Merge pull request rapid7#19873 from adfoster-r7/remove-report-note-calls-from-vuln-cert-finder

smcintyre-r7 · web-flow · commit a9ab6668a475 · 2025-02-11T17:15:25.000-05:00
Remove report note calls from vuln cert finder
diff --git a/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb b/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb
@@ -543,21 +543,14 @@ def find_enrollable_vuln_certificate_templates
           ca_server_ip_address = get_ip_addresses_by_fqdn(ca_server_fqdn)&.first
 
           if ca_server_ip_address
-            service = report_service({
+            report_service({
               host: ca_server_ip_address,
               port: 445,
               proto: 'tcp',
               name: 'AD CS',
               info: "AD CS CA name: #{ca_server[:name][0]}"
             })
 
-            report_note({
-              data: ca_server[:dn][0].to_s,
-              service: service,
-              host: ca_server_ip_address,
-              ntype: 'windows.ad.cs.ca.dn'
-            })
-
             report_host({
               host: ca_server_ip_address,
               name: ca_server_fqdn
@@ -618,7 +611,7 @@ def print_vulnerable_cert_info
           info = hash[:notes].select { |note| note.start_with?(prefix) }.map { |note| note.delete_prefix(prefix).strip }.join("\n")
           info = nil if info.blank?
 
-          hash[:ca_servers].each do |ca_fqdn, ca_server|
+          hash[:ca_servers].each_value do |ca_server|
             service = report_service({
               host: ca_server[:ip_address],
               port: 445,
@@ -641,14 +634,6 @@ def print_vulnerable_cert_info
             else
               vuln = nil
             end
-
-            report_note({
-              data: hash[:dn],
-              service: service,
-              host: ca_fqdn.to_s,
-              ntype: 'windows.ad.cs.ca.template.dn',
-              vuln_id: vuln&.id
-            })
           end
         end
       end
