Skip to content

Latest commit

 

History

History
97 lines (71 loc) · 6.3 KB

attack-tree.md

File metadata and controls

97 lines (71 loc) · 6.3 KB

Attack Tree Analysis for bettererrors/better_errors

Objective: Gain Unauthorized Access/Achieve RCE via better_errors [CN]

Attack Tree Visualization

                                      +-----------------------------------------------------+
                                      |  Gain Unauthorized Access/Achieve RCE via better_errors | [CN]
                                      +-----------------------------------------------------+
                                                       ^
                                                       |
          +-----------------------------------------------------------------------------------+
          |                                                                                   |
+-------------------------+ [HR]      +-------------------------------------------------+ [HR]
|  1. Exploit Information  |            | 2.  Manipulate REPL for Code Execution/Access  | [CN]
|       Disclosure         | [CN]      +-------------------------------------------------+
+-------------------------+                                                       ^
          ^                                                                       |
          |
+---------------------+  +---------------------+    |  2.1 Inject Malicious Code into REPL  | [CN] | 2.2 Access Files via REPL | [CN]
| 1.1 View Source Code |  | 1.2 View Env Vars | [HR] +-------------------------------------+  +----------------------------+
+---------------------+  +---------------------+            ^                                             ^
          |                     |                    |                                             |
+---------------------+  +---------------------+    +---------------------+                        +---------------------+
| 1.1.1 Access via    |  | 1.2.1 Access via    |    | 2.1.1 Direct Input  | [HR]                 | 2.2.1 `File.read`   | [HR]
|  Error Page         | [HR] |  Error Page         |    +---------------------+                        +---------------------+
+---------------------+  +---------------------+

Attack Tree Path: Gain Unauthorized Access/Achieve RCE via better_errors [CN]

  • Description: This is the overarching goal of the attacker. They aim to leverage vulnerabilities within the better_errors gem to either gain unauthorized access to sensitive information or achieve remote code execution on the server.
    • This is a critical node because success here means complete compromise.

Attack Tree Path: 1. Exploit Information Disclosure [CN] [HR]

  • Description: This attack path focuses on exploiting better_errors's debugging features to reveal sensitive information.
    • This is a critical node and a high-risk path due to the ease of access and the potential for significant data leakage.

Attack Tree Path: 1.1 View Source Code

  • Description: The attacker aims to view the application's source code.

Attack Tree Path: 1.1.1 Access via Error Page [HR]

  • Description: The attacker triggers an error in the application (e.g., by providing invalid input) to cause the better_errors error page to be displayed. This page reveals the source code surrounding the error location. * Likelihood: High * Impact: High to Very High * Effort: Very Low * Skill Level: Novice * Detection Difficulty: Medium to Hard

Attack Tree Path: 1.2 View Environment Variables [HR]

  • Description: The attacker aims to view the application's environment variables.

Attack Tree Path: 1.2.1 Access via Error Page [HR]

  • Description: Similar to 1.1.1, the attacker triggers an error to display the better_errors page, which includes a section showing the current environment variables. These often contain sensitive data like API keys and database credentials. * Likelihood: High * Impact: Very High * Effort: Very Low * Skill Level: Novice * Detection Difficulty: Medium to Hard

Attack Tree Path: 2. Manipulate REPL for Code Execution/Access [CN] [HR]

  • Description: This attack path focuses on using the better_errors REPL (Read-Eval-Print Loop) to execute arbitrary code or access the file system.
    • This is a critical node and a high-risk path because it provides a direct route to remote code execution.

Attack Tree Path: 2.1 Inject Malicious Code into REPL [CN]

  • Description: The attacker uses the REPL to execute arbitrary Ruby code.

Attack Tree Path: 2.1.1 Direct Input [HR]

  • Description: The attacker types Ruby code directly into the REPL's input field. This code can do anything the application user can do, including accessing the file system, network, and other resources. This is the most direct path to RCE. * Likelihood: High * Impact: Very High * Effort: Low * Skill Level: Intermediate * Detection Difficulty: Medium to Hard

Attack Tree Path: 2.2 Access Files via REPL [CN]

  • Description: The attacker uses the REPL to access files on the server.

Attack Tree Path: 2.2.1 File.read [HR]

  • Description: The attacker uses the File.read method in the REPL to read the contents of arbitrary files on the server. This could include sensitive configuration files, system files (e.g., /etc/passwd), or application data. * Likelihood: High * Impact: High to Very High * Effort: Low * Skill Level: Intermediate * Detection Difficulty: Medium to Hard