Attempts to identify ESC8 from an unauthenticated perspective via rpc functions. Once web enrollment has been identified, relay using responder/mitm6 ntlmrelayx/certipy.
Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.