Report Schema Version During Template Enumeration (feature request)

[e-nzym3]

Hello!

Submitting this request to see if it's possible for Certipy to also return the Schema Version of each template within the enumeration output. This would be extremely helpful when dealing with ESC3 exploit scenarios.

I know that PSPKIAudit is able to pull it down:

[!] Potentially vulnerable Certificate Templates:

CA                      : dc.theshire.local\theshire-DC-CA
Name                    : ESC1Template
SchemaVersion           : 2
OID                     : ESC1 Template (1.3.6.1.4.1.311.21.8.10395027.10224472.4213181.15714845.1171465.9.10657968.9897558)
VulnerableTemplateACL   : False
LowPrivCanEnroll        : True
EnrolleeSuppliesSubject : True
EnhancedKeyUsage        : Client Authentication (1.3.6.1.5.5.7.3.2)|Secure Email (1.3.6.1.5.5.7.3.4)|Encrypting File System (1.3.6.1.4.1.311.10.3.4)

I realize PSPKIAudit runs off PowerShell which may grant it additional visibility. Wondering if Certipy is able to do the same. If not, feel free to close the issue.

Thank you for all your contribution to the community!

[SAERXCIT]

Hi! You can check out PR#133 #133 which gets this information and uses it to compute all conditions for exploitation of ESC3.
Cheers