Fix a regression in the loop logic

rapid7 · Jan 31, 2025 · 0013db1 · 0013db1
1 parent f8dfaae
commit 0013db1
Showing 1 changed file with 38 additions and 36 deletions.
diff --git a/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb b/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb
@@ -608,46 +608,48 @@ def print_vulnerable_cert_info
     vuln_certificate_details.each do |key, hash|
       techniques = hash[:techniques].dup
       techniques.delete('ESC3_TEMPLATE_2') unless any_esc3t1 # don't report ESC3_TEMPLATE_2 if there are no instances of ESC3
-      next if techniques.empty? || !db
-
-      techniques.each do |vuln|
-        next if vuln == 'ESC3_TEMPLATE_2'
-
-        prefix = "#{vuln}:"
-        info = hash[:notes].select { |note| note.start_with?(prefix) }.map { |note| note.delete_prefix(prefix).strip }.join("\n")
-        info = nil if info.blank?
-
-        hash[:ca_servers].each do |ca_fqdn, ca_server|
-          service = report_service({
-            host: ca_server[:ip_address],
-            port: 445,
-            proto: 'tcp',
-            name: 'AD CS',
-            info: "AD CS CA name: #{ca_server[:name]}"
-          })
-
-          if ca_server[:ip_address].present?
-            vuln = report_vuln(
+      next if techniques.empty?
+
+      if db
+        techniques.each do |vuln|
+          next if vuln == 'ESC3_TEMPLATE_2'
+
+          prefix = "#{vuln}:"
+          info = hash[:notes].select { |note| note.start_with?(prefix) }.map { |note| note.delete_prefix(prefix).strip }.join("\n")
+          info = nil if info.blank?
+
+          hash[:ca_servers].each do |ca_fqdn, ca_server|
+            service = report_service({
               host: ca_server[:ip_address],
               port: 445,
               proto: 'tcp',
-              sname: 'AD CS',
-              name: "#{vuln} - #{key}",
-              info: info,
-              refs: REFERENCES[vuln],
-              service: service
-            )
-          else
-            vuln = nil
-          end
+              name: 'AD CS',
+              info: "AD CS CA name: #{ca_server[:name]}"
+            })
+
+            if ca_server[:ip_address].present?
+              vuln = report_vuln(
+                host: ca_server[:ip_address],
+                port: 445,
+                proto: 'tcp',
+                sname: 'AD CS',
+                name: "#{vuln} - #{key}",
+                info: info,
+                refs: REFERENCES[vuln],
+                service: service
+              )
+            else
+              vuln = nil
+            end
 
-          report_note({
-            data: hash[:dn],
-            service: service,
-            host: ca_fqdn.to_s,
-            ntype: 'windows.ad.cs.ca.template.dn',
-            vuln_id: vuln&.id
-          })
+            report_note({
+              data: hash[:dn],
+              service: service,
+              host: ca_fqdn.to_s,
+              ntype: 'windows.ad.cs.ca.template.dn',
+              vuln_id: vuln&.id
+            })
+          end
         end
       end