Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021

Add T1021 "Remote Services" MITRE technique and sub-technique references

Author: bwatters-r7

modules/auxiliary/admin/smb/change_password.rb

@@ -26,6 +26,7 @@ def initialize(info = {})
         ],
         'References' => [
           ['URL', 'https://github.com/fortra/impacket/blob/master/examples/changepasswd.py'],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],

modules/auxiliary/admin/smb/check_dir_file.rb

@@ -31,6 +31,7 @@ def initialize
         'j0hn__f'
       ],
       'References' => [
+        [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
       ],
       'License' => MSF_LICENSE,
       'Notes' => {

modules/auxiliary/admin/smb/delete_file.rb

@@ -30,6 +30,9 @@ def initialize
         'mubix' # copied from hdm upload_file module
       ],
       'License' => MSF_LICENSE,
+      'References' => [
+        [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
+      ],
       'Notes' => {
         'Stability' => [OS_RESOURCE_LOSS],
         'SideEffects' => [],

modules/auxiliary/admin/smb/download_file.rb

@@ -29,7 +29,10 @@ def initialize
         'Stability' => [CRASH_SAFE],
         'SideEffects' => [],
         'Reliability' => []
-      }
+      },
+      'References' => [
+        [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
+      ]
     )
 
     register_options([

modules/auxiliary/admin/smb/list_directory.rb

@@ -27,6 +27,7 @@ def initialize
         'hdm'
       ],
       'References' => [
+        [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
       ],
       'License' => MSF_LICENSE,
       'Notes' => {

modules/auxiliary/admin/smb/ms17_010_command.rb

@@ -41,6 +41,7 @@ def initialize(info = {})
           [ 'URL', 'https://github.com/worawit/MS17-010' ],
           [ 'URL', 'https://hitcon.org/2017/CMT/slide-files/d2_s2_r0.pdf' ],
           [ 'URL', 'https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/' ],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ],
         ],
         'DisclosureDate' => '2017-03-14',
         'Notes' => {

modules/auxiliary/admin/smb/psexec_ntdsgrab.rb

@@ -35,7 +35,8 @@ def initialize(info = {})
         'References' => [
           [ 'URL', 'http://sourceforge.net/projects/smbexec' ],
           [ 'URL', 'https://www.optiv.com/blog/owning-computers-without-shell-access' ],
-          [ 'ATT&CK', Mitre::Attack::Technique::T1003_003_NTDS ]
+          [ 'ATT&CK', Mitre::Attack::Technique::T1003_003_NTDS ],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],

modules/auxiliary/admin/smb/samba_symlink_traversal.rb

@@ -29,7 +29,8 @@ def initialize
       'References' => [
         ['CVE', '2010-0926'],
         ['OSVDB', '62145'],
-        ['URL', 'http://www.samba.org/samba/news/symlink_attack.html']
+        ['URL', 'http://www.samba.org/samba/news/symlink_attack.html'],
+        ['ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES]
       ],
       'License' => MSF_LICENSE,
       'Notes' => {

modules/auxiliary/admin/smb/upload_file.rb

@@ -26,6 +26,7 @@ def initialize
         'hdm' # metasploit module
       ],
       'References' => [
+        [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
       ],
       'License' => MSF_LICENSE,
       'Notes' => {

modules/auxiliary/admin/smb/webexec_command.rb

@@ -30,7 +30,8 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'References' => [
           ['URL', 'https://webexec.org'],
-          ['CVE', '2018-15442']
+          ['CVE', '2018-15442'],
+          ['ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES]
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],