Code review

modules/auxiliary/admin/smb/change_password.rb

@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
         ],
         'References' => [
           ['URL', 'https://github.com/fortra/impacket/blob/master/examples/changepasswd.py'],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],

modules/auxiliary/admin/smb/delete_file.rb

@@ -30,6 +30,9 @@ class MetasploitModule < Msf::Auxiliary
         'mubix' # copied from hdm upload_file module
       ],
       'License' => MSF_LICENSE,
+      'References' => [
+        [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
+      ],
       'Notes' => {
         'Stability' => [OS_RESOURCE_LOSS],
         'SideEffects' => [],

modules/auxiliary/admin/smb/psexec_ntdsgrab.rb

@@ -35,7 +35,8 @@ class MetasploitModule < Msf::Auxiliary
         'References' => [
           [ 'URL', 'http://sourceforge.net/projects/smbexec' ],
           [ 'URL', 'https://www.optiv.com/blog/owning-computers-without-shell-access' ],
-          [ 'ATT&CK', Mitre::Attack::Technique::T1003_003_NTDS ]
+          [ 'ATT&CK', Mitre::Attack::Technique::T1003_003_NTDS ],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],

modules/exploits/linux/misc/igel_command_injection.rb

@@ -36,6 +36,7 @@ class MetasploitModule < Msf::Exploit::Remote
           [ 'CVE', '2025-34082' ],
           [ 'URL', 'https://kb.igel.com/securitysafety/en/isn-2021-01-igel-os-remote-command-execution-vulnerability-41449239.html' ],
           [ 'URL', 'https://www.igel.com/wp-content/uploads/2021/02/lxos_11.04.270.txt' ],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ], # Telnet service
           [ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ]
         ],
         'Platform' => ['linux'],

modules/exploits/multi/http/tomcat_mgr_upload.rb

@@ -62,7 +62,8 @@ class MetasploitModule < Msf::Exploit::Remote
           ['BID', '36954'],
 
           # tomcat docs
-          ['URL', 'http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html']
+          ['URL', 'http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html'],
+          ['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES],
         ],
         'Platform' => %w{java linux win}, # others?
         'Targets' => [

modules/post/osx/gather/vnc_password_osx.rb

@@ -23,10 +23,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ]
-        ]
+        }
       )
     )
   end

modules/post/windows/gather/credentials/mremote.rb

@@ -33,12 +33,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL ],
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ],
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
-        ]
+        }
       )
     )
   end

modules/post/windows/gather/credentials/rdc_manager_creds.rb

@@ -51,10 +51,7 @@ class MetasploitModule < Msf::Post
               stdapi_sys_process_memory_write
             ]
           }
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
-        ]
+        }
       )
     )
   end

modules/post/windows/manage/enable_rdp.rb

@@ -28,10 +28,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [CONFIG_CHANGES],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL ]
-        ]
+        }
       )
     )
 

modules/post/windows/manage/install_ssh.rb

@@ -24,8 +24,7 @@ class MetasploitModule < Msf::Post
         'SessionTypes' => [ 'meterpreter', 'shell' ],
         'References'	=> [
           ['URL', 'https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview'],
-          ['URL', 'https://github.com/PowerShell/openssh-portable'],
-          ['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
+          ['URL', 'https://github.com/PowerShell/openssh-portable']
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],

modules/post/windows/manage/sshkey_persistence.rb

@@ -38,10 +38,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [ARTIFACTS_ON_DISK],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
-        ]
+        }
       )
     )