security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

T098: accept UserPrincipalName for the "user_principal_name" argument

Browse Source 
In Azure AD a "user principal name" can be interpreted as the "name of a principal of type user"
or as the "UserPrincipalName (UPN)" user attribute!
But most people will expect the second meaning. Which is confusing since this test actually expects to see
the user display name in this attribute.

I think there was a confusion with the sibling test which is for "service principal",
so for which the argument to designate it by name is "service_principal_name".

With this change, there is no regression while being compatible with people passing a UPN to this argument.
This commit is contained in:
Clément Notin
2023-03-15 18:25:11 +01:00
parent 159dda49d8
commit efd6dbb465
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1098/T1098.yaml
+6 -6
View File
@@ -151,7 +151,7 @@ atomic_tests:
type: string
default: p4sswd
user_principal_name:
description: Name of the targeted user (user principal)
description: Display Name, or User Principal Name, of the targeted user principal
type: string
default: SuperUser
role_name:
@@ -172,7 +172,7 @@ atomic_tests:
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
Connect-AzureAD -Credential $Credential
$user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}'"
$user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}' or UserPrincipalName eq '#{user_principal_name}'"
if ($user -eq $null) { Write-Warning "User not found"; exit }
$role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'"
if ($role -eq $null) { Write-Warning "Role not found"; exit }
@@ -184,7 +184,7 @@ atomic_tests:
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
Connect-AzureAD -Credential $Credential -ErrorAction Ignore
$user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}'"
$user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}' or UserPrincipalName eq '#{user_principal_name}'"
if ($user -eq $null) { Write-Warning "User not found"; exit }
$role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'"
if ($role -eq $null) { Write-Warning "Role not found"; exit }
@@ -286,7 +286,7 @@ atomic_tests:
type: string
default: p4sswd
user_principal_name:
description: Name of the targeted user (user principal)
description: Display Name, or User Principal Name, of the targeted user principal
type: string
default: SuperUser
role_name:
@@ -311,7 +311,7 @@ atomic_tests:
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
Connect-AzAccount -Credential $Credential
$user = Get-AzADUser | where-object {$_.DisplayName -eq "#{user_principal_name}"}
$user = Get-AzADUser | where-object {$_.DisplayName -eq "#{user_principal_name}" -or $_.UserPrincipalName -eq "#{user_principal_name}" }
if ($user -eq $null) { Write-Warning "User not found"; exit }
$subscription = Get-AzSubscription | where-object {$_.Name -eq "#{subscription}"}
if ($subscription -eq $null) { Write-Warning "Subscription not found"; exit }
@@ -326,7 +326,7 @@ atomic_tests:
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword
Connect-AzAccount -Credential $Credential -ErrorAction Ignore
$user = Get-AzADUser | where-object {$_.DisplayName -eq "#{user_principal_name}"}
$user = Get-AzADUser | where-object {$_.DisplayName -eq "#{user_principal_name}" -or $_.UserPrincipalName -eq "#{user_principal_name}" }
if ($user -eq $null) { Write-Warning "User not found"; exit }
$subscription = Get-AzSubscription | where-object {$_.Name -eq "#{subscription}"}
if ($subscription -eq $null) { Write-Warning "Subscription not found"; exit }