CircleCI Atomic Red Team doc generator
4.9 KiB
T1201 - Password Policy Discovery
Description from ATT&CK
Adversaries may attempt to access detailed information about the password policy used within an enterprise network. Password policies for networks are a way to enforce complex passwords that are difficult to guess or crack through [Brute Force](https://attack.mitre.org/techniques/T1110). This would help the adversary to create a list of common passwords and launch dictionary and/or brute force attacks which adheres to the policy (e.g. if the minimum password length should be 8, then not trying passwords such as 'pass123'; not checking for more than 3-4 passwords per account if the lockout is set to 6 as to not lock out accounts).Password policies can be set and discovered on Windows, Linux, and macOS systems via various command shell utilities such as
net accounts (/domain),Get-ADDefaultDomainPasswordPolicy,chage -l,cat /etc/pam.d/common-password, andpwpolicy getaccountpolicies.(Citation: Superuser Linux Password Policies) (Citation: Jamf User Password Policies)
Atomic Tests
-
Atomic Test #1 - Examine password complexity policy - Ubuntu
-
Atomic Test #2 - Examine password complexity policy - CentOS/RHEL 7.x
-
Atomic Test #3 - Examine password complexity policy - CentOS/RHEL 6.x
-
Atomic Test #4 - Examine password expiration policy - All Linux
Atomic Test #1 - Examine password complexity policy - Ubuntu
Lists the password complexity policy to console on Ubuntu Linux.
Supported Platforms: Linux
auto_generated_guid: 085fe567-ac84-47c7-ac4c-2688ce28265b
Attack Commands: Run with bash!
cat /etc/pam.d/common-password
Atomic Test #2 - Examine password complexity policy - CentOS/RHEL 7.x
Lists the password complexity policy to console on CentOS/RHEL 7.x Linux.
Supported Platforms: Linux
auto_generated_guid: 78a12e65-efff-4617-bc01-88f17d71315d
Attack Commands: Run with bash!
cat /etc/security/pwquality.conf
Dependencies: Run with bash!
Description: System must be CentOS or RHEL v7
Check Prereq Commands:
if [ $(rpm -q --queryformat '%{VERSION}') -eq "7" ]; then exit /b 0; else exit /b 1; fi;
Get Prereq Commands:
echo Please run from CentOS or RHEL v7
Atomic Test #3 - Examine password complexity policy - CentOS/RHEL 6.x
Lists the password complexity policy to console on CentOS/RHEL 6.x Linux.
Supported Platforms: Linux
auto_generated_guid: 6ce12552-0adb-4f56-89ff-95ce268f6358
Attack Commands: Run with bash!
cat /etc/pam.d/system-auth
cat /etc/security/pwquality.conf
Dependencies: Run with bash!
Description: System must be CentOS or RHEL v6
Check Prereq Commands:
if [ $(rpm -q --queryformat '%{VERSION}') -eq "6" ]; then exit /b 0; else exit /b 1; fi;
Get Prereq Commands:
echo Please run from CentOS or RHEL v6
Atomic Test #4 - Examine password expiration policy - All Linux
Lists the password expiration policy to console on CentOS/RHEL/Ubuntu.
Supported Platforms: Linux
auto_generated_guid: 7c86c55c-70fa-4a05-83c9-3aa19b145d1a
Attack Commands: Run with bash!
cat /etc/login.defs
Atomic Test #5 - Examine local password policy - Windows
Lists the local password policy to console on Windows.
Supported Platforms: Windows
auto_generated_guid: 4588d243-f24e-4549-b2e3-e627acc089f6
Attack Commands: Run with command_prompt!
net accounts
Atomic Test #6 - Examine domain password policy - Windows
Lists the domain password policy to console on Windows.
Supported Platforms: Windows
auto_generated_guid: 46c2c362-2679-4ef5-aec9-0e958e135be4
Attack Commands: Run with command_prompt!
net accounts /domain
Atomic Test #7 - Examine password policy - macOS
Lists the password policy to console on macOS.
Supported Platforms: macOS
auto_generated_guid: 4b7fa042-9482-45e1-b348-4b756b2a0742
Attack Commands: Run with bash!
pwpolicy getaccountpolicies