Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect assumptions in account discovery #1509

Closed
mssalvatore opened this issue Oct 4, 2021 · 1 comment
Closed

Incorrect assumptions in account discovery #1509

mssalvatore opened this issue Oct 4, 2021 · 1 comment
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. Complexity: Low Impact: Medium

Comments

@mssalvatore
Copy link
Collaborator

mssalvatore commented Oct 4, 2021
edited
Loading

Description

The Linux account discovery, Linux clear command history, and Linux modify shell startup files PBAs make incorrect assumptions about Linux users.

  1. Assumes all users' home directories are in /home
  2. Assumes users' home directories have the user's name. (e.g. testuser's home directory is /home/testuser)
  3. Assumes regular users have 4 digit IDs.

In addition, these 3 PBAs duplicate the same command.

Proposed solution

Instead of running complicated shell commands which require shell=True (which is a security concern, see also #1118), the logic for these PBAs can be reimplemented in Python.

Correcting false assumptions

  1. Rather than filtering users by the length of their ID, the code can parse the contents of /etc/passwd using the Python pwd module and return only non-root users with the following shells:
    • bash
    • sh
    • dash
    • fish
    • zsh
    • ksh
    • csh
    • tsch
  2. Get each user's home directory using the pwd module instead of assuming it's /home/[USERNAME]
  3. Make this code reusable (and testable)
@mssalvatore mssalvatore added Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. Impact: Medium Complexity: Low labels Oct 4, 2021
@ilija-lazoroski ilija-lazoroski mentioned this issue Oct 5, 2021
Merged
7 tasks
@mssalvatore mssalvatore mentioned this issue Apr 12, 2022
Closed
@cakekoa
Copy link
Contributor

cakekoa commented Oct 25, 2022

PBAs are being removed in #2442

@cakekoa cakekoa closed this as not planned Won't fix, can't repro, duplicate, stale Oct 25, 2022
@mssalvatore mssalvatore mentioned this issue Mar 28, 2023
Closed
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. Complexity: Low Impact: Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cakekoa @mssalvatore