Skip to content

Latest commit

 

History

History
116 lines (101 loc) · 9.87 KB

attack-tree.md

File metadata and controls

116 lines (101 loc) · 9.87 KB

Attack Tree Analysis for apache/tomcat

Objective: Compromise Application Running on Tomcat by Exploiting Tomcat Weaknesses

Attack Tree Visualization

Root Goal: Compromise Application via Tomcat

AND
├── **1. Exploit Tomcat Vulnerabilities**
│   └── **1.1. Exploit Known Tomcat CVEs (Common Vulnerabilities and Exposures)**
│       └── **1.1.1. Remote Code Execution (RCE) via CVE [CRITICAL]**
│           └── **1.1.1.3. Execute exploit against Tomcat instance [CRITICAL]**

AND
├── **2. Exploit Tomcat Misconfigurations [CRITICAL]**
│   ├── **2.1. Weak or Default Credentials for Tomcat Manager Application [CRITICAL]**
│   │   └── **2.1.4. Successful Login to Manager Application [CRITICAL]**
│   │       ├── **2.1.4.1. Deploy Malicious Web Application via Manager [CRITICAL]**
│   │       ├── **2.1.4.2. Modify Existing Web Application via Manager [CRITICAL]**
│   │       └── **2.1.4.3. Execute Server-Side Code via Manager functionalities (e.g., JMX, if exposed) [CRITICAL]**
│   ├── **2.2. Exposed Tomcat Manager Application [CRITICAL]**
│   │   └── **2.2.2. Access Manager Application without Proper Authentication/Authorization [CRITICAL]**
│   └── **2.3. Insecure Connector Configuration (e.g., AJP) [CRITICAL]**
│       └── **2.3.2. Exploit AJP "Ghostcat" Vulnerability (or similar) [CRITICAL]**
│           ├── **2.3.2.1. Send crafted AJP requests to read web application files [CRITICAL]**
│           └── **2.3.2.2. Send crafted AJP requests to execute arbitrary code [CRITICAL]**

AND
└── **3. Exploit Vulnerabilities in Tomcat Dependencies [CRITICAL]**
    └── **3.1. Vulnerable Libraries Used by Tomcat [CRITICAL]**
        └── **3.1.3. Exploit Vulnerabilities in Libraries via Tomcat [CRITICAL]**
            ├── **3.1.3.1. Trigger vulnerable code paths in libraries through Tomcat requests [CRITICAL]**
            └── **3.1.3.2. Achieve RCE, DoS, or Information Disclosure by exploiting library vulnerabilities [CRITICAL]**

Attack Tree Path: 1. Exploit Tomcat Vulnerabilities

  • 1.1. Exploit Known Tomcat CVEs (Common Vulnerabilities and Exposures)
    • Attack Vector: Publicly disclosed vulnerabilities in specific Tomcat versions, identified by CVE numbers.
    • Breakdown:
      • 1.1.1. Remote Code Execution (RCE) via CVE [CRITICAL]
        • Description: Exploiting a known CVE that allows an attacker to execute arbitrary code on the Tomcat server. This is the most critical type of vulnerability.
        • 1.1.1.3. Execute exploit against Tomcat instance [CRITICAL]
          • Attack Steps:
            • Identify a vulnerable Tomcat version running the application.
            • Research and obtain a working exploit for a relevant RCE CVE.
            • Execute the exploit against the target Tomcat instance.
          • Potential Impact: Full compromise of the Tomcat server and potentially the underlying system, leading to data breach, service disruption, and further attacks.

Attack Tree Path: 2. Exploit Tomcat Misconfigurations [CRITICAL]

  • 2.1. Weak or Default Credentials for Tomcat Manager Application [CRITICAL]

