You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The principalmapper/querying/presetsprivesc.py can_privesc() method only returns one edge_list (the first one that it finds). This makes sense if only checking if privileges can be escalated. However, it is also called in principalmapper/analysis/find_risks.py and principalmapper/visualizing/graphviz_writer.py to get privilege escalation findings. As it is now, if one role can escalate to five other roles, only the first is returned; the other four are not reported as findings. Is this intentional?
The fix is relatively simple. Add a new method as below and make minor changes to the calling code to handle the extra returned findings:
def get_privesc(graph: Graph, node: Node) -> (bool, List[List[Edge]]):
"""Method for determining if a given Node in a Graph can escalate privileges.
Returns a bool, List[Edge] tuple. The bool indicates if there is a privesc risk, and the List[Edge] component
describes the path of edges the node would have to take to gain access to the admin node.
"""
edge_lists = get_search_list(graph, node)
searched_nodes = []
found_edge_lists = []
for edge_list in edge_lists:
# check if the node at the end of the list has been looked at yet, skip if so
end_of_list = edge_list[-1].destination
if end_of_list in searched_nodes:
continue
# add end of list to the searched nodes and do the privesc check
searched_nodes.append(end_of_list)
if end_of_list.is_admin:
found_edge_lists.append(edge_list)
if len(found_edge_lists) > 0:
return True, found_edge_lists
return False, None
Question
The
principalmapper/querying/presetsprivesc.py can_privesc()
method only returns one edge_list (the first one that it finds). This makes sense if only checking if privileges can be escalated. However, it is also called inprincipalmapper/analysis/find_risks.py
andprincipalmapper/visualizing/graphviz_writer.py
to get privilege escalation findings. As it is now, if one role can escalate to five other roles, only the first is returned; the other four are not reported as findings. Is this intentional?The fix is relatively simple. Add a new method as below and make minor changes to the calling code to handle the extra returned findings:
Did the Wiki Have an Answer?
If https://github.com/nccgroup/PMapper/wiki does not have an answer, please suggest where to put one.
The text was updated successfully, but these errors were encountered: