p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Improved style of recommendations

This commit is contained in:
Itay Mizeretz 2017-11-28 18:46:39 +02:00
parent 5690ddc5d7
commit 013e29b76b
2 changed files with 36 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
monkey_island/cc/ui/src/components/pages/ReportPage.js
View File

@ -76,7 +76,7 @@ class ReportPageComponent extends React.Component {
generateSmbPasswordIssue(issue) { generateSmbPasswordIssue(issue) {
return ( return (
<div> <li>
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -87,13 +87,13 @@ class ReportPageComponent extends React.Component {
The attack succeeded by authenticating over SMB protocol with user <span The attack succeeded by authenticating over SMB protocol with user <span
className="label label-success">{issue.username}</span> and its password. className="label label-success">{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateSmbPthIssue(issue) { generateSmbPthIssue(issue) {
return ( return (
<div> <li>
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -104,13 +104,13 @@ class ReportPageComponent extends React.Component {
The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span
className="label label-success">{issue.username}</span>. className="label label-success">{issue.username}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateWmiPasswordIssue(issue) { generateWmiPasswordIssue(issue) {
return ( return (
<div> <li>
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -121,13 +121,13 @@ class ReportPageComponent extends React.Component {
The attack succeeded by authenticating over WMI protocol with user <span The attack succeeded by authenticating over WMI protocol with user <span
className="label label-success">{issue.username}</span> and its password. className="label label-success">{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateWmiPthIssue(issue) { generateWmiPthIssue(issue) {
return ( return (
<div> <li>
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -138,13 +138,13 @@ class ReportPageComponent extends React.Component {
The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span
className="label label-success">{issue.username}</span>. className="label label-success">{issue.username}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateSshIssue(issue) { generateSshIssue(issue) {
return ( return (
<div> <li>
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -155,13 +155,13 @@ class ReportPageComponent extends React.Component {
The attack succeeded by authenticating over SSH protocol with user <span The attack succeeded by authenticating over SSH protocol with user <span
className="label label-success">{issue.username}</span> and its password. className="label label-success">{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateRdpIssue(issue) { generateRdpIssue(issue) {
return ( return (
<div> <li>
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -172,13 +172,13 @@ class ReportPageComponent extends React.Component {
The attack succeeded by authenticating over RDP protocol with user <span The attack succeeded by authenticating over RDP protocol with user <span
className="label label-success">{issue.username}</span> and its password. className="label label-success">{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateSambaCryIssue(issue) { generateSambaCryIssue(issue) {
return ( return (
<div> <li>
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<br/> <br/>
@ -192,13 +192,13 @@ class ReportPageComponent extends React.Component {
className="label label-success">{issue.username}</span> and its password, and by using the SambaCry className="label label-success">{issue.username}</span> and its password, and by using the SambaCry
vulnerability. vulnerability.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateElasticIssue(issue) { generateElasticIssue(issue) {
return ( return (
<div> <li>
Update your Elastic Search server to version 1.4.3 and up. Update your Elastic Search server to version 1.4.3 and up.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span
@ -207,13 +207,13 @@ class ReportPageComponent extends React.Component {
<br/> <br/>
The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427. The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateShellshockIssue(issue) { generateShellshockIssue(issue) {
return ( return (
<div> <li>
Update your Bash to a ShellShock-patched version. Update your Bash to a ShellShock-patched version.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span
@ -224,13 +224,13 @@ class ReportPageComponent extends React.Component {
className="label label-info">{issue.port}</span> was vulnerable to a shell injection attack on the className="label label-info">{issue.port}</span> was vulnerable to a shell injection attack on the
paths: {this.generateShellshockPathListBadges(issue.paths)}. paths: {this.generateShellshockPathListBadges(issue.paths)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateConfickerIssue(issue) { generateConfickerIssue(issue) {
return ( return (
<div> <li>
Install the latest Windows updates or upgrade to a newer operating system. Install the latest Windows updates or upgrade to a newer operating system.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following address <span The machine <span className="label label-primary">{issue.machine}</span> with the following address <span
@ -240,13 +240,13 @@ class ReportPageComponent extends React.Component {
The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to
Conficker. Conficker.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateCrossSegmentIssue(issue) { generateCrossSegmentIssue(issue) {
return ( return (
<div> <li>
Segment your network. Make sure machines can't access machines from other segments. Segment your network. Make sure machines can't access machines from other segments.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The network can probably be segmented. A monkey instance on <span The network can probably be segmented. A monkey instance on <span
@ -255,24 +255,24 @@ class ReportPageComponent extends React.Component {
could directly access the Monkey Island C&C server in the could directly access the Monkey Island C&C server in the
networks {this.generateInfoBadges(issue.server_networks)}. networks {this.generateInfoBadges(issue.server_networks)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateTunnelIssue(issue) { generateTunnelIssue(issue) {
return ( return (
<div> <li>
Use micro-segmentation policies to disable communication other than the required. Use micro-segmentation policies to disable communication other than the required.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Machines are not locked down at port level. Network tunnel was set up from <span Machines are not locked down at port level. Network tunnel was set up from <span
className="label label-primary">{issue.machine}</span> to <span className="label label-primary">{issue.machine}</span> to <span
className="label label-primary">{issue.dest}</span>. className="label label-primary">{issue.dest}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</div> </li>
); );
} }
generateIssue = (issue, index) => { generateIssue = (issue) => {
let data; let data;
switch (issue.type) { switch (issue.type) {
case 'smb_password': case 'smb_password':
@ -312,23 +312,22 @@ class ReportPageComponent extends React.Component {
data = this.generateTunnelIssue(issue); data = this.generateTunnelIssue(issue);
break; break;
} }
return ( return data;
<div>
<h5><b><i>Recommendation #{index + 1}</i></b></h5>
{data}
</div>
);
}; };
generateIssues = (issues) => { generateIssues = (issues) => {
let issuesDivArray = []; let issuesDivArray = [];
for (var machine of Object.keys(issues)) { for (var machine of Object.keys(issues)) {
issuesDivArray.push( issuesDivArray.push(
<h4><b>{machine}</b></h4> <li>
<h4><b>{machine}</b></h4>
<ol>
{issues[machine].map(this.generateIssue)}
</ol>
</li>
); );
issuesDivArray.push(issues[machine].map(this.generateIssue));
} }
return issuesDivArray; return <ul>{issuesDivArray}</ul>;
}; };
render() { render() {

6
monkey_island/cc/ui/src/components/report-components/CollapsibleWell.js
View File

@ -1,5 +1,5 @@
import React from 'react'; import React from 'react';
import {Collapse, Well} from 'react-bootstrap'; import {Button, Collapse, Well} from 'react-bootstrap';
class CollapsibleWellComponent extends React.Component { class CollapsibleWellComponent extends React.Component {
constructor(props) { constructor(props) {
@ -20,9 +20,9 @@ class CollapsibleWellComponent extends React.Component {
return ( return (
<div> <div>
<div className="no-print"> <div className="no-print">
<a onClick={() => this.setState({open: !this.state.open})}> <Button onClick={() => this.setState({open: !this.state.open})} bsStyle="link">
Read More... Read More...
</a> </Button>
<Collapse in={this.state.open}> <Collapse in={this.state.open}>
<div> <div>
{well} {well}