Hare Sudhan
130 lines
3.5 KiB
YAML
130 lines
3.5 KiB
YAML
---
|
|
attack_technique: T1548.003
|
|
display_name: "Abuse Elevation Control Mechanism: Sudo and Sudo Caching"
|
|
|
|
atomic_tests:
|
|
- name: Sudo usage
|
|
auto_generated_guid: 150c3a08-ee6e-48a6-aeaf-3659d24ceb4e
|
|
description: |
|
|
Common Sudo enumeration methods.
|
|
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
|
|
executor:
|
|
name: sh
|
|
elevation_required: true
|
|
command: |
|
|
sudo -l
|
|
sudo cat /etc/sudoers
|
|
sudo vim /etc/sudoers
|
|
|
|
- name: Sudo usage (freebsd)
|
|
auto_generated_guid: 2bf9a018-4664-438a-b435-cc6f8c6f71b1
|
|
description: |
|
|
Common Sudo enumeration methods.
|
|
|
|
supported_platforms:
|
|
- linux
|
|
|
|
dependency_executor_name: sh
|
|
dependencies:
|
|
- description: |
|
|
Check if sudo is installed.
|
|
prereq_command: |
|
|
if [ ! -x "$(command -v sudo)" ]; then exit 1; else exit 0; fi;
|
|
get_prereq_command: |
|
|
(which pkg && pkg install -y sudo)
|
|
|
|
executor:
|
|
name: sh
|
|
elevation_required: true
|
|
command: |
|
|
sudo -l
|
|
sudo cat /usr/local/etc/sudoers
|
|
sudo ee /usr/local/etc/sudoers
|
|
|
|
|
|
- name: Unlimited sudo cache timeout
|
|
auto_generated_guid: a7b17659-dd5e-46f7-b7d1-e6792c91d0bc
|
|
description: |
|
|
Sets sudo caching timestamp_timeout to a value for unlimited. This is dangerous to modify without using 'visudo', do not do this on a production system.
|
|
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
|
|
executor:
|
|
name: sh
|
|
elevation_required: true
|
|
command: |
|
|
sudo sed -i 's/env_reset.*$/env_reset,timestamp_timeout=-1/' /etc/sudoers
|
|
sudo visudo -c -f /etc/sudoers
|
|
|
|
- name: Unlimited sudo cache timeout (freebsd)
|
|
auto_generated_guid: a83ad6e8-6f24-4d7f-8f44-75f8ab742991
|
|
description: |
|
|
Sets sudo caching timestamp_timeout to a value for unlimited. This is dangerous to modify without using 'visudo', do not do this on a production system.
|
|
|
|
supported_platforms:
|
|
- linux
|
|
|
|
dependency_executor_name: sh
|
|
dependencies:
|
|
- description: |
|
|
Check if sudo is installed.
|
|
prereq_command: |
|
|
if [ ! -x "$(command -v sudo)" ]; then exit 1; else exit 0; fi;
|
|
get_prereq_command: |
|
|
(which pkg && pkg install -y sudo)
|
|
|
|
executor:
|
|
name: sh
|
|
elevation_required: true
|
|
command: |
|
|
sudo sed -i 's/env_reset.*$/env_reset,timestamp_timeout=-1/' /usr/local/etc/sudoers
|
|
sudo visudo -c -f /usr/local/etc/sudoers
|
|
|
|
|
|
- name: Disable tty_tickets for sudo caching
|
|
auto_generated_guid: 91a60b03-fb75-4d24-a42e-2eb8956e8de1
|
|
description: |
|
|
Sets sudo caching tty_tickets value to disabled. This is dangerous to modify without using 'visudo', do not do this on a production system.
|
|
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
|
|
executor:
|
|
name: sh
|
|
elevation_required: true
|
|
command: |
|
|
sudo sh -c "echo Defaults "'!'"tty_tickets >> /etc/sudoers"
|
|
sudo visudo -c -f /etc/sudoers
|
|
|
|
- name: Disable tty_tickets for sudo caching (freebsd)
|
|
auto_generated_guid: 4df6a0fe-2bdd-4be8-8618-a6a19654a57a
|
|
description: |
|
|
Sets sudo caching tty_tickets value to disabled. This is dangerous to modify without using 'visudo', do not do this on a production system.
|
|
|
|
supported_platforms:
|
|
- linux
|
|
|
|
dependency_executor_name: sh
|
|
dependencies:
|
|
- description: |
|
|
Check if sudo is installed.
|
|
prereq_command: |
|
|
if [ ! -x "$(command -v sudo)" ]; then exit 1; else exit 0; fi;
|
|
get_prereq_command: |
|
|
(which pkg && pkg install -y sudo)
|
|
|
|
executor:
|
|
name: sh
|
|
elevation_required: true
|
|
command: |
|
|
sudo sh -c "echo Defaults "'!'"tty_tickets >> /usr/local/etc/sudoers"
|
|
sudo visudo -c -f /usr/local/etc/sudoers
|
|
|