From 5649fa7043c911d59791b77cfe0175d13aba1848 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Sun, 24 Dec 2017 18:34:18 +0200 Subject: [PATCH] Content improvements --- .../cc/ui/src/components/pages/ReportPage.js | 103 +++++++++--------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js index b476b3faa..b55246874 100644 --- a/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -99,8 +99,8 @@ class ReportPageComponent extends React.Component { Change {issue.username}'s password to a complex one-use password that is not shared with other computers on the network. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SMB attack.
The attack succeeded by authenticating over SMB protocol with user {issue.username}'s password to a complex one-use password that is not shared with other computers on the network. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SMB attack.
The attack succeeded by using a pass-the-hash attack over SMB protocol with user {issue.username}'s password to a complex one-use password that is not shared with other computers on the network. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a WMI attack.
The attack succeeded by authenticating over WMI protocol with user {issue.username}'s password to a complex one-use password that is not shared with other computers on the network. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a WMI attack.
The attack succeeded by using a pass-the-hash attack over WMI protocol with user {issue.username}'s password to a complex one-use password that is not shared with other computers on the network. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SSH attack.
The attack succeeded by authenticating over SSH protocol with user {issue.username}'s password to a complex one-use password that is not shared with other computers on the network. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a RDP attack.
The attack succeeded by authenticating over RDP protocol with user Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SambaCry attack.
The attack succeeded by authenticating over SMB protocol with user Update your Elastic Search server to version 1.4.3 and up. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to an {issue.machine} ({issue.ip_address}) is vulnerable to an Elastic Groovy attack.
- The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427. + The attack succeeded because the Elastic Search server is not patched against CVE-2015-1427. ); @@ -235,12 +235,12 @@ class ReportPageComponent extends React.Component {
  • Update your Bash to a ShellShock-patched version. - The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a ShellShock attack.
    - The attack succeeded because the HTTP server running on port {issue.port} was vulnerable to a shell injection attack on the + The attack succeeded because the HTTP server running on TCP port {issue.port} is vulnerable to a shell injection attack on the paths: {this.generateShellshockPathListBadges(issue.paths)}.
    • @@ -252,8 +252,8 @@ class ReportPageComponent extends React.Component {
  • Install the latest Windows updates or upgrade to a newer operating system. - The machine {issue.machine} with the following address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a Conficker attack.
    The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to @@ -266,7 +266,7 @@ class ReportPageComponent extends React.Component { generateCrossSegmentIssue(issue) { return (
  • - Segment your network. Make sure machines can't access machines from other segments. + Segment your network and make sure there is no communication between machines from different segments. The network can probably be segmented. A monkey instance on {issue.machine} in the @@ -437,18 +437,19 @@ class ReportPageComponent extends React.Component { { this.state.report.overview.config_users.length > 0 ?

    - Users to try: + Usernames used for brute-forcing:

      {this.state.report.overview.config_users.map(x =>
    • {x}
      • )}
    - Passwords to try: + Passwords used for brute-forcing:
      {this.state.report.overview.config_passwords.map(x =>
    • {x.substr(0, 3) + '******'}
      • )}

    :

    - No Users and Passwords were provided for the monkey. + Brute forcing uses stolen credentials only. No credentials were supplied during Monkey’s + configuration.

    } { @@ -458,7 +459,7 @@ class ReportPageComponent extends React.Component { '' :

    - Used the following exploit methods: + The Monkey uses the following exploit methods:

      {this.state.report.overview.config_exploits.map(x =>
    • {x}
      • )}
    @@ -466,13 +467,13 @@ class ReportPageComponent extends React.Component { ) :

    - Don't use any exploit. + No exploits are used by the Monkey.

    } { this.state.report.overview.config_ips.length > 0 ?

    - Scan the following IPs: + The Monkey scans the following IPs:

      {this.state.report.overview.config_ips.map(x =>
    • {x}
      • )}
    @@ -485,7 +486,7 @@ class ReportPageComponent extends React.Component { '' :

    - Monkeys were configured to avoid scanning of the local network. + Note: Monkeys were configured to avoid scanning of the local network.

    } @@ -508,26 +509,27 @@ class ReportPageComponent extends React.Component { return x === true; }).length} issues:
      - {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? -
    • Users with passwords supplied in config.
      • : null} {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ? -
    • Stolen credentials were used to exploit other machines.
      • : null} +
    • Stolen credentials are used to exploit other machines.
      • : null} {this.state.report.overview.issues[this.Issue.ELASTIC] ? -
    • Elastic Search servers not patched for Elasticsearch servers are vulnerable to CVE-2015-1427.
      • : null} {this.state.report.overview.issues[this.Issue.SAMBACRY] ? -
    • Samba servers not patched for ‘SambaCry’ (Samba servers are vulnerable to ‘SambaCry’ (CVE-2017-7494).
      • : null} {this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? -
    • Machines not patched for the ‘Shellshock’ (Machines are vulnerable to ‘Shellshock’ (CVE-2014-6271).
      • : null} {this.state.report.overview.issues[this.Issue.CONFICKER] ? -
    • Machines not patched for the ‘Conficker’ (Machines are vulnerable to ‘Conficker’ (MS08-067).
      • : null} + {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? +
    • Machines are accessible using passwords supplied by the user during the Monkey’s + configuration.
      • : null}
    : @@ -539,26 +541,25 @@ class ReportPageComponent extends React.Component {

    - Security Issues + Potential Security Issues

    { this.state.report.overview.warnings.filter(function (x) { return x === true; }).length > 0 ?
    - The monkey uncovered the following possible set of issues: + The Monkey uncovered the following possible set of issues:
      {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? -
    • Possible cross segment traffic. Infected machines could communicate with the - Monkey Island despite crossing segment boundaries using unused ports.
      • : null} +
    • Weak segmentation - Machines from different segments are able to + communicate.
      • : null} {this.state.report.overview.warnings[this.Warning.TUNNEL] ? -
    • Lack of machine hardening, machines successfully tunneled monkey traffic - using unused ports.
      • : null} +
    • Lack of machine hardening, machines successfully tunneled monkey traffic using unused ports.
      • : null}
    :
    - The monkey did not find any issues. + The Monkey did not find any issues.
    }
    @@ -585,7 +586,7 @@ class ReportPageComponent extends React.Component { { this.state.report.glance.exploited.length > 0 ?

    - In addition, while attempting to exploit additional hosts , security software installed in the + In addition, while attempting to exploit additional hosts, security software installed in the network should have picked up the attack attempts and logged them.

    : @@ -603,13 +604,13 @@ class ReportPageComponent extends React.Component {

    Legend: - Exploit + Exploit | - Scan + Scan | - Tunnel + Tunnel | - Island Communication + Island Communication
    @@ -628,7 +629,7 @@ class ReportPageComponent extends React.Component { For questions, suggestions or any other feedback contact: labs@guardicore.com
    labs@guardicore.com
    - GuardiCore + GuardiCore