Improved unauthorized access false positive on edge case (where user is running using https & 127.0.0.1 & needed certificates)

2026-05-13 04:36:58 +00:00 · 2018-10-07 17:16:07 +03:00
parent a67e6a57c3
commit c200fcc416
1 changed files with 13 additions and 3 deletions
--- a/src/modules/hunting/etcd.py
+++ b/src/modules/hunting/etcd.py
@@ -125,8 +125,18 @@ class etcdRemoteAccess(Hunter):
            return True
        return False

+    def unauthorized_access(self):
+        logging.debug(self.event.host)
+        logging.debug("Passive hunter is attempting to access etcd without authorization")
+        r_not_secure = "http://{host}:{port}/version".format(host=self.event.host, port=2379)
+        res = helperFuncDo2Requests(r_not_secure, r_not_secure)# We dont have to do 2 requests this time
+        if res:
+            self.publish_event(etcdAccessEnabledWithoutAuthEvent(res.content))
+            return True
+        return False
+
    def execute(self):
-        if (self.version_disclosure()):
-            self.publish_event(etcdAccessEnabledWithoutAuthEvent(self.no_auth_evidence))  # if version is accessible we can publish "no auth event".
+        if self.version_disclosure():
+            self.unauthorized_access()
            self.db_keys_disclosure()
-            self.db_keys_write_access()
+            self.db_keys_write_access()