CAPEC-643: Identify Shared Files/Directories on System

Detailed Draft 严重程度: Medium 攻击可能性: Medium

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.

前提条件

The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).

所需技能

Low Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line. The adversary, or their malware, can simply employ a set of commands that search for shared drives on the system (e.g., net view \\remote system or net share).

所需资源

None: No specialized resources are required to execute this type of attack.

后果影响

影响范围: Confidentiality

技术影响: Read Data

说明: The adversary is potentially able to identify the location of sensitive information or lateral pathways through the network.

缓解措施

Identify unnecessary system utilities or potentially malicious software that may contain functionality to identify network share information, and audit and/or block them by using allowlist tools.

分类映射

分类名称	条目ID	条目名称
ATTACK	1135	Network Share Discovery

关键信息

CAPEC ID: CAPEC-643

抽象级别: Detailed

状态: Draft

典型严重程度: Medium

攻击可能性: Medium

CAPEC-643: Identify Shared Files/Directories on System

攻击模式描述

前提条件

所需技能

所需资源

后果影响

缓解措施

分类映射

关键信息

相关攻击模式

相关CWE弱点

CAPEC-643: Identify Shared Files/Directories on System

攻击模式描述

前提条件

所需技能

所需资源

后果影响

缓解措施

分类映射

关键信息

相关攻击模式

ChildOf CAPEC-309

CanPrecede CAPEC-561

CanPrecede CAPEC-545

CanPrecede CAPEC-165

相关CWE弱点