Metasploit Wrap-Up 04/10/2026

Speedup Improvements of MSFVenom & New Modules This week, we have added new modules to Metasploit Framework targeting Cisco Catalyst SD-WAN controllers and osTicket as well as updates and improvements to Windows service-for-user persistence, and LDAP/ADCS-related modules to automatically report...

AD/CS Authenticated Web Enrollment Services Module

Authenticates to the AD/CS Web enrollment service and allows the user to query templates and create certificates based on available templates. Module Options msf use auxiliary/admin/http/webenrollmentcert msf auxiliarywebenrollmentcert show actions ...actions... msf auxiliarywebenrollmentcert set...

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain

A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System DFS: Namespace Management Protocol MS-DFSNM to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service...

KLA12248 Microsoft Advisory (ESU) for Active Directory Certificate Services

Microsoft is aware of PetitPotam which can potentially be used in an attack on Windows domain controllers or other Microsoft Products Extended Security Update.To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authenticati...

CVE-2011-1264

Cross-site scripting XSS vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory...

Microsoft Certificate Services crossite scripting

Crossite scripting in Active Directory Certificate Services Web Enrollment...

Active Directory Certificate Services Web Enrollment Anonymous Access

The remote web server is running the Microsoft Certificate Services. However, the service is misconfigured in such a way that anonymous users can log into the service to request certificates, thus breaking the chain of trust. C Tenable Network Security, Inc. include"compat.inc"; if description...

MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) (uncredentialed check)

Active Directory Certificate Services Web Enrollment is installed on the remote host. The remote version of this software is vulnerable to a cross-site scripting vulnerability that could allow an attacker to inject a client-side script into the user's web browser instance. %NASLMINLEVEL 70300 C...

Microsoft Active Directory Certificate Services Web Enrollment Cross-Site Scripting Vulnerability

Description Microsoft Active Directory Certificate Services are prone to a cross-site scripting vulnerability because the Web Enrollment component fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...