diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js
index 6bdb62fbc..3853ecacc 100644
--- a/monkey_island/cc/ui/src/components/pages/ReportPage.js
+++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js
@@ -80,23 +80,23 @@ class ReportPageComponent extends React.Component {
{/* TODO: Replace 3 with data */}
- During this simulated attack the Monkey uncovered
6 issues, detailed below. The security issues uncovered included:
+ During this simulated attack the Monkey uncovered
6 issues, detailed below. The security issues uncovered include:
{/* TODO: Replace lis with data */}
- - Weak user/passwords combinations.
- - Stolen passwords/hashes used to exploit other machines.
- - Elastic Search servers not patched for CVE-2015-1427 bug.
- - Samba servers not patched for ‘SambaCry’ bug.
- - Machines not patched for the ‘Shellshock’ bug.
- - Machines not patched for the ‘Conficker’ bug.
+ - Users with weak passwords.
+ - Stolen passwords/hashes were used to exploit other machines.
+ - Elastic Search servers not patched for CVE-2015-1427.
+ - Samba servers not patched for ‘SambaCry’ (CVE-2017-7494).
+ - Machines not patched for the ‘Shellshock’ (CVE-2014-6271).
+ - Machines not patched for the ‘Conficker’ (MS08-067).
In addition, the monkey uncovered the following possible set of issues:
{/* TODO: Replace lis with data */}
- - Machines freely accessed the Monkey Island despite being on different networks.
- - Machines are not locked down at port level, tunnels between network segments were setup successfully.
+ - Possible cross segment traffic. Infected machines could communicate with the Monkey Island despite crossing segment boundaries using unused ports.
+ - Lack of port level segmentation, machines successfully tunneled monkey activity using unused ports.
@@ -111,9 +111,9 @@ class ReportPageComponent extends React.Component {
{/* TODO: Replace 6,2 with data */}
- During the current run, the Monkey discovered 6 machines and successfully breached 2 of them.
+ The Monkey discovered 6 machines and successfully breached 2 of them.
- In addition, it attempted to exploit the rest, any security software installed in the network should have picked up the attack attempts and logged them.
+ In addition, while attempting to exploit additional hosts , security software installed in the network should have picked up the attack attempts and logged them.
Detailed recommendations in the next part of the report.
@@ -142,7 +142,7 @@ class ReportPageComponent extends React.Component {
Issue #1
-
+
The machine
Monkey-SMB with the following IP addresses
192.168.0.1 10.0.0.18 was vulnerable to a
SMB attack.
The attack succeeded by authenticating over SMB protocol with user
Administrator and its password.
@@ -151,11 +151,11 @@ class ReportPageComponent extends React.Component {
- Use a complex one-use password that is not shared with other computers on the network.
-
+
Issue #2
-
+
The machine
Monkey-SMB2 with the following IP address
192.168.0.2 was vulnerable to a
SMB attack.
The attack succeeded by using a pass-the-hash attack over SMB protocol with user
temp.
@@ -164,11 +164,11 @@ class ReportPageComponent extends React.Component {
- Use a complex one-use password that is not shared with other computers on the network.
-
+
Issue #3
-
+
The machine
Monkey-WMI with the following IP address
192.168.0.3 was vulnerable to a
WMI attack.
The attack succeeded by authenticating over WMI protocol with user
Administrator and its password.
@@ -177,11 +177,11 @@ class ReportPageComponent extends React.Component {
- Use a complex one-use password that is not shared with other computers on the network.
-
+
Issue #4
-
+
The machine
Monkey-WMI2 with the following IP address
192.168.0.4 was vulnerable to a
WMI attack.
The attack succeeded by using a pass-the-hash attack over WMI protocol with user
Administrator.
@@ -190,11 +190,11 @@ class ReportPageComponent extends React.Component {
- Use a complex one-use password that is not shared with other computers on the network.
-
+
Issue #5
-
+
The machine
Monkey-SSH with the following IP address
192.168.0.5 was vulnerable to a
SSH attack.
The attack succeeded by authenticating over SSH protocol with user
user and its password.
@@ -203,11 +203,11 @@ class ReportPageComponent extends React.Component {
- Use a complex one-use password that is not shared with other computers on the network.
-
+
Issue #6
-
+
The machine
Monkey-RDP with the following IP address
192.168.0.6 was vulnerable to a
RDP attack.
The attack succeeded by authenticating over RDP protocol with user
Administrator and its password.
@@ -216,11 +216,11 @@ class ReportPageComponent extends React.Component {
- Use a complex one-use password that is not shared with other computers on the network.
-
+
Issue #7
-
+
The machine Monkey-SambaCry with the following IP address 192.168.0.7 was vulnerable to a SambaCry attack.
The attack succeeded by authenticating over SMB protocol with user user and its password, and by using the SambaCry vulnerability.
@@ -230,24 +230,24 @@ class ReportPageComponent extends React.Component {
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
Use a complex one-use password that is not shared with other computers on the network.
-
+
Issue #8
-
+
The machine
Monkey-Elastic with the following IP address
192.168.0.8 was vulnerable to an
Elastic Groovy attack.
- The attack succeeded because the Elastic Search server was not parched against the CVE-2015-1427 bug.
+ The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427.
In order to protect the machine, the following steps should be performed:
- Update your Elastic Search server to version 1.4.3 and up.
-
+
Issue #9
-
+
The machine
Monkey-Shellshock with the following IP address
192.168.0.9 was vulnerable to a
ShellShock attack.
The attack succeeded because the HTTP server running on port
8080 was vulnerable to a shell injection attack on the paths:
/cgi/backserver.cgi /cgi/login.cgi.
@@ -256,11 +256,11 @@ class ReportPageComponent extends React.Component {
- Update your Bash to a ShellShock-patched version.
-
+
Issue #10
-
+
The machine
Monkey-Conficker with the following IP address
192.168.0.10 was vulnerable to a
Conficker attack.
The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to Conficker.
@@ -269,40 +269,40 @@ class ReportPageComponent extends React.Component {
- Install the latest Windows updates or upgrade to a newer operating system.
-
+
Issue #11
-
+
The network can probably be segmented. A monkey instance on
Monkey-SMB in the
192.168.0.0/24 network could directly access the Monkey Island C&C server in the
172.168.0.0/24 network.
In order to protect the network, the following steps should be performed:
- Segment your network. Make sure machines can't access machines from other segments.
-
+
Issue #12
-
+
The network can probably be segmented. A monkey instance on
Monkey-SSH in the
192.168.0.0/24 network could directly access the Monkey Island C&C server in the
172.168.0.0/24 network.
In order to protect the network, the following steps should be performed:
- Segment your network. Make sure machines can't access machines from other segments.
-
+
Issue #13
-
+
Machines are not locked down at port level. Network tunnel was set up from
Monkey-SSH to
Monkey-SambaCry.
In order to protect the machine, the following steps should be performed:
- Use micro-segmentation policies to disable communication other than the required.
-
+
diff --git a/monkey_island/cc/ui/src/styles/App.css b/monkey_island/cc/ui/src/styles/App.css
index fd8fbd22c..30ea8faa4 100644
--- a/monkey_island/cc/ui/src/styles/App.css
+++ b/monkey_island/cc/ui/src/styles/App.css
@@ -75,6 +75,12 @@ body {
padding: 0.5em 1em;
margin: 0.1em 0;
}
+
+ li a.report {
+ display: inline;
+ padding: 0em;
+ }
+
li a:hover {
color: #000;
background: #e9e9e9;