digital-forensics-labs/digital-forensics-lab
1
0
Fork 0
mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-02-21 19:27:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
digital-forensics-lab/Log4JShell/attack_steps.svg
Frank Xu 3403e8fe87 working in progress Log4J attack and forensics
2023-09-18 10:21:15 -04:00

98 lines
6.5 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><!-- Generated by graphviz version 2.40.1 (20161225.0304)
--><!-- Title: Log4ShellAttack Pages: 1 --><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="989pt" height="123pt" viewBox="0.00 0.00 989.33 123.00">
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 119)">
<title>Log4ShellAttack</title>
<polygon fill="#ffffff" stroke="transparent" points="-4,4 -4,-119 985.3312,-119 985.3312,4 -4,4"/>
<g id="clust1" class="cluster">
<title>cluster_steps</title>
<polygon fill="none" stroke="#000000" stroke-dasharray="1,5" points="8,-8 8,-107 973.3312,-107 973.3312,-8 8,-8"/>
<text text-anchor="middle" x="490.6656" y="-90.4" font-family="Times,serif" font-size="14.00" fill="#000000">Log4Shell Attack Steps</text>
</g>
<!-- VulnerableSystem -->
<g id="node1" class="node">
<title>VulnerableSystem</title>
<polygon fill="none" stroke="#000000" points="138.8728,-65.6019 16.0424,-65.6019 16.0424,-24.3981 138.8728,-24.3981 138.8728,-65.6019"/>
<text text-anchor="middle" x="77.4576" y="-49.2" font-family="Times,serif" font-size="14.00" fill="#000000">1. Identify</text>
<text text-anchor="middle" x="77.4576" y="-32.4" font-family="Times,serif" font-size="14.00" fill="#000000">Vulnerable System</text>
</g>
<!-- ExploitVulnerability -->
<g id="node2" class="node">
<title>ExploitVulnerability</title>
<polygon fill="none" stroke="#000000" points="265.39,-65.6019 175.0898,-65.6019 175.0898,-24.3981 265.39,-24.3981 265.39,-65.6019"/>
<text text-anchor="middle" x="220.2399" y="-49.2" font-family="Times,serif" font-size="14.00" fill="#000000">2. Exploit</text>
<text text-anchor="middle" x="220.2399" y="-32.4" font-family="Times,serif" font-size="14.00" fill="#000000">Vulnerability</text>
</g>
<!-- VulnerableSystem&#45;&gt;ExploitVulnerability -->
<g id="edge1" class="edge">
<title>VulnerableSystem-&gt;ExploitVulnerability</title>
<path fill="none" stroke="#000000" d="M139.2536,-45C147.6265,-45 156.1788,-45 164.4384,-45"/>
<polygon fill="#000000" stroke="#000000" points="164.7085,-48.5001 174.7085,-45 164.7085,-41.5001 164.7085,-48.5001"/>
</g>
<!-- ProcessPayload -->
<g id="node3" class="node">
<title>ProcessPayload</title>
<polygon fill="none" stroke="#000000" points="421.9542,-65.6019 301.7676,-65.6019 301.7676,-24.3981 421.9542,-24.3981 421.9542,-65.6019"/>
<text text-anchor="middle" x="361.8609" y="-49.2" font-family="Times,serif" font-size="14.00" fill="#000000">3. Process</text>
<text text-anchor="middle" x="361.8609" y="-32.4" font-family="Times,serif" font-size="14.00" fill="#000000">Malicious Payload</text>
</g>
<!-- ExploitVulnerability&#45;&gt;ProcessPayload -->
<g id="edge2" class="edge">
<title>ExploitVulnerability-&gt;ProcessPayload</title>
<path fill="none" stroke="#000000" d="M265.439,-45C273.7908,-45 282.6919,-45 291.5819,-45"/>
<polygon fill="#000000" stroke="#000000" points="291.5843,-48.5001 301.5843,-45 291.5842,-41.5001 291.5843,-48.5001"/>
</g>
<!-- RemoteCodeExecution -->
<g id="node4" class="node">
<title>RemoteCodeExecution</title>
