This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.
Description
Attack Execution Flow
2
1
Step 1
Explore[Identify attacker-writable terminals] Determine if users TTYs are writable by the attacker.
Determine the permissions for the TTYs found on the system. Any that allow user write to the TTY may be vulnerable.
Attempt to write to other user TTYs. This approach could leave a trail or alert a user.
AI Translation
[Identifica terminal scrivibili dall'attaccante] Determina se i TTY degli utenti sono scrivibili dall'attaccante.
Verifica i permessi dei TTY trovati sul sistema. Qualsiasi TTY che consenta la scrittura da parte dell'utente potrebbe essere vulnerabile.
Prova a scrivere su altri TTY degli utenti. Questo metodo potrebbe lasciare tracce o allertare un utente.
Attack Techniques
-
Determine the permissions for the TTYs found on the system. Any that allow user write to the TTY may be vulnerable.
-
Attempt to write to other user TTYs. This approach could leave a trail or alert a user.IT: Determina i permessi per i TTY presenti sul sistema. Quali consentono all'utente di scrivere sul TTY potrebbero essere vulnerabili.
2
Step 2
Exploit[Execute malicious commands] Using one or more vulnerable TTY, execute commands to achieve various impacts.
Commands that allow reading or writing end user files can be executed.
AI Translation
[Esecuzione di comandi dannosi] Utilizzando uno o più TTY vulnerabili, eseguire comandi per ottenere vari impatti.
È possibile eseguire comandi che consentono di leggere o scrivere file dell'utente finale.
Attack Techniques
-
Commands that allow reading or writing end user files can be executed.
Mitigations
2
Design: Enforce Principle Of Least Privilege
Design: Ensure That Terminals Are Only Writeable By Named Owner User And/Or Administrator
Consequences
Security Scopes Affected
Access Control
Authorization
Availability
Confidentiality
Integrity
Potential Impacts
Execute Unauthorized Commands
Gain Privileges
Read Data
Relationships
Parent CAPECs
Resources Required
1
Access to a terminal on the target network