adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #20937 from rudraditya21/attack-relay-sccm

Browse Source 
Add MITRE ATT&CK mappings for relay and SCCM credential modules
This commit is contained in:
Spencer McIntyre
2026-02-09 11:50:44 -05:00
committed by GitHub
parent 8af6bae699 4c1a25198b
commit c3e9652ccb
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/auxiliary/admin/sccm/get_naa_credentials.rb
+2 -1
View File
@@ -25,7 +25,8 @@ class MetasploitModule < Msf::Auxiliary
['URL', 'https://blog.xpnsec.com/unobfuscating-network-access-accounts/'],
['URL', 'https://github.com/subat0mik/Misconfiguration-Manager/blob/main/attack-techniques/CRED/CRED-2/cred-2_description.md'],
['URL', 'https://github.com/Mayyhem/SharpSCCM'],
['URL', 'https://github.com/garrettfoster13/sccmhunter']
['URL', 'https://github.com/garrettfoster13/sccmhunter'],
['ATT&CK', Mitre::Attack::Technique::T1552_001_CREDENTIALS_IN_FILES]
],
'License' => MSF_LICENSE,
'Notes' => {
modules/auxiliary/server/relay/esc8.rb
+4
View File
@@ -21,6 +21,10 @@ class MetasploitModule < Msf::Auxiliary
'jhicks-r7', # query for available certs
'Spencer McIntyre'
],
'References' => [
['ATT&CK', Mitre::Attack::Technique::T1557_ADVERSARY_IN_THE_MIDDLE],
['ATT&CK', Mitre::Attack::Technique::T1649_STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES]
],
'License' => MSF_LICENSE,
'Actions' => [[ 'Relay', { 'Description' => 'Run SMB ESC8 relay server' } ]],
'PassiveActions' => [ 'Relay' ],
modules/auxiliary/server/relay/relay_get_naa_credentials.rb
+3 -1
View File
@@ -30,7 +30,9 @@ class MetasploitModule < Msf::Auxiliary
['URL', 'https://blog.xpnsec.com/unobfuscating-network-access-accounts/'],
['URL', 'https://github.com/subat0mik/Misconfiguration-Manager/blob/main/attack-techniques/CRED/CRED-2/cred-2_description.md'],
['URL', 'https://github.com/Mayyhem/SharpSCCM'],
['URL', 'https://github.com/garrettfoster13/sccmhunter']
['URL', 'https://github.com/garrettfoster13/sccmhunter'],
['ATT&CK', Mitre::Attack::Technique::T1557_ADVERSARY_IN_THE_MIDDLE],
['ATT&CK', Mitre::Attack::Technique::T1552_001_CREDENTIALS_IN_FILES]
],
'DefaultOptions' => {
'RPORT' => 80