Generate docs from job=validate_atomics_generate_docs branch=master

atomics/T1166/T1166.md

@@ -6,7 +6,7 @@ An adversary can take advantage of this to either do a shell escape or exploit a
 
 ## Atomic Tests
 
-- [Atomic Test #1 - Setuid and Setgid](#atomic-test-1---setuid-and-setgid)
+- [Atomic Test #1 - Make and modify binary from C source](#atomic-test-1---make-and-modify-binary-from-c-source)
 
 - [Atomic Test #2 - Set a SetUID flag on file](#atomic-test-2---set-a-setuid-flag-on-file)
 
@@ -15,8 +15,8 @@ An adversary can take advantage of this to either do a shell escape or exploit a
 
 <br/>
 
-## Atomic Test #1 - Setuid and Setgid
-Setuid and Setgid
+## Atomic Test #1 - Make and modify binary from C source
+Make, change owner, and change file attributes on a C source code file
 
 **Supported Platforms:** macOS, Linux
 
@@ -24,17 +24,25 @@ Setuid and Setgid
 #### Inputs:
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| payload | hello.c payload | path | hello.c|
-
-#### Run it with these steps! 1. make hello
-
-2. sudo chown root hello
-
-3. sudo chmod u+s hello
-
-4. ./hello
+| payload | hello.c payload | path | PathToAtomicsFolder/T1166/src/hello.c|
 
 
+#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
+```
+copy #{payload} /tmp/hello.c
+cd /tmp
+sudo chown root hello.c
+sudo make hello
+sudo chown root hello
+sudo chmod u+s hello
+./hello
+```
+
+#### Cleanup Commands:
+```
+sudo rm ./hello
+sudo rm /tmp/hello.c
+```
 
 
 
@@ -55,12 +63,17 @@ This test sets the SetUID flag on a file in Linux and macOS.
 | file_to_setuid | Path of file to set SetUID flag | path | /tmp/evilBinary|
 
 
-#### Attack Commands: Run with `sh`! 
+#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
 ```
+sudo touch #{file_to_setuid}
 sudo chown root #{file_to_setuid}
 sudo chmod u+s #{file_to_setuid}
 ```
 
+#### Cleanup Commands:
+```
+sudo rm #{file_to_setuid}
+```
 
 
 
@@ -81,12 +94,17 @@ This test sets the SetGID flag on a file in Linux and macOS.
 | file_to_setuid | Path of file to set SetGID flag | path | /tmp/evilBinary|
 
 
-#### Attack Commands: Run with `sh`! 
+#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
 ```
+sudo touch #{file_to_setuid}
 sudo chown root #{file_to_setuid}
 sudo chmod g+s #{file_to_setuid}
 ```
 
+#### Cleanup Commands:
+```
+sudo rm #{file_to_setuid}
+```
 
 
 

atomics/index.md

@@ -127,7 +127,7 @@
 - [T1058 Service Registry Permissions Weakness](./T1058/T1058.md)
   - Atomic Test #1: Service Registry Permissions Weakness [windows]
 - [T1166 Setuid and Setgid](./T1166/T1166.md)
-  - Atomic Test #1: Setuid and Setgid [macos, linux]
+  - Atomic Test #1: Make and modify binary from C source [macos, linux]
   - Atomic Test #2: Set a SetUID flag on file [macos, linux]
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
 - [T1023 Shortcut Modification](./T1023/T1023.md)
@@ -480,7 +480,7 @@
 - [T1058 Service Registry Permissions Weakness](./T1058/T1058.md)
   - Atomic Test #1: Service Registry Permissions Weakness [windows]
 - [T1166 Setuid and Setgid](./T1166/T1166.md)
-  - Atomic Test #1: Setuid and Setgid [macos, linux]
+  - Atomic Test #1: Make and modify binary from C source [macos, linux]
   - Atomic Test #2: Set a SetUID flag on file [macos, linux]
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
 - [T1165 Startup Items](./T1165/T1165.md)

atomics/index.yaml

@@ -4547,8 +4547,9 @@ persistence:
       modified: '2019-06-24T12:06:41.014Z'
       identifier: T1166
     atomic_tests:
-    - name: Setuid and Setgid
-      description: 'Setuid and Setgid
+    - name: Make and modify binary from C source
+      description: 'Make, change owner, and change file attributes on a C source code
+        file
 
 '
       supported_platforms:
@@ -4558,17 +4559,21 @@ persistence:
         payload:
           description: hello.c payload
           type: path
-          default: hello.c
+          default: PathToAtomicsFolder/T1166/src/hello.c
       executor:
-        name: manual
-        steps: |
-          1. make hello
-
-          2. sudo chown root hello
-
-          3. sudo chmod u+s hello
-
-          4. ./hello
+        name: sh
+        elevation_required: true
+        command: |
+          copy #{payload} /tmp/hello.c
+          cd /tmp
+          sudo chown root hello.c
+          sudo make hello
+          sudo chown root hello
+          sudo chmod u+s hello
+          ./hello
+        cleanup_command: |
+          sudo rm ./hello
+          sudo rm /tmp/hello.c
     - name: Set a SetUID flag on file
       description: 'This test sets the SetUID flag on a file in Linux and macOS.
 
