mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
29 lines
956 B
YAML
29 lines
956 B
YAML
id: rw-hosts-file
|
|
|
|
info:
|
|
name: /etc/hosts File Read/Write Check
|
|
author: songyaeji
|
|
severity: high
|
|
description: |
|
|
The /etc/hosts file was writable by non-root users, allowing attackers to register malicious DNS mappings and redirect legitimate domains (pharming attacks). This check verified that /etc/hosts was owned by root and had appropriate permissions.
|
|
reference:
|
|
- https://isms.kisa.or.kr/main/csap/notice/
|
|
metadata:
|
|
verified: true
|
|
tags: local,linux,hosts,file,audit,kisa
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
stat -c "%U %G %a" /etc/hosts 2>/dev/null || echo "not-found"
|
|
|
|
matchers:
|
|
- type: regex
|
|
part: response
|
|
regex:
|
|
- '^root\s+root\s+(600|644)$'
|
|
# digest: 4a0a00473045022017a5a0e8603f419052c28b1a4247cf2ad1427ed06e840c85cb976599aba89ac50221009d55c0bde34158f8e63bfd6c2a090e801dd4271f75947ef4ad2d9baa133294ab:922c64590222798bb761d5b6d8e72950 |