Skip to content

Latest commit

 

History

History
111 lines (92 loc) · 5.71 KB

attack-tree.md

File metadata and controls

111 lines (92 loc) · 5.71 KB

Attack Tree Analysis for apache/httpd

Objective: [*** Gain Unauthorized RCE on Server ***]

Attack Tree Visualization

                                 [*** Gain Unauthorized RCE on Server ***]
                                            /               \
                                           /                 \
                  -->[Exploit Vulnerability in httpd Modules] -->[Exploit Misconfiguration]
                           /       |       \                      /       |       \
                          /        |        \                    /        |        \

-->[Buffer Overflow] -->[Default Module] [*** Custom Module ] -->[Weak Auth] [Exposed Files] -->[Insecure Directives] / | Enabled Vulnerable (.htaccess) (/server-status) (AllowOverride All) / | -->[CVE-XXX] -->[CVE-YYY] [ New 0-day ***]

Attack Tree Path: [*** Gain Unauthorized RCE on Server ***] (Critical Node)

  • Description: This is the ultimate objective of the attacker. Achieving RCE allows the attacker to execute arbitrary commands, leading to complete server compromise.
  • Likelihood: N/A (Goal, not a step)
  • Impact: Very High
  • Effort: N/A
  • Skill Level: N/A
  • Detection Difficulty: N/A

Attack Tree Path: -->[Exploit Vulnerability in httpd Modules] (High-Risk Path)

  • Description: Attackers target vulnerabilities within httpd modules (extensions) to gain control.

  • Likelihood: Medium

  • Impact: High to Very High

  • Effort: Varies

  • Skill Level: Varies

  • Detection Difficulty: Medium to Hard

    • -->[Buffer Overflow] (High-Risk Path within Modules)

      • Description: Sending excessive data to a module's buffer, overwriting memory and potentially executing malicious code.

      • Likelihood: Medium

      • Impact: Very High

      • Effort: Varies (Low for known CVEs, High for 0-days)

      • Skill Level: Varies (Script Kiddie to Expert)

      • Detection Difficulty: Medium to Hard

      • -->[CVE-XXX] (Known, Patched - High-Risk if Unpatched)

        • Description: Exploiting a specific, publicly known buffer overflow vulnerability (represented by a CVE identifier). High risk only if the system is unpatched.
        • Likelihood: Low (If patched) / High (If unpatched)
        • Impact: Very High
        • Effort: Low to Medium (Exploits often publicly available)
        • Skill Level: Script Kiddie to Intermediate
        • Detection Difficulty: Medium (Signature-based detection possible)

      • -->[CVE-YYY] (Known, Patched - High-Risk if Unpatched)

        • (Same characteristics as CVE-XXX, but for a different specific vulnerability)

      • [* New 0-day *] (Critical Node)

        • Description: Exploiting an unknown (zero-day) buffer overflow vulnerability.
        • Likelihood: Very Low
        • Impact: Very High
        • Effort: Very High
        • Skill Level: Expert
        • Detection Difficulty: Very Hard

    • -->[Default Module Enabled] (Vulnerable - High-Risk Path)

      • Description: A default httpd module that is enabled contains a known vulnerability.
      • Likelihood: Medium (If the vulnerable module is enabled and unpatched)
      • Impact: High to Very High
      • Effort: Low to Medium
      • Skill Level: Script Kiddie to Intermediate
      • Detection Difficulty: Medium

    • [* Custom Module *] (Vulnerable - Critical Node)

      • Description: A module developed in-house contains a vulnerability.
      • Likelihood: Medium to High
      • Impact: High to Very High
      • Effort: Varies
      • Skill Level: Varies
      • Detection Difficulty: Medium to Hard

Attack Tree Path: -->[Exploit Misconfiguration] (High-Risk Path)

  • Description: Attackers leverage incorrect or insecure httpd configurations.

  • Likelihood: High

  • Impact: Low to Very High (Depends on the specific misconfiguration)

  • Effort: Low to Medium

  • Skill Level: Script Kiddie to Intermediate

  • Detection Difficulty: Easy to Medium

    • -->[Weak Auth (.htaccess)] (High-Risk Path)

      • Description: Weak or default passwords protecting resources via .htaccess files.
      • Likelihood: High
      • Impact: Medium to High
      • Effort: Low (Brute-force attacks)
      • Skill Level: Script Kiddie
      • Detection Difficulty: Easy (Failed login attempts)

    • [Exposed Sensitive Files (/server-status)]

      • Description: Sensitive files or directories (like /server-status) are accessible without authentication.
      • Likelihood: Medium
      • Impact: Medium to High
      • Effort: Very Low
      • Skill Level: Script Kiddie
      • Detection Difficulty: Very Easy

    • -->[Insecure Directives (AllowOverride All)] (High-Risk Path)

      • Description: Using insecure configuration directives, such as AllowOverride All, which allows .htaccess files to override almost any server setting.
      • Likelihood: Medium
      • Impact: High
      • Effort: Medium
      • Skill Level: Intermediate
      • Detection Difficulty: Medium