Home
Attack
Dataset
Contact Us
Attack
2024 01
T1-24–01–S–N–CL
T2-24–01–S–N–CL
T3-24–01–S–N–CL
T4-24–01–S–E–M
T5-24–01–S–E–LM
T6-24–01–S–E–FH
T7-24–01–M–NE–CLM
T8-24–01–M–NE–CFHL
T9-24–01–M–NE–CLM
2024 02
T1-24–02–S–N–CIKM
T2-24–02–S–N–CL
T3-24–02–S–N–CL
T4-24-02-S-E-M
T5-24-02-S-E-DL
T6-24-02-S-E-DEGN
T7-24-02-M-NE-CDEGLN
T8-24-02-M-NE-CDL
T9-24-02-M-NE-CLH
Dataset
Contact Us
T6-24–01–S–E–FH
SU-BruteForce
To gain administrator privileges in a Linux environment, a randomized brute force attack is executed using a predefined list of 12,646 commonly used passwords.
This attack is executed to obtain escalating privileges by cracking the root's password. By running Python script, Brute-Force attack using su command in Linux with the list of passwords and check response. If the command succeeds, the root's password can be obtained. With the root's password successfully obtained, the attacker is able to perform diverse malicious actions. Therefore to prevent this, specifying the number of attempts to access su command is needed as a countermeasure.
OS
IP
Software
Log collection
time
Program
runtime
Attacker
-
-
-
65 sec
101 sec
Victim
Ubuntu 20.04.1
10.0.2.15
python
Installing
python3 -m pip install -r requirements.txt
Using
python3 run.py
MITRE ATT&CK Framework
Attack Tactic
Reconnaissance
Resource Development
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Logs
./log/2024_01_T6_{time}.log # YYmmdd_HHMMSS
References
[1]
MITRE [Brute Force: Password Guessing]
[2]
MITRE [Privilege Escalation]
※ Click on the attack name to see a description and scenario for the attack
2024 01
T1-24–01–S–N–CL
T2-24–01–S–N–CL
T3-24–01–S–N–CL
T4-24–01–S–E–M
T5-24–01–S–E–LM
T6-24–01–S–E–FH
T7-24–01–M–NE–CLM
T8-24–01–M–NE–CFHL
T9-24–01–M–NE–CLM
Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.
