Merge pull request #2326 from redcanaryco/T1548_001_add_find_cmds

Added two new tests to T1548.001
2023-02-21 21:55:54 -05:00
parent 167123c18d 2bb592e35b
commit 04d68c8f3e
1 changed files with 22 additions and 2 deletions
@@ -42,7 +42,7 @@ atomic_tests:
    command: |
      sudo touch #{file_to_setuid}
      sudo chown root #{file_to_setuid}
-      sudo chmod u+s #{file_to_setuid}
+      sudo chmod u+xs #{file_to_setuid}
    cleanup_command: |
      sudo rm #{file_to_setuid}
    name: sh
@@ -63,7 +63,7 @@ atomic_tests:
    command: |
      sudo touch #{file_to_setuid}
      sudo chown root #{file_to_setuid}
-      sudo chmod g+s #{file_to_setuid}
+      sudo chmod g+xs #{file_to_setuid}
    cleanup_command: |
      sudo rm #{file_to_setuid}
    name: sh
@@ -111,3 +111,23 @@ atomic_tests:
      rm #{file_to_setcap}
    name: sh
    elevation_required: true
+- name: Do reconnaissance for files that have the setuid bit set
+  auto_generated_guid: 8e36da01-cd29-45fd-be72-8a0fcaad4481
+  description: |
+    This test simulates a command that can be run to enumerate files that have the setuid bit set
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      find /usr/bin -perm -4000
+    name: sh
+- name: Do reconnaissance for files that have the setgid bit set
+  auto_generated_guid: 3fb46e17-f337-4c14-9f9a-a471946533e2
+  description: |
+    This test simulates a command that can be run to enumerate files that have the setgid bit set
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      find /usr/bin -perm -2000
+    name: sh