Skip to content

Latest commit

 

History

History
87 lines (65 loc) · 4.35 KB

attack-tree.md

File metadata and controls

87 lines (65 loc) · 4.35 KB

Attack Tree Analysis for bkeepers/dotenv

Objective: Obtain Sensitive Credentials

Attack Tree Visualization

                                     [[Attacker's Goal: Obtain Sensitive Credentials]]
                                                    |
                                                    |
        -------------------------------------------------------------------------
        |									|
[1.  Gain Access to .env File]				   [3.  Leverage Side Effects of dotenv]
        |									|
        |-------------------------							|
        |				       |							|
[1.1 Local File  ]   [1.2 Source Code ]					   [3.1  Accidental     ]
[   Inclusion     ]   [   Repository   ]					   [     Exposure      ]
        |				       |							|
        |				       |							|
[1.1.1 Unprotected]---HR--->[[1.2.1  Accidental]]        ---HR--->[3.1.1  Debug Mode   ]
[      Directory   ]         [       Commit    ]						[       Enabled    ]
        |
[[1.1.4 RCE/LFI on]]
[      the Server ]

Attack Tree Path: 1. Gain Access to .env File

  • 1. Gain Access to .env File

Attack Tree Path: 1.1 Local File Inclusion

*   **1.1 Local File Inclusion**

Attack Tree Path: 1.1.1 Unprotected Directory

    *   **1.1.1 Unprotected Directory**
        *   **Description:** The `.env` file is placed in a directory that is directly accessible via the web server (e.g., the web root) without proper access controls. This is a critical configuration error.
        *   **Likelihood:** Low (Should be caught in basic setup/review, but surprisingly common)
        *   **Impact:** Very High (Direct access to all credentials)
        *   **Effort:** Very Low (Just browse to the file)
        *   **Skill Level:** Novice
        *   **Detection Difficulty:** Very Easy (Obvious in server logs, file access monitoring)

Attack Tree Path: 1.1.4 RCE/LFI on the Server

    *   **1.1.4 RCE/LFI on the Server**
        *   **Description:** If attacker can execute code on the server (via Remote Code Execution or Local File Inclusion), they can simply read the file.
        *   **Likelihood:** Very Low (Requires a severe vulnerability)
        *   **Impact:** Very High
        *   **Effort:** High
        *   **Skill Level:** Advanced
        *   **Detection Difficulty:** Hard

Attack Tree Path: 1.2 Source Code Repository

*   **1.2 Source Code Repository**

Attack Tree Path: 1.2.1 Accidental Commit

    *   **1.2.1 Accidental Commit**  **(Critical Node)**
        *   **Description:** The `.env` file was accidentally committed to the source code repository (e.g., Git). This is a very common mistake and provides direct access to the credentials.
        *   **Likelihood:** Medium (Surprisingly common, especially in less experienced teams)
        *   **Impact:** Very High (Direct access to all credentials)
        *   **Effort:** Very Low (If committed, just clone the repository)
        *   **Skill Level:** Novice
        *   **Detection Difficulty:** Medium (Requires monitoring repository history, but tools can help)

Attack Tree Path: 3. Leverage Side Effects of dotenv

  • 3. Leverage Side Effects of dotenv

Attack Tree Path: 3.1 Accidental Exposure in Logs/Errors

*   **3.1 Accidental Exposure in Logs/Errors**

Attack Tree Path: 3.1.1 Debug Mode Enabled

    *   **3.1.1 Debug Mode Enabled**
        *   **Description:** The application is running in debug mode, which often leads to more verbose logging.  This can inadvertently expose environment variables in logs or error messages.
        *   **Likelihood:** Medium (Common mistake in production environments)
        *   **Impact:** High (Credentials exposed in logs)
        *   **Effort:** Very Low (Just view the logs)
        *   **Skill Level:** Novice
        *   **Detection Difficulty:** Easy (If logs are monitored)