<polygon fill="none" stroke="#000000" points="564.5553,-65.6019 458.3573,-65.6019 458.3573,-24.3981 564.5553,-24.3981 564.5553,-65.6019"/>
<text text-anchor="middle" x="511.4563" y="-49.2" font-family="Times,serif" font-size="14.00" fill="#000000">4. Remote Code</text>
<text text-anchor="middle" x="511.4563" y="-32.4" font-family="Times,serif" font-size="14.00" fill="#000000">Execution</text>
</g>
<!-- ProcessPayload&#45;&gt;RemoteCodeExecution -->
<g id="edge3" class="edge">
<title>ProcessPayload-&gt;RemoteCodeExecution</title>
<path fill="none" stroke="#000000" d="M422.2759,-45C430.6928,-45 439.3622,-45 447.8359,-45"/>
<polygon fill="#000000" stroke="#000000" points="448.0446,-48.5001 458.0446,-45 448.0445,-41.5001 448.0446,-48.5001"/>
</g>
<!-- PrivilegeEscalation -->
<g id="node5" class="node">
<title>PrivilegeEscalation</title>
<polygon fill="none" stroke="#000000" points="681.073,-65.6019 600.982,-65.6019 600.982,-24.3981 681.073,-24.3981 681.073,-65.6019"/>
<text text-anchor="middle" x="641.0275" y="-49.2" font-family="Times,serif" font-size="14.00" fill="#000000">5. Privilege</text>
<text text-anchor="middle" x="641.0275" y="-32.4" font-family="Times,serif" font-size="14.00" fill="#000000">Escalation</text>
</g>
<!-- RemoteCodeExecution&#45;&gt;PrivilegeEscalation -->
<g id="edge4" class="edge">
<title>RemoteCodeExecution-&gt;PrivilegeEscalation</title>
<path fill="none" stroke="#000000" d="M564.9059,-45C573.4302,-45 582.2248,-45 590.6743,-45"/>
<polygon fill="#000000" stroke="#000000" points="590.7683,-48.5001 600.7683,-45 590.7683,-41.5001 590.7683,-48.5001"/>
</g>
<!-- ExfiltrationOrExploitation -->
<g id="node6" class="node">
<title>ExfiltrationOrExploitation</title>
<polygon fill="none" stroke="#000000" points="847.1934,-74.4014 717.335,-74.4014 717.335,-15.5986 847.1934,-15.5986 847.1934,-74.4014"/>
<text text-anchor="middle" x="782.2642" y="-57.6" font-family="Times,serif" font-size="14.00" fill="#000000">6. Data</text>
<text text-anchor="middle" x="782.2642" y="-40.8" font-family="Times,serif" font-size="14.00" fill="#000000">Exfiltration or</text>
<text text-anchor="middle" x="782.2642" y="-24" font-family="Times,serif" font-size="14.00" fill="#000000">Further Exploitation</text>
</g>
<!-- PrivilegeEscalation&#45;&gt;ExfiltrationOrExploitation -->
<g id="edge5" class="edge">
<title>PrivilegeEscalation-&gt;ExfiltrationOrExploitation</title>
<path fill="none" stroke="#000000" d="M681.1225,-45C689.2996,-45 698.1528,-45 707.1037,-45"/>
<polygon fill="#000000" stroke="#000000" points="707.2203,-48.5001 717.2202,-45 707.2202,-41.5001 707.2203,-48.5001"/>
</g>
<!-- CoveringTracks -->
<g id="node7" class="node">
<title>CoveringTracks</title>
<polygon fill="none" stroke="#000000" points="965.3825,-65.6019 883.1775,-65.6019 883.1775,-24.3981 965.3825,-24.3981 965.3825,-65.6019"/>
<text text-anchor="middle" x="924.28" y="-49.2" font-family="Times,serif" font-size="14.00" fill="#000000">7. Covering</text>
<text text-anchor="middle" x="924.28" y="-32.4" font-family="Times,serif" font-size="14.00" fill="#000000">Tracks</text>
</g>
<!-- ExfiltrationOrExploitation&#45;&gt;CoveringTracks -->
<g id="edge6" class="edge">
<title>ExfiltrationOrExploitation-&gt;CoveringTracks</title>
<path fill="none" stroke="#000000" d="M847.453,-45C855.9638,-45 864.5869,-45 872.8287,-45"/>
<polygon fill="#000000" stroke="#000000" points="873.0273,-48.5001 883.0273,-45 873.0273,-41.5001 873.0273,-48.5001"/>
</g>
</g>
</svg>
Reference in New Issue View Git Blame Copy Permalink