@@ -4583,9 +4588,14 @@ persistence:
           default: "/tmp/evilBinary"
       executor:
         name: sh
+        elevation_required: true
         command: |
+          sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
           sudo chmod u+s #{file_to_setuid}
+        cleanup_command: 'sudo rm #{file_to_setuid}
+
+'
     - name: Set a SetGID flag on file
       description: 'This test sets the SetGID flag on a file in Linux and macOS.
 
@@ -4600,9 +4610,14 @@ persistence:
           default: "/tmp/evilBinary"
       executor:
         name: sh
+        elevation_required: true
         command: |
+          sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
           sudo chmod g+s #{file_to_setuid}
+        cleanup_command: 'sudo rm #{file_to_setuid}
+
+'
   T1023:
     technique:
       x_mitre_permissions_required:
@@ -15313,8 +15328,9 @@ privilege-escalation:
       modified: '2019-06-24T12:06:41.014Z'
       identifier: T1166
     atomic_tests:
-    - name: Setuid and Setgid
-      description: 'Setuid and Setgid
+    - name: Make and modify binary from C source
+      description: 'Make, change owner, and change file attributes on a C source code
+        file
 
 '
       supported_platforms:
@@ -15324,17 +15340,21 @@ privilege-escalation:
         payload:
           description: hello.c payload
           type: path
-          default: hello.c
+          default: PathToAtomicsFolder/T1166/src/hello.c
       executor:
-        name: manual
-        steps: |
-          1. make hello
-
-          2. sudo chown root hello
-
-          3. sudo chmod u+s hello
-
-          4. ./hello
+        name: sh
+        elevation_required: true
+        command: |
+          copy #{payload} /tmp/hello.c
+          cd /tmp
+          sudo chown root hello.c
+          sudo make hello
+          sudo chown root hello
+          sudo chmod u+s hello
+          ./hello
+        cleanup_command: |
+          sudo rm ./hello
+          sudo rm /tmp/hello.c
     - name: Set a SetUID flag on file
       description: 'This test sets the SetUID flag on a file in Linux and macOS.
 
@@ -15349,9 +15369,14 @@ privilege-escalation:
           default: "/tmp/evilBinary"
       executor:
         name: sh
+        elevation_required: true
         command: |
+          sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
           sudo chmod u+s #{file_to_setuid}
+        cleanup_command: 'sudo rm #{file_to_setuid}
+
+'
     - name: Set a SetGID flag on file
       description: 'This test sets the SetGID flag on a file in Linux and macOS.
 
@@ -15366,9 +15391,14 @@ privilege-escalation:
           default: "/tmp/evilBinary"
       executor:
         name: sh
+        elevation_required: true
         command: |
+          sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
           sudo chmod g+s #{file_to_setuid}
+        cleanup_command: 'sudo rm #{file_to_setuid}
+
+'
   T1165:
     technique:
       x_mitre_permissions_required:

atomics/linux-index.md

@@ -26,7 +26,7 @@
 - T1108 Redundant Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1505 Server Software Component](./T1505/T1505.md)
 - [T1166 Setuid and Setgid](./T1166/T1166.md)
-  - Atomic Test #1: Setuid and Setgid [macos, linux]
+  - Atomic Test #1: Make and modify binary from C source [macos, linux]
   - Atomic Test #2: Set a SetUID flag on file [macos, linux]
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
 - [T1501 Systemd Service](./T1501/T1501.md)
@@ -331,7 +331,7 @@
   - Atomic Test #3: Shared Library Injection via /etc/ld.so.preload [linux]
   - Atomic Test #4: Shared Library Injection via LD_PRELOAD [linux]
 - [T1166 Setuid and Setgid](./T1166/T1166.md)
-  - Atomic Test #1: Setuid and Setgid [macos, linux]
+  - Atomic Test #1: Make and modify binary from C source [macos, linux]
   - Atomic Test #2: Set a SetUID flag on file [macos, linux]
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
 - [T1169 Sudo](./T1169/T1169.md)

atomics/macos-index.md

@@ -42,7 +42,7 @@
   - Atomic Test #2: Re-Opened Applications [macos]
 - T1108 Redundant Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1166 Setuid and Setgid](./T1166/T1166.md)
-  - Atomic Test #1: Setuid and Setgid [macos, linux]
+  - Atomic Test #1: Make and modify binary from C source [macos, linux]
   - Atomic Test #2: Set a SetUID flag on file [macos, linux]
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
 - [T1165 Startup Items](./T1165/T1165.md)
@@ -359,7 +359,7 @@
   - Atomic Test #1: Plist Modification [macos]
 - [T1055 Process Injection](./T1055/T1055.md)
 - [T1166 Setuid and Setgid](./T1166/T1166.md)
-  - Atomic Test #1: Setuid and Setgid [macos, linux]
+  - Atomic Test #1: Make and modify binary from C source [macos, linux]
   - Atomic Test #2: Set a SetUID flag on file [macos, linux]
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
 - [T1165 Startup Items](./T1165/T1165.md)