DetailedDraft

CAPEC-561Windows Admin Shares with Stolen Credentials

Abstraction
Detailed
Status
Draft

Description

An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain. Metadata: detailed CAPEC pattern, status draft. Underlying weaknesses: CWE-522, CWE-308, CWE-309, CWE-294, CWE-263 (and 2 more). Mapped ATT&CK technique: [object Object]. Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object] (and 1 more).

Related weaknesses· 7

CWE-522CWE-308CWE-309CWE-294CWE-263CWE-262CWE-521

MITRE ATT&CK crosswalk· 1

T1021.002: Remote Services:SMB/Windows Admin Shares

Related attack patterns· 5

CAPEC-653 (ChildOf)CAPEC-151 (CanPrecede)CAPEC-165 (CanPrecede)CAPEC-549 (CanPrecede)CAPEC-545 (CanPrecede)

Exploits7

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-522100%live
WeaknessAuthentication Bypass by Capture-replaycwe-294100%live
WeaknessUse of Single-factor Authenticationcwe-308100%live
WeaknessNot Using Password Agingcwe-262100%live
WeaknessWeak Password Requirementscwe-521100%live
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueSMB/Windows Admin Sharest1021.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Use of Known Operating System Credentials
CAPEC
Use of Known Domain Credentials
CAPEC
Remote Services with Stolen Credentials
CAPEC
Use of Known Kerberos Credentials
CAPEC
Use of Captured Hashes (Pass The Hash)
CAPEC
Credential Prompt Impersonation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.