security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #82 from danbourke/setuid

Browse Source 
Privilege Escalation - Setuid - Mac and Linux
This commit is contained in:
caseysmithrc
2018-02-20 07:58:10 -07:00
committed by GitHub
parent 75e3d08a72 258d7c83d5
commit d4dd7b931c
6 changed files with 50 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Linux/Payloads/hello.c
+9
View File
@@ -0,0 +1,9 @@
#import <stdio.h>
#import <unistd.h>
int main()
{
printf("Hello\n");
sleep(60);
printf("Don't run random binaries!\n");
return 0;
}
Linux/Privilege_Escalation/Setuid_and_Setgid.md
+15
View File
@@ -0,0 +1,15 @@
# Setuid and Setgid
MITRE ATT&CK Technique: [T1166](https://attack.mitre.org/wiki/Technique/T1166)
Navigate to [hello.c](../Payloads/hello.c)
Input:
make hello
sudo chown root hello
sudo chmod u+s hello
./hello
Linux/README.md
+1 -1
View File
@@ -3,7 +3,7 @@
| Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Execution | Collection | Exfiltration | Command and Control |
|------------------------------|-------------------------------|-------------------------------|----------------------------------------|----------------------------------------|---------------------------------|--------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
| [.bash_profile and .bashrc](Persistence/bash_profile_and_bashrc.md) | Exploitation of Vulnerability | Binary Padding | [Bash History](Credential_Access/Bash_History.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | Command-Line Interface | Audio Capture | Automated Exfiltration | Commonly Used Port |
| Bootkit | Setuid and Setgid | [Clear Command History](Defense_Evasion/Clear_Command_History.md) | Brute Force | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media |
| Bootkit | [Setuid and Setgid](Privilege_Escalation/Setuid_and_Setgid.md) | [Clear Command History](Defense_Evasion/Clear_Command_History.md) | Brute Force | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media |
| [Cron Job](Persistence/Cron_Job.md) | Sudo | Disabling Security Tools | [Create Account](Credential_Access/Create_Account.md) | [Network Service Scanning](Discovery/Network_Service_Scanning.md) | Remote File Copy | Scripting | Clipboard Data | Data Encrypted | Connection Proxy |
| Hidden Files and Directories | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Permission Groups Discovery | Remote Services | Source | Data Staged | Data Transfer Size Limits | Custom Command and Control Protocol |
| Rc.common | Web Shell | File Deletion | Exploitation of Vulnerability | [Process Discovery](Discovery/Process_Discovery.md) | Third-party Software | Space after Filename | Data from Local System | [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) | Custom Cryptographic Protocol |
Mac/Payloads/hello.c
+9
View File
@@ -0,0 +1,9 @@
#import <stdio.h>
#import <unistd.h>
int main()
{
printf("Hello\n");
sleep(60);
printf("Don't run random binaries!\n");
return 0;
}
Mac/Privilege_Escalation/Setuid_and_Setgid.md
+15
View File
@@ -0,0 +1,15 @@
# Setuid and Setgid
MITRE ATT&CK Technique: [T1166](https://attack.mitre.org/wiki/Technique/T1166)
Navigate to [hello.c](../Payloads/hello.c)
Input:
make hello
sudo chown root hello
sudo chmod u+s hello
./hello
Mac/README.md
+1 -1
View File
@@ -7,7 +7,7 @@
| [Create Account](Persistence/Create_Account.md) | Launch Daemon | Code Signing | Credentials in Files | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Browser Extensions | Data Encrypted | Connection Proxy |
| Dylib Hijacking | Plist Modification | [Disabling Security Tools](Defense_Evasion/Disabling_Security_Tools.md) | Exploitation of Vulnerability | [Network Service Scanning](Discovery/Network_Service_Scanning.md) | Logon Scripts | Launchctl | Clipboard Data | Data Transfer Size Limits | Custom Command and Control Protocol |
| Hidden Files and Directories | Process Injection | Exploitation of Vulnerability | Input Capture | [Network Share Discovery](Discovery/Network_Share_Discovery.md) | Remote File Copy | Local Job Scheduling | Data Staged | [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) | Custom Cryptographic Protocol |
| LC_LOAD_DYLIB Addition | Setuid and Setgid | File Deletion | [Input Prompt](Credential_Access/Input_Prompt.md) | [Permission Groups Discovery](Discovery/Permissions_Groups_Discovery.md) | Remote Services | Scripting | Data from Local System | Exfiltration Over Command and Control Channel | Data Encoding |
| LC_LOAD_DYLIB Addition | [Setuid and Setgid](Privilege_Escalation/Setuid_and_Setgid.md) | File Deletion | [Input Prompt](Credential_Access/Input_Prompt.md) | [Permission Groups Discovery](Discovery/Permissions_Groups_Discovery.md) | Remote Services | Scripting | Data from Local System | Exfiltration Over Command and Control Channel | Data Encoding |
| [Launch Agent](Persistence/Launch_Agent.md) | Startup Items | [Gatekeeper Bypass](Defense_Evasion/Gatekeeper_Bypass.md) | [Keychain](Credential_Access/Keychain.md) | [Process Discovery](Discovery/Process_Discovery.md) | SSH Hijacking | Source | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation |
| [Launch Daemon](Persistence/Launch_Daemon.md) | Sudo | [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) | Network Sniffing | [Remote System Discovery](Discovery/Remote_System_Discovery.md) | Third-party Software | Space after Filename | Data from Removable Media | Exfiltration Over Physical Medium | Domain Fronting |
| Launchctl | Valid Accounts | Hidden Files and Directories | Private Keys | [Security Software Discovery](Discovery/Security_Software_Discovery.md) | | Third-party Software | Input Capture | Scheduled Transfer | Fallback Channels |