Added Linux Smart Enumeration to Linux Privesc TTPs #125
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Summary: This TTP helps identify privilege escalation paths using Linux Smart Enumeration, a tool that automates the discovery of local privilege escalation vulnerabilities on Linux-based operating systems. ## Arguments - **escalate_privileges**: A boolean flag indicating whether to run the TTP as root or not. Default is false. - **download_link**: The URL to download the latest version of `lse.sh` from GitHub. Default is [https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh](https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh) ## Pre-requisites 1. A Linux-based operating system. 2. Bash shell. ## Examples You can run the TTP using the following example (after updating the arguments): ```bash ttpforge run forgearmory//privilege-escalation/linux/identify-privilege-escalation-paths-with-lse/identify-privilege-escalation-paths-with-lse.yaml \ --arg escalate_privileges=true ``` ## Steps 1. **ensure-root-user-if-required**: This step checks if the TTP needs to be run as root and ensures that it is being executed as the root user. 2. **download-and-run-lse**: This step downloads the latest version of `lse.sh` from GitHub and executes it with bash. ## Manual Reproduction Steps ``` # Escalate privileges to root (optional - being root gives you more info) sudo su # Download and run lse curl -sL https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh | bash ``` ## MITRE ATT&CK Mapping - **Tactics**: - TA0003 Execution - TA0007 Discovery - **Techniques**: - T1059 Command and Scripting Interpreter - T1087 Account Discovery - T1083 File and Directory Discovery - T1057 Process Discovery - T1069 Permission Groups Discovery - T1518 Software Discovery - T1082 System Information Discovery - T1033 System Owner/User Discovery - T1007 System Service Discovery - **Subtechniques**: - T1059.004 Command and Scripting Interpreter Unix Shell Differential Revision: D61623273
d0n601
requested review from
d3sch41n,
cedowens and
CrimsonK1ng
as code owners
|
This pull request was exported from Phabricator. Differential Revision: D61623273 |
|
This pull request has been merged in fee6160. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
This TTP helps identify privilege escalation paths using Linux Smart
Enumeration, a tool that automates the discovery of local privilege escalation
vulnerabilities on Linux-based operating systems.
Arguments
root or not. Default is false.
lse.shfromGitHub. Default is
https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh
Pre-requisites
Examples
You can run the TTP using the following example (after updating the arguments):
Steps
as root and ensures that it is being executed as the root user.
lse.shfrom GitHub and executes it with bash.
Manual Reproduction Steps
MITRE ATT&CK Mapping
Differential Revision: D61623273