• Home
  • Attack
  • Dataset
  • Contact Us
        • T1-24–01–S–N–CL
        • T2-24–01–S–N–CL
        • T3-24–01–S–N–CL
        • T4-24–01–S–E–M
        • T5-24–01–S–E–LM
        • T6-24–01–S–E–FH
        • T7-24–01–M–NE–CLM
        • T8-24–01–M–NE–CFHL
        • T9-24–01–M–NE–CLM
        • T1-24–02–S–N–CIKM
        • T2-24–02–S–N–CL
        • T3-24–02–S–N–CL
        • T4-24-02-S-E-M
        • T5-24-02-S-E-DL
        • T6-24-02-S-E-DEGN
        • T7-24-02-M-NE-CDEGLN
        • T8-24-02-M-NE-CDL
        • T9-24-02-M-NE-CLH
  • T6-24–01–S–E–FH
  • SU-BruteForce

    To gain administrator privileges in a Linux environment, a randomized brute force attack is executed using a predefined list of 12,646 commonly used passwords.

    This attack is executed to obtain escalating privileges by cracking the root's password. By running Python script, Brute-Force attack using su command in Linux with the list of passwords and check response. If the command succeeds, the root's password can be obtained. With the root's password successfully obtained, the attacker is able to perform diverse malicious actions. Therefore to prevent this, specifying the number of attempts to access su command is needed as a countermeasure.
  •  


  • OS IP Software Log collection
    time
    Program
    runtime
    Attacker - - - 65 sec 101 sec
    Victim Ubuntu 20.04.1 10.0.2.15 python

  • Installing
  • python3 -m pip install -r requirements.txt

  • Using
  • python3 run.py

  • MITRE ATT&CK Framework
  • Attack Tactic
    Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion
    Credential Discovery Lateral Movement Collection Command and Control Exfiltration Impact

  • Logs
  • ./log/2024_01_T6_{time}.log # YYmmdd_HHMMSS


  • References
  • [1] MITRE [Brute Force: Password Guessing]
    [2] MITRE [Privilege Escalation]

  • ※ Click on the attack name to see a description and scenario for the attack
    • 2024 01
    • T1-24–01–S–N–CL
    • T2-24–01–S–N–CL
    • T3-24–01–S–N–CL
    • T4-24–01–S–E–M
    • T5-24–01–S–E–LM
    • T6-24–01–S–E–FH
    • T7-24–01–M–NE–CLM
    • T8-24–01–M–NE–CFHL
    • T9-24–01–M–NE–CLM
  • Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.