
         'Description' => %q{
-          This module can read, write, update, and delete AD CS certificate templates from a Active Directory Domain
+          This module can create, read, update, and delete AD CS certificate templates from a Active Directory Domain
           Controller.
 
           The READ, UPDATE, and DELETE actions will write a copy of the certificate template to disk that can be
-          restored using the CREATE or UPDATE actions.
+          restored using the CREATE or UPDATE actions. The CREATE and UPDATE actions require a certificate template data
+          file to be specified to define the attributes. Template data files are provided to create a template that is
+          vulnerable to ESC1, ESC2, and ESC3.
+
+          This module is capable of exploiting ESC4.
         },
         'Author' => [
           'Will Schroeder', # original idea/research
@@ -69,7 +73,8 @@ def initialize(info = {})
         'Notes' => {
           'Stability' => [],
           'SideEffects' => [CONFIG_CHANGES],
-          'Reliability' => []
+          'Reliability' => [],
+          'AKA' => [ 'Certifry', 'Certipy' ]
         }
       )
     )

modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb

@@ -44,7 +44,8 @@ def initialize(info = {})
         'Notes' => {
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [IOC_IN_LOGS],
-          'Reliability' => []
+          'Reliability' => [],
+          'AKA' => [ 'Certifry', 'Certipy' ]
         }
       )
     )