search

facebookincubator / TTPForge

The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
MIT License
344 stars 34 forks source link

🚨 [BUG] - nil thrown in superuser output #489

Open l50 opened 9 months ago

l50 commented 9 months ago

What happened?

  1. Run this ttp: https://github.com/facebookincubator/ForgeArmory/blob/main/ttps/privilege-escalation/linux/suid-binary-escalation/suid-binary-escalation.yaml

  2. Observe output:

    INFO    RUNNING TTP: suid-binary-escalation
INFO    ========================================
INFO    CLEANING UP 0 steps of TTP: "suid-binary-escalation"
INFO    ----------------------------------------
INFO    Finished Cleanup Successfully ✅
ERROR   failed to run command:
    failed to run TTP at /home/jaysong/.ttpforge/repos/forgearmory/ttps/privilege-escalation/suid-binary-escalation/suid- 
binary-escalation.yaml: <nil>

Any suggestions for fixing this bug?

Ideally this is at most a string interpolation issue. Otherwise, it could be a bug somewhere leading up to the sink (provided output).

Relevant log output

Log output provided in **What happened?**

Details about your environment

Running on latest centos (x86_64)

l50 commented 9 months ago

Worth noting: This works without any issues on an arm64 box:

[cloud-user@ip-10-0-2-23 privilege-escalation]$ ttpforge run forgearmory//privilege-escalation/suid-binary-escalation/suid-binary-escalation.yaml --arg low_priv_user=demo_user
INFO    RUNNING TTP: suid-binary-escalation
ERROR   failed to run command:
        failed to run TTP at /home/cloud-user/.ttpforge/repos/forgearmory/ttps/privilege-escalation/suid-binary-escalation/suid-binary-escalation.yaml: TTP requirements not met: must be root (UID 0) to run this TTP

uname -a
Linux ip-10-0-2-23.us-west-2.compute.internal 5.14.0-419.el9.aarch64 #1 SMP PREEMPT_DYNAMIC Wed Feb 7 23:54:30 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux