Island: Remove ShellShock Exploiter
This commit is contained in:
parent
64b900b94d
commit
60d16ea4d6
|
@ -18,7 +18,6 @@ BASIC = {
|
||||||
"WmiExploiter",
|
"WmiExploiter",
|
||||||
"SSHExploiter",
|
"SSHExploiter",
|
||||||
"Log4ShellExploiter",
|
"Log4ShellExploiter",
|
||||||
"ShellShockExploiter",
|
|
||||||
"ElasticGroovyExploiter",
|
"ElasticGroovyExploiter",
|
||||||
"Struts2Exploiter",
|
"Struts2Exploiter",
|
||||||
"WebLogicExploiter",
|
"WebLogicExploiter",
|
||||||
|
|
|
@ -53,16 +53,6 @@ EXPLOITER_CLASSES = {
|
||||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
|
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
|
||||||
"/exploiters/sshexec/",
|
"/exploiters/sshexec/",
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"type": "string",
|
|
||||||
"enum": ["ShellShockExploiter"],
|
|
||||||
"title": "ShellShock Exploiter",
|
|
||||||
"safe": True,
|
|
||||||
"info": "CVE-2014-6271, based on logic from "
|
|
||||||
"https://github.com/nccgroup/shocker/blob/master/shocker.py .",
|
|
||||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
|
|
||||||
"/shellshock/",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"enum": ["ElasticGroovyExploiter"],
|
"enum": ["ElasticGroovyExploiter"],
|
||||||
|
|
|
@ -68,7 +68,6 @@ class AWSExporter(Exporter):
|
||||||
CredentialType.PASSWORD.value: AWSExporter._handle_ssh_issue,
|
CredentialType.PASSWORD.value: AWSExporter._handle_ssh_issue,
|
||||||
CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue,
|
CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue,
|
||||||
},
|
},
|
||||||
ExploiterDescriptorEnum.SHELLSHOCK.value.class_name: AWSExporter._handle_shellshock_issue, # noqa:E501
|
|
||||||
"tunnel": AWSExporter._handle_tunnel_issue,
|
"tunnel": AWSExporter._handle_tunnel_issue,
|
||||||
ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue,
|
ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue,
|
||||||
ExploiterDescriptorEnum.SMB.value.class_name: {
|
ExploiterDescriptorEnum.SMB.value.class_name: {
|
||||||
|
@ -295,23 +294,6 @@ class AWSExporter(Exporter):
|
||||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||||
)
|
)
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def _handle_shellshock_issue(issue, instance_arn):
|
|
||||||
|
|
||||||
return AWSExporter._build_generic_finding(
|
|
||||||
severity=10,
|
|
||||||
title="Machines are vulnerable to 'Shellshock'",
|
|
||||||
description="Update your Bash to a ShellShock-patched version.",
|
|
||||||
recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. "
|
|
||||||
"The attack was made possible because the HTTP server running on "
|
|
||||||
"TCP port {2} was vulnerable to a "
|
|
||||||
"shell injection attack on the paths: {3}.".format(
|
|
||||||
issue["machine"], issue["ip_address"], issue["port"], issue["paths"]
|
|
||||||
),
|
|
||||||
instance_arn=instance_arn,
|
|
||||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
|
||||||
)
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _handle_smb_password_issue(issue, instance_arn):
|
def _handle_smb_password_issue(issue, instance_arn):
|
||||||
|
|
||||||
|
|
|
@ -11,9 +11,6 @@ from monkey_island.cc.services.reporting.issue_processing.exploit_processing.pro
|
||||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.log4shell import ( # noqa: E501
|
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.log4shell import ( # noqa: E501
|
||||||
Log4ShellProcessor,
|
Log4ShellProcessor,
|
||||||
)
|
)
|
||||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.shellshock_exploit import ( # noqa: E501
|
|
||||||
ShellShockExploitProcessor,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon import ( # noqa: E501
|
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon import ( # noqa: E501
|
||||||
ZerologonExploitProcessor,
|
ZerologonExploitProcessor,
|
||||||
)
|
)
|
||||||
|
@ -34,9 +31,6 @@ class ExploiterDescriptorEnum(Enum):
|
||||||
ELASTIC = ExploiterDescriptor(
|
ELASTIC = ExploiterDescriptor(
|
||||||
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
|
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
|
||||||
)
|
)
|
||||||
SHELLSHOCK = ExploiterDescriptor(
|
|
||||||
"ShellShockExploiter", "ShellShock Exploiter", ShellShockExploitProcessor
|
|
||||||
)
|
|
||||||
STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
|
STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
|
||||||
WEBLOGIC = ExploiterDescriptor(
|
WEBLOGIC = ExploiterDescriptor(
|
||||||
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
|
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import ( # noqa: E501
|
|
||||||
ExploiterReportInfo,
|
|
||||||
ExploitProcessor,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class ShellShockExploitProcessor:
|
|
||||||
@staticmethod
|
|
||||||
def get_exploit_info_by_dict(class_name: str, exploit_dict: dict) -> ExploiterReportInfo:
|
|
||||||
exploit_info = ExploitProcessor.get_exploit_info_by_dict(class_name, exploit_dict)
|
|
||||||
|
|
||||||
urls = exploit_dict["data"]["info"]["vulnerable_urls"]
|
|
||||||
exploit_info.port = urls[0].split(":")[2].split("/")[0]
|
|
||||||
exploit_info.paths = ["/" + url.split(":")[2].split("/")[1] for url in urls]
|
|
||||||
return exploit_info
|
|
|
@ -28,7 +28,6 @@ import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIs
|
||||||
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
||||||
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
|
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
|
||||||
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
|
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
|
||||||
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
|
|
||||||
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
|
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
|
||||||
import {
|
import {
|
||||||
crossSegmentIssueOverview,
|
crossSegmentIssueOverview,
|
||||||
|
@ -125,11 +124,6 @@ class ReportPageComponent extends AuthComponent {
|
||||||
[this.issueContentTypes.REPORT]: elasticIssueReport,
|
[this.issueContentTypes.REPORT]: elasticIssueReport,
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||||
},
|
},
|
||||||
'ShellShockExploiter': {
|
|
||||||
[this.issueContentTypes.OVERVIEW]: shellShockIssueOverview,
|
|
||||||
[this.issueContentTypes.REPORT]: shellShockIssueReport,
|
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
|
||||||
},
|
|
||||||
'PowerShellExploiter': {
|
'PowerShellExploiter': {
|
||||||
[this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
|
[this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
|
||||||
[this.issueContentTypes.REPORT]: powershellIssueReport,
|
[this.issueContentTypes.REPORT]: powershellIssueReport,
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
import React from 'react';
|
|
||||||
import CollapsibleWellComponent from '../CollapsibleWell';
|
|
||||||
|
|
||||||
export function shellShockIssueOverview() {
|
|
||||||
return (<li>Machines are vulnerable to ‘Shellshock’ (<a
|
|
||||||
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
|
|
||||||
</li>)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
function getShellshockPathListBadges(paths) {
|
|
||||||
return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>);
|
|
||||||
}
|
|
||||||
|
|
||||||
export function shellShockIssueReport(issue) {
|
|
||||||
return (
|
|
||||||
<>
|
|
||||||
Update your Bash to a ShellShock-patched version.
|
|
||||||
<CollapsibleWellComponent>
|
|
||||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
|
||||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
|
||||||
className="badge badge-danger">ShellShock</span> attack.
|
|
||||||
<br/>
|
|
||||||
The attack was made possible because the HTTP server running on TCP port <span
|
|
||||||
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
|
|
||||||
paths: {getShellshockPathListBadges(issue.paths)}.
|
|
||||||
</CollapsibleWellComponent>
|
|
||||||
</>
|
|
||||||
);
|
|
||||||
}
|
|
Loading…
Reference in New Issue