Certification Authority Web Enrollment (ADCS) - Detection
ID: adcs-certificate
Severity: info
Author: pastaga,defte
Tags: ad,adcs,exposure,files
Description
Section titled “Description”Web Enrollment is a service that can be installed on an AD CS server to allow users and computers in an Active Directory domain to request a certificate through an interactive web page.
YAML Source
Section titled “YAML Source”id: adcs-certificate
info: name: Certification Authority Web Enrollment (ADCS) - Detection author: pastaga,defte severity: info description: | Web Enrollment is a service that can be installed on an AD CS server to allow users and computers in an Active Directory domain to request a certificate through an interactive web page. metadata: verified: true shodan-query: html:"/certenroll" tags: ad,adcs,exposure,files
http: - method: GET path: - "{{BaseURL}}/certenroll/" - "{{BaseURL}}/CertEnroll/"
host-redirects: true matchers: - type: dsl dsl: - contains(body, ".crl") || contains(body, ".crt") - contains(body, "CertEnroll") || contains(body, "certenroll") - status_code == 200 condition: and# digest: 4b0a00483046022100834fe22a0cf908f657153bd2278bd1bb581fdb119537ad127e62ec7591c9c4f2022100ae681d05bbfec5621702a57f4bc67cd29afb9878d01c68c2b573086f3b0c6ea6:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposures/files/adcs-certificate.yaml"