    • Attack Vector: Using default or easily guessable credentials to access the Tomcat Manager application.
    • Breakdown:
      • 2.1.4. Successful Login to Manager Application [CRITICAL]
        • Description: Gaining unauthorized access to the Tomcat Manager application due to weak or default credentials.
        • Attack Steps:
          • Discover the Tomcat Manager application login page (e.g., /manager/html).
          • Attempt default credentials (e.g., tomcat/tomcat, admin/admin).
          • Perform brute-force or credential stuffing attacks if default credentials fail.
          • If successful, gain access to the Manager application.
        • Potential Impact: Full control over deployed web applications, ability to deploy malicious applications, modify existing ones, and potentially execute server-side code via Manager functionalities.
          • 2.1.4.1. Deploy Malicious Web Application via Manager [CRITICAL]
            • Attack Vector: Deploying a specially crafted web application containing malicious code through the Tomcat Manager interface.
            • Potential Impact: Immediate execution of malicious code on the Tomcat server, leading to RCE and full system compromise.
          • 2.1.4.2. Modify Existing Web Application via Manager [CRITICAL]
            • Attack Vector: Modifying existing legitimate web applications deployed on Tomcat through the Manager interface to inject malicious code.
            • Potential Impact: Compromise of the legitimate application, data manipulation, defacement, and potential RCE if malicious code is injected effectively.
          • 2.1.4.3. Execute Server-Side Code via Manager functionalities (e.g., JMX, if exposed) [CRITICAL]
            • Attack Vector: Utilizing functionalities within the Tomcat Manager application, such as JMX interface (if exposed), to execute arbitrary server-side code.
            • Potential Impact: Direct RCE on the Tomcat server, leading to full system compromise.

  • 2.2. Exposed Tomcat Manager Application [CRITICAL]

    • Attack Vector: The Tomcat Manager application being accessible from unauthorized networks or the public internet without proper authentication or authorization.
    • Breakdown:
      • 2.2.2. Access Manager Application without Proper Authentication/Authorization [CRITICAL]
        • Description: Bypassing or circumventing authentication and authorization mechanisms protecting the Tomcat Manager application.
        • Attack Steps:
          • Discover the Tomcat Manager application URL.
          • Attempt to access the Manager application from unauthorized networks or the internet.
          • Exploit misconfigurations in access control mechanisms like RemoteAddrValve.
          • Attempt to bypass authentication mechanisms if they are weak or vulnerable.
        • Potential Impact: Unauthenticated access to the Tomcat Manager application, leading to the same impacts as gaining access via weak credentials (see 2.1.4 and its sub-nodes).

  • 2.3. Insecure Connector Configuration (e.g., AJP) [CRITICAL]

    • Attack Vector: Misconfiguration or vulnerabilities in Tomcat connectors, particularly the AJP (Apache JServ Protocol) connector.
    • Breakdown:
      • 2.3.2. Exploit AJP "Ghostcat" Vulnerability (or similar) [CRITICAL]
        • Description: Exploiting vulnerabilities like "Ghostcat" (CVE-2020-1938) in the AJP connector, which allows attackers to read web application files or potentially execute arbitrary code.
        • Attack Steps:
          • Identify an exposed AJP connector (default port 8009).
          • Exploit the "Ghostcat" vulnerability (or similar AJP vulnerabilities) if present and the configuration is vulnerable.
          • 2.3.2.1. Send crafted AJP requests to read web application files [CRITICAL]
            • Attack Vector: Sending specially crafted AJP requests to read sensitive files within the web application's context.
            • Potential Impact: Information disclosure, including web application source code, configuration files, and potentially sensitive data.
          • 2.3.2.2. Send crafted AJP requests to execute arbitrary code [CRITICAL]
            • Attack Vector: Sending specially crafted AJP requests to achieve Remote Code Execution on the Tomcat server (depending on the specific vulnerability and configuration).
            • Potential Impact: Full compromise of the Tomcat server and potentially the underlying system.

Attack Tree Path: 3. Exploit Vulnerabilities in Tomcat Dependencies [CRITICAL]

  • 3.1. Vulnerable Libraries Used by Tomcat [CRITICAL]
    • Attack Vector: Exploiting vulnerabilities in third-party libraries used by Tomcat itself.
    • Breakdown:
      • 3.1.3. Exploit Vulnerabilities in Libraries via Tomcat [CRITICAL]
        • Description: Exploiting known vulnerabilities in libraries that Tomcat depends on, by triggering vulnerable code paths through Tomcat requests or functionalities.
        • Attack Steps:
          • Identify the libraries used by the specific Tomcat version.
          • Check for known vulnerabilities (CVEs) in these libraries.
          • 3.1.3.1. Trigger vulnerable code paths in libraries through Tomcat requests [CRITICAL]
            • Attack Vector: Crafting specific requests to the Tomcat application that trigger vulnerable code paths within the dependency libraries.
            • Potential Impact: Depending on the library vulnerability, potential for RCE, DoS, or Information Disclosure.
          • 3.1.3.2. Achieve RCE, DoS, or Information Disclosure by exploiting library vulnerabilities [CRITICAL]
            • Attack Vector: Successfully exploiting the vulnerabilities in Tomcat's dependencies to achieve malicious outcomes.
            • Potential Impact: RCE, DoS, or Information Disclosure, depending on the nature of the exploited library vulnerability.