From 3ef533126a26dcb06ff79e89a5febeaa8b624a5e Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Thu, 23 Jan 2020 03:08:33 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/T1166/T1166.md | 46 +++++++++++++++++-------- atomics/index.md | 4 +-- atomics/index.yaml | 78 +++++++++++++++++++++++++++++------------- atomics/linux-index.md | 4 +-- atomics/macos-index.md | 4 +-- 5 files changed, 92 insertions(+), 44 deletions(-) diff --git a/atomics/T1166/T1166.md b/atomics/T1166/T1166.md index 1940683a..19d81f2a 100644 --- a/atomics/T1166/T1166.md +++ b/atomics/T1166/T1166.md @@ -6,7 +6,7 @@ An adversary can take advantage of this to either do a shell escape or exploit a ## Atomic Tests -- [Atomic Test #1 - Setuid and Setgid](#atomic-test-1---setuid-and-setgid) +- [Atomic Test #1 - Make and modify binary from C source](#atomic-test-1---make-and-modify-binary-from-c-source) - [Atomic Test #2 - Set a SetUID flag on file](#atomic-test-2---set-a-setuid-flag-on-file) @@ -15,8 +15,8 @@ An adversary can take advantage of this to either do a shell escape or exploit a
-## Atomic Test #1 - Setuid and Setgid -Setuid and Setgid +## Atomic Test #1 - Make and modify binary from C source +Make, change owner, and change file attributes on a C source code file **Supported Platforms:** macOS, Linux @@ -24,17 +24,25 @@ Setuid and Setgid #### Inputs: | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| payload | hello.c payload | path | hello.c| - -#### Run it with these steps! 1. make hello - -2. sudo chown root hello - -3. sudo chmod u+s hello - -4. ./hello +| payload | hello.c payload | path | PathToAtomicsFolder/T1166/src/hello.c| +#### Attack Commands: Run with `sh`! Elevation Required (e.g. root or admin) +``` +copy #{payload} /tmp/hello.c +cd /tmp +sudo chown root hello.c +sudo make hello +sudo chown root hello +sudo chmod u+s hello +./hello +``` + +#### Cleanup Commands: +``` +sudo rm ./hello +sudo rm /tmp/hello.c +``` @@ -55,12 +63,17 @@ This test sets the SetUID flag on a file in Linux and macOS. | file_to_setuid | Path of file to set SetUID flag | path | /tmp/evilBinary| -#### Attack Commands: Run with `sh`! +#### Attack Commands: Run with `sh`! Elevation Required (e.g. root or admin) ``` +sudo touch #{file_to_setuid} sudo chown root #{file_to_setuid} sudo chmod u+s #{file_to_setuid} ``` +#### Cleanup Commands: +``` +sudo rm #{file_to_setuid} +``` @@ -81,12 +94,17 @@ This test sets the SetGID flag on a file in Linux and macOS. | file_to_setuid | Path of file to set SetGID flag | path | /tmp/evilBinary| -#### Attack Commands: Run with `sh`! +#### Attack Commands: Run with `sh`! Elevation Required (e.g. root or admin) ``` +sudo touch #{file_to_setuid} sudo chown root #{file_to_setuid} sudo chmod g+s #{file_to_setuid} ``` +#### Cleanup Commands: +``` +sudo rm #{file_to_setuid} +``` diff --git a/atomics/index.md b/atomics/index.md index 48975cb3..943da2df 100644 --- a/atomics/index.md +++ b/atomics/index.md @@ -127,7 +127,7 @@ - [T1058 Service Registry Permissions Weakness](./T1058/T1058.md) - Atomic Test #1: Service Registry Permissions Weakness [windows] - [T1166 Setuid and Setgid](./T1166/T1166.md) - - Atomic Test #1: Setuid and Setgid [macos, linux] + - Atomic Test #1: Make and modify binary from C source [macos, linux] - Atomic Test #2: Set a SetUID flag on file [macos, linux] - Atomic Test #3: Set a SetGID flag on file [macos, linux] - [T1023 Shortcut Modification](./T1023/T1023.md) @@ -480,7 +480,7 @@ - [T1058 Service Registry Permissions Weakness](./T1058/T1058.md) - Atomic Test #1: Service Registry Permissions Weakness [windows] - [T1166 Setuid and Setgid](./T1166/T1166.md) - - Atomic Test #1: Setuid and Setgid [macos, linux] + - Atomic Test #1: Make and modify binary from C source [macos, linux] - Atomic Test #2: Set a SetUID flag on file [macos, linux] - Atomic Test #3: Set a SetGID flag on file [macos, linux] - [T1165 Startup Items](./T1165/T1165.md) diff --git a/atomics/index.yaml b/atomics/index.yaml index 3d0cef5b..953f684e 100644 --- a/atomics/index.yaml +++ b/atomics/index.yaml @@ -4547,8 +4547,9 @@ persistence: modified: '2019-06-24T12:06:41.014Z' identifier: T1166 atomic_tests: - - name: Setuid and Setgid - description: 'Setuid and Setgid + - name: Make and modify binary from C source + description: 'Make, change owner, and change file attributes on a C source code + file ' supported_platforms: @@ -4558,17 +4559,21 @@ persistence: payload: description: hello.c payload type: path - default: hello.c + default: PathToAtomicsFolder/T1166/src/hello.c executor: - name: manual - steps: | - 1. make hello - - 2. sudo chown root hello - - 3. sudo chmod u+s hello - - 4. ./hello + name: sh + elevation_required: true + command: | + copy #{payload} /tmp/hello.c + cd /tmp + sudo chown root hello.c + sudo make hello + sudo chown root hello + sudo chmod u+s hello + ./hello + cleanup_command: | + sudo rm ./hello + sudo rm /tmp/hello.c - name: Set a SetUID flag on file description: 'This test sets the SetUID flag on a file in Linux and macOS. @@ -4583,9 +4588,14 @@ persistence: default: "/tmp/evilBinary" executor: name: sh + elevation_required: true command: | + sudo touch #{file_to_setuid} sudo chown root #{file_to_setuid} sudo chmod u+s #{file_to_setuid} + cleanup_command: 'sudo rm #{file_to_setuid} + +' - name: Set a SetGID flag on file description: 'This test sets the SetGID flag on a file in Linux and macOS. @@ -4600,9 +4610,14 @@ persistence: default: "/tmp/evilBinary" executor: name: sh + elevation_required: true command: | + sudo touch #{file_to_setuid} sudo chown root #{file_to_setuid} sudo chmod g+s #{file_to_setuid} + cleanup_command: 'sudo rm #{file_to_setuid} + +' T1023: technique: x_mitre_permissions_required: @@ -15313,8 +15328,9 @@ privilege-escalation: modified: '2019-06-24T12:06:41.014Z' identifier: T1166 atomic_tests: - - name: Setuid and Setgid - description: 'Setuid and Setgid + - name: Make and modify binary from C source + description: 'Make, change owner, and change file attributes on a C source code + file ' supported_platforms: @@ -15324,17 +15340,21 @@ privilege-escalation: payload: description: hello.c payload type: path - default: hello.c + default: PathToAtomicsFolder/T1166/src/hello.c executor: - name: manual - steps: | - 1. make hello - - 2. sudo chown root hello - - 3. sudo chmod u+s hello - - 4. ./hello + name: sh + elevation_required: true + command: | + copy #{payload} /tmp/hello.c + cd /tmp + sudo chown root hello.c + sudo make hello + sudo chown root hello + sudo chmod u+s hello + ./hello + cleanup_command: | + sudo rm ./hello + sudo rm /tmp/hello.c - name: Set a SetUID flag on file description: 'This test sets the SetUID flag on a file in Linux and macOS. @@ -15349,9 +15369,14 @@ privilege-escalation: default: "/tmp/evilBinary" executor: name: sh + elevation_required: true command: | + sudo touch #{file_to_setuid} sudo chown root #{file_to_setuid} sudo chmod u+s #{file_to_setuid} + cleanup_command: 'sudo rm #{file_to_setuid} + +' - name: Set a SetGID flag on file description: 'This test sets the SetGID flag on a file in Linux and macOS. @@ -15366,9 +15391,14 @@ privilege-escalation: default: "/tmp/evilBinary" executor: name: sh + elevation_required: true command: | + sudo touch #{file_to_setuid} sudo chown root #{file_to_setuid} sudo chmod g+s #{file_to_setuid} + cleanup_command: 'sudo rm #{file_to_setuid} + +' T1165: technique: x_mitre_permissions_required: diff --git a/atomics/linux-index.md b/atomics/linux-index.md index c1561696..fc33338f 100644 --- a/atomics/linux-index.md +++ b/atomics/linux-index.md @@ -26,7 +26,7 @@ - T1108 Redundant Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) - [T1505 Server Software Component](./T1505/T1505.md) - [T1166 Setuid and Setgid](./T1166/T1166.md) - - Atomic Test #1: Setuid and Setgid [macos, linux] + - Atomic Test #1: Make and modify binary from C source [macos, linux] - Atomic Test #2: Set a SetUID flag on file [macos, linux] - Atomic Test #3: Set a SetGID flag on file [macos, linux] - [T1501 Systemd Service](./T1501/T1501.md) @@ -331,7 +331,7 @@ - Atomic Test #3: Shared Library Injection via /etc/ld.so.preload [linux] - Atomic Test #4: Shared Library Injection via LD_PRELOAD [linux] - [T1166 Setuid and Setgid](./T1166/T1166.md) - - Atomic Test #1: Setuid and Setgid [macos, linux] + - Atomic Test #1: Make and modify binary from C source [macos, linux] - Atomic Test #2: Set a SetUID flag on file [macos, linux] - Atomic Test #3: Set a SetGID flag on file [macos, linux] - [T1169 Sudo](./T1169/T1169.md) diff --git a/atomics/macos-index.md b/atomics/macos-index.md index 6de8be9e..dd2c19d4 100644 --- a/atomics/macos-index.md +++ b/atomics/macos-index.md @@ -42,7 +42,7 @@ - Atomic Test #2: Re-Opened Applications [macos] - T1108 Redundant Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) - [T1166 Setuid and Setgid](./T1166/T1166.md) - - Atomic Test #1: Setuid and Setgid [macos, linux] + - Atomic Test #1: Make and modify binary from C source [macos, linux] - Atomic Test #2: Set a SetUID flag on file [macos, linux] - Atomic Test #3: Set a SetGID flag on file [macos, linux] - [T1165 Startup Items](./T1165/T1165.md) @@ -359,7 +359,7 @@ - Atomic Test #1: Plist Modification [macos] - [T1055 Process Injection](./T1055/T1055.md) - [T1166 Setuid and Setgid](./T1166/T1166.md) - - Atomic Test #1: Setuid and Setgid [macos, linux] + - Atomic Test #1: Make and modify binary from C source [macos, linux] - Atomic Test #2: Set a SetUID flag on file [macos, linux] - Atomic Test #3: Set a SetGID flag on file [macos, linux] - [T1165 Startup Items](./T1165/T1165.md)