mirror of
https://github.com/valitydev/atomic-threat-coverage.git
synced 2024-11-07 01:55:21 +00:00
83 lines
2.7 KiB
Markdown
83 lines
2.7 KiB
Markdown
# T1201 - Password Policy Discovery
|
|
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1201)
|
|
<blockquote>Password policies for networks are a way to enforce complex passwords that are difficult to guess or crack through [Brute Force](https://attack.mitre.org/techniques/T1110). An adversary may attempt to access detailed information about the password policy used within an enterprise network. This would help the adversary to create a list of common passwords and launch dictionary and/or brute force attacks which adheres to the policy (e.g. if the minimum password length should be 8, then not trying passwords such as 'pass123'; not checking for more than 3-4 passwords per account if the lockout is set to 6 as to not lock out accounts).
|
|
|
|
Password policies can be set and discovered on Windows, Linux, and macOS systems. (Citation: Superuser Linux Password Policies) (Citation: Jamf User Password Policies)
|
|
|
|
### Windows
|
|
* <code>net accounts</code>
|
|
* <code>net accounts /domain</code>
|
|
|
|
### Linux
|
|
* <code>chage -l <username></code>
|
|
* <code>cat /etc/pam.d/common-password</code>
|
|
|
|
### macOS
|
|
* <code>pwpolicy getaccountpolicies</code></blockquote>
|
|
|
|
## Atomic Tests
|
|
|
|
- [Atomic Test #1 - Examine password complexity policy - Ubuntu](#atomic-test-1---examine-password-complexity-policy---ubuntu)
|
|
|
|
- [Atomic Test #2 - Examine password complexity policy - CentOS/RHEL 7.x](#atomic-test-2---examine-password-complexity-policy---centosrhel-7x)
|
|
|
|
- [Atomic Test #3 - Examine password complexity policy - CentOS/RHEL 6.x](#atomic-test-3---examine-password-complexity-policy---centosrhel-6x)
|
|
|
|
- [Atomic Test #4 - Examine password expiration policy - All Linux](#atomic-test-4---examine-password-expiration-policy---all-linux)
|
|
|
|
|
|
<br/>
|
|
|
|
## Atomic Test #1 - Examine password complexity policy - Ubuntu
|
|
Lists the password complexity policy to console on Ubuntu Linux.
|
|
|
|
**Supported Platforms:** Ubuntu
|
|
|
|
|
|
#### Run it with `bash`!
|
|
```
|
|
cat /etc/pam.d/common-password
|
|
```
|
|
<br/>
|
|
<br/>
|
|
|
|
## Atomic Test #2 - Examine password complexity policy - CentOS/RHEL 7.x
|
|
Lists the password complexity policy to console on CentOS/RHEL 7.x Linux.
|
|
|
|
**Supported Platforms:** CentOS
|
|
|
|
|
|
#### Run it with `bash`!
|
|
```
|
|
cat /etc/security/pwquality.conf
|
|
```
|
|
<br/>
|
|
<br/>
|
|
|
|
## Atomic Test #3 - Examine password complexity policy - CentOS/RHEL 6.x
|
|
Lists the password complexity policy to console on CentOS/RHEL 6.x Linux.
|
|
|
|
**Supported Platforms:** CentOS
|
|
|
|
|
|
#### Run it with `bash`!
|
|
```
|
|
cat /etc/pam.d/system-auth
|
|
|
|
cat /etc/security/pwquality.conf
|
|
```
|
|
<br/>
|
|
<br/>
|
|
|
|
## Atomic Test #4 - Examine password expiration policy - All Linux
|
|
Lists the password expiration policy to console on CentOS/RHEL/Ubuntu.
|
|
|
|
**Supported Platforms:** Linux
|
|
|
|
|
|
#### Run it with `bash`!
|
|
```
|
|
cat /etc/login.defs
|
|
```
|
|
<br/>
|