From 4a96c46f3ed822d5f86e3b6c8b6b1f6092826550 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Tue, 21 Nov 2017 11:42:15 +0200 Subject: [PATCH] Some content and cosmetic changes --- .../cc/ui/src/components/pages/ReportPage.js | 76 +++++++++---------- monkey_island/cc/ui/src/styles/App.css | 6 ++ 2 files changed, 44 insertions(+), 38 deletions(-) diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js index 6bdb62fbc..3853ecacc 100644 --- a/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -80,23 +80,23 @@ class ReportPageComponent extends React.Component {
{/* TODO: Replace 3 with data */} - During this simulated attack the Monkey uncovered 6 issues, detailed below. The security issues uncovered included: + During this simulated attack the Monkey uncovered 6 issues, detailed below. The security issues uncovered include:
In addition, the monkey uncovered the following possible set of issues:

@@ -111,9 +111,9 @@ class ReportPageComponent extends React.Component {

{/* TODO: Replace 6,2 with data */} - During the current run, the Monkey discovered 6 machines and successfully breached 2 of them. + The Monkey discovered 6 machines and successfully breached 2 of them.
- In addition, it attempted to exploit the rest, any security software installed in the network should have picked up the attack attempts and logged them. + In addition, while attempting to exploit additional hosts , security software installed in the network should have picked up the attack attempts and logged them.
Detailed recommendations in the next part of the report.

@@ -142,7 +142,7 @@ class ReportPageComponent extends React.Component {

Issue #1

-

+

The machine Monkey-SMB with the following IP addresses 192.168.0.1 10.0.0.18 was vulnerable to a SMB attack.
The attack succeeded by authenticating over SMB protocol with user Administrator and its password. @@ -151,11 +151,11 @@ class ReportPageComponent extends React.Component {
  • Use a complex one-use password that is not shared with other computers on the network.
-

+

Issue #2

-

+

The machine Monkey-SMB2 with the following IP address 192.168.0.2 was vulnerable to a SMB attack.
The attack succeeded by using a pass-the-hash attack over SMB protocol with user temp. @@ -164,11 +164,11 @@ class ReportPageComponent extends React.Component {
  • Use a complex one-use password that is not shared with other computers on the network.
-

+

Issue #3

-

+

The machine Monkey-WMI with the following IP address 192.168.0.3 was vulnerable to a WMI attack.
The attack succeeded by authenticating over WMI protocol with user Administrator and its password. @@ -177,11 +177,11 @@ class ReportPageComponent extends React.Component {
  • Use a complex one-use password that is not shared with other computers on the network.
-

+

Issue #4

-

+

The machine Monkey-WMI2 with the following IP address 192.168.0.4 was vulnerable to a WMI attack.
The attack succeeded by using a pass-the-hash attack over WMI protocol with user Administrator. @@ -190,11 +190,11 @@ class ReportPageComponent extends React.Component {
  • Use a complex one-use password that is not shared with other computers on the network.
-

+

Issue #5

-

+

The machine Monkey-SSH with the following IP address 192.168.0.5 was vulnerable to a SSH attack.
The attack succeeded by authenticating over SSH protocol with user user and its password. @@ -203,11 +203,11 @@ class ReportPageComponent extends React.Component {
  • Use a complex one-use password that is not shared with other computers on the network.
-

+

Issue #6

-

+

The machine Monkey-RDP with the following IP address 192.168.0.6 was vulnerable to a RDP attack.
The attack succeeded by authenticating over RDP protocol with user Administrator and its password. @@ -216,11 +216,11 @@ class ReportPageComponent extends React.Component {
  • Use a complex one-use password that is not shared with other computers on the network.
-

+

Issue #7

-

+

The machine Monkey-SambaCry with the following IP address 192.168.0.7 was vulnerable to a SambaCry attack.
The attack succeeded by authenticating over SMB protocol with user user and its password, and by using the SambaCry vulnerability. @@ -230,24 +230,24 @@ class ReportPageComponent extends React.Component {
  • Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
  • Use a complex one-use password that is not shared with other computers on the network.
    • -

    +

    Issue #8

    -

    +

    The machine Monkey-Elastic with the following IP address 192.168.0.8 was vulnerable to an Elastic Groovy attack.
    - The attack succeeded because the Elastic Search server was not parched against the CVE-2015-1427 bug. + The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427.
    In order to protect the machine, the following steps should be performed:
    • Update your Elastic Search server to version 1.4.3 and up.
    -

    +

    Issue #9

    -

    +

    The machine Monkey-Shellshock with the following IP address 192.168.0.9 was vulnerable to a ShellShock attack.
    The attack succeeded because the HTTP server running on port 8080 was vulnerable to a shell injection attack on the paths: /cgi/backserver.cgi /cgi/login.cgi. @@ -256,11 +256,11 @@ class ReportPageComponent extends React.Component {
    • Update your Bash to a ShellShock-patched version.
    -

    +

    Issue #10

    -

    +

    The machine Monkey-Conficker with the following IP address 192.168.0.10 was vulnerable to a Conficker attack.
    The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to Conficker. @@ -269,40 +269,40 @@ class ReportPageComponent extends React.Component {
    • Install the latest Windows updates or upgrade to a newer operating system.
    -

    +

    Issue #11

    -

    +

    The network can probably be segmented. A monkey instance on Monkey-SMB in the 192.168.0.0/24 network could directly access the Monkey Island C&C server in the 172.168.0.0/24 network.
    In order to protect the network, the following steps should be performed:
    • Segment your network. Make sure machines can't access machines from other segments.
    -

    +

    Issue #12

    -

    +

    The network can probably be segmented. A monkey instance on Monkey-SSH in the 192.168.0.0/24 network could directly access the Monkey Island C&C server in the 172.168.0.0/24 network.
    In order to protect the network, the following steps should be performed:
    • Segment your network. Make sure machines can't access machines from other segments.
    -

    +

    Issue #13

    -

    +

    Machines are not locked down at port level. Network tunnel was set up from Monkey-SSH to Monkey-SambaCry.
    In order to protect the machine, the following steps should be performed:
    • Use micro-segmentation policies to disable communication other than the required.
    -

    +
    diff --git a/monkey_island/cc/ui/src/styles/App.css b/monkey_island/cc/ui/src/styles/App.css index fd8fbd22c..30ea8faa4 100644 --- a/monkey_island/cc/ui/src/styles/App.css +++ b/monkey_island/cc/ui/src/styles/App.css @@ -75,6 +75,12 @@ body { padding: 0.5em 1em; margin: 0.1em 0; } + + li a.report { + display: inline; + padding: 0em; + } + li a:hover { color: #000; background: #e9e9e9;