localConnect on executor from executee

mal-lang / coreLang

A probabilistic attack simulation language for the (abstract) IT domain

https://mal-lang.org/coreLang/

Other

10 stars 12 forks source link

localConnect on executor from executee #25

Closed skatsikeas closed 3 years ago

skatsikeas commented 3 years ago

Having access on an Application should always lead to localConnect on the executor Application?

Right now, this only happens when fullAccess on Application is achieved (and not with specificAccess). Should it happen even with specificAccess? This should be discussed.

skatsikeas commented 3 years ago

The proposed solution to this is to be able (from the executed Applications) to exploit the localConnectVulnerabilites of the executor Application.

The reason of not having localConnect on the executor Application is because this would allow the attacker to authenticate on the executor Application if having proper Credentials.

This was implemented on https://github.com/mal-lang/coreLang/commit/5d59c712fce2a3df39de77880a0d0e669eb6d766