Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-165:File Manipulation
Attack Pattern ID:165
Version:v3.9
Attack Pattern Name:File Manipulation
Abstraction:Meta
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An attacker modifies file contents or attributes (such as extensions or names) of files in a manner to cause incorrect processing by an application. Attackers use this class of attacks to cause applications to enter unstable states, overwrite or expose sensitive information, and even execute arbitrary code with the application's privileges. This class of attacks differs from attacks on configuration information (even if file-based) in that file manipulation causes the file processing to result in non-standard behaviors, such as buffer overflows or use of the incorrect interpreter. Configuration attacks rely on the application interpreting files correctly in order to insert harmful configuration information. Likewise, resource location attacks rely on controlling an application's ability to locate files, whereas File Manipulation attacks do not require the application to look in a non-default location, although the two classes of attacks are often combined.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ParentOfS73User-Controlled Filename
ParentOfS572Artificially Inflate File Sizes
ParentOfS635Alternative Execution Due to Deceptive Filenames
ParentOfS636Hiding Malicious Data or Code within Files
CanFollowS23File Content Injection
CanFollowD561Windows Admin Shares with Stolen Credentials
CanFollowD643Identify Shared Files/Directories on System
CanFollowD644Use of Captured Hashes (Pass The Hash)
Nature: ParentOf
Type: Standard
ID: 73
Name: User-Controlled Filename
Nature: ParentOf
Type: Standard
ID: 572
Name: Artificially Inflate File Sizes
Nature: ParentOf
Type: Standard
ID: 635
Name: Alternative Execution Due to Deceptive Filenames
Nature: ParentOf
Type: Standard
ID: 636
Name: Hiding Malicious Data or Code within Files
Nature: CanFollow
Type: Standard
ID: 23
Name: File Content Injection
Nature: CanFollow
Type: Detailed
ID: 561
Name: Windows Admin Shares with Stolen Credentials
Nature: CanFollow
Type: Detailed
ID: 643
Name: Identify Shared Files/Directories on System
Nature: CanFollow
Type: Detailed
ID: 644
Name: Use of Captured Hashes (Pass The Hash)
▼Execution Flow
▼Prerequisites
The target must use the affected file without verifying its integrity.
▼Skills Required
▼Resources Required
None: No specialized resources are required to execute this type of attack. In some cases, tools can be used to better control the response of the targeted application to the modified file.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1036.003Masquerading: Rename System Utilities
Taxonomy Name: ATTACK
Entry ID: 1036.003
Entry Name: Masquerading: Rename System Utilities
▼Notes
▼References
Details not found