Parse and display the flags field

zeroSteiner · Feb 3, 2025 · 0caaa5d · 0caaa5d
1 parent 4aedaaa
commit 0caaa5d
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 3 deletions.
diff --git a/lib/rex/proto/ms_crtd.rb b/lib/rex/proto/ms_crtd.rb
@@ -5,13 +5,26 @@ module Rex::Proto
   module MsCrtd
     # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/4c6950e4-1dc2-4ae3-98c3-b8919bb73822
 
+    # [2.4 flags Attribute](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/6cc7eb79-3e84-477a-b398-b0ff2b68a6c0)
+    CT_FLAG_AUTO_ENROLLMENT = 0x00000020
+    CT_FLAG_MACHINE_TYPE = 0x00000040
+    CT_FLAG_IS_CA = 0x00000080
+    CT_FLAG_ADD_TEMPLATE_NAME = 0x00000200
+    CT_FLAG_IS_CROSS_CA = 0x00000800
+    CT_FLAG_IS_DEFAULT = 0x00010000
+    CT_FLAG_IS_MODIFIED = 0x00020000
+    CT_FLAG_DONOTPERSISTINDB = 0x00001000
+    CT_FLAG_ADD_EMAIL = 0x00000002
+    CT_FLAG_PUBLISH_TO_DS = 0x00000008
+    CT_FLAG_EXPORTABLE_KEY = 0x00000010
+
     # [2.26 msPKI-Enrollment-Flag Attribute](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/ec71fd43-61c2-407b-83c9-b52272dec8a1)
     CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS = 0x00000001
     CT_FLAG_PEND_ALL_REQUESTS = 0x00000002
     CT_FLAG_PUBLISH_TO_KRA_CONTAINER = 0x00000004
-    CT_FLAG_PUBLISH_TO_DS = 0x00000008
+    #CT_FLAG_PUBLISH_TO_DS = 0x00000008
     CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE = 0x00000010
-    CT_FLAG_AUTO_ENROLLMENT = 0x00000020
+    #CT_FLAG_AUTO_ENROLLMENT = 0x00000020
     CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT = 0x00000040
     CT_FLAG_USER_INTERACTION_REQUIRED = 0x00000100
     CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE = 0x00000400
@@ -26,7 +39,7 @@ module MsCrtd
 
     # [2.27 msPKI-Private-Key-Flag Attribute](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/f6122d87-b999-4b92-bff8-f465e8949667)
     CT_FLAG_REQUIRE_PRIVATE_KEY_ARCHIVAL = 0x00000001
-    CT_FLAG_EXPORTABLE_KEY = 0x00000010
+    #CT_FLAG_EXPORTABLE_KEY = 0x00000010
     CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED = 0x00000020
     CT_FLAG_REQUIRE_ALTERNATE_SIGNATURE_ALGORITHM = 0x00000040
     CT_FLAG_REQUIRE_SAME_KEY_RENEWAL = 0x00000080

diff --git a/modules/auxiliary/admin/ldap/ad_cs_cert_template.rb b/modules/auxiliary/admin/ldap/ad_cs_cert_template.rb
@@ -346,6 +346,29 @@ def action_read
       print_status("  objectGUID:        #{object_guid}")
     end
 
+    pki_flag = obj['flags']&.first
+    if pki_flag.present?
+      pki_flag = [obj['flags'].first.to_i].pack('l').unpack1('L')
+      print_status("  flags: 0x#{pki_flag.to_s(16).rjust(8, '0')}")
+      %w[
+        CT_FLAG_AUTO_ENROLLMENT
+        CT_FLAG_MACHINE_TYPE
+        CT_FLAG_IS_CA
+        CT_FLAG_ADD_TEMPLATE_NAME
+        CT_FLAG_IS_CROSS_CA
+        CT_FLAG_IS_DEFAULT
+        CT_FLAG_IS_MODIFIED
+        CT_FLAG_DONOTPERSISTINDB
+        CT_FLAG_ADD_EMAIL
+        CT_FLAG_PUBLISH_TO_DS
+        CT_FLAG_EXPORTABLE_KEY
+      ].each do |flag_name|
+        if pki_flag & Rex::Proto::MsCrtd.const_get(flag_name) != 0
+          print_status("     * #{flag_name}")
+        end
+      end
+    end
+
     pki_flag = obj['mspki-certificate-name-flag']&.first
     if pki_flag.present?
       pki_flag = [obj['mspki-certificate-name-flag'].first.to_i].pack('l').unpack1('L')
@@ -481,6 +504,10 @@ def action_read
       print_status("  pKIMaxIssuingDepth: #{obj['pkimaxissuingdepth'].first.to_i}")
     end
 
+    if obj['showinadvancedviewonly'].present?
+      print_status("  showInAdvancedViewOnly: #{obj['showinadvancedviewonly'].first}")
+    end
+
     { object: obj, file: stored }
   end