Add mspki-certificate-application-policy output and fix comment

[daem0nc0re]

Hi.

I investigated ESC4 senario in "Certified Pre-Owned: Abusing Active Directory Certificate Services". Through investigation, I noticed that mspki-certificate-application-policy attribute is important part of ACL abusing, but Certify does not output mspki-certificate-application-policy attribute in its result. So I added code for displaying mspki-certificate-application-policy attribute.

My investigation is available at the following url:

https://github.com/daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates

Additionally, I noticed that the GUID for Certificate-AutoEnrollment in comment is wrong, and fixed it.

[leechristensen]

Thanks for the PR! And thank you for the fantastic writeup! Very good work!

[atanurelmasoglu]

Hi , Thank you all, both for the fantastic writeup and fantastic tool! Regarding to the blog post, I have a quick question. I think, If "mspki-certificate-application-policy" takes precedence over both "pkiextendedkeyusage" and "mspki-ra-application-policies" attributes, using "mspki-certificate-application-policy" for OIDs while controlling both "hasAuthenticationEku" and "hasDangerousEku" on the Certify will be more precise. Please correct me If I am wrong. Keep it up !