Island: Remove ShellShock Exploiter

This commit is contained in:
Ilija Lazoroski 2022-02-23 13:27:59 +01:00
parent 64b900b94d
commit 60d16ea4d6
7 changed files with 0 additions and 86 deletions

View File

@ -18,7 +18,6 @@ BASIC = {
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"Log4ShellExploiter", "Log4ShellExploiter",
"ShellShockExploiter",
"ElasticGroovyExploiter", "ElasticGroovyExploiter",
"Struts2Exploiter", "Struts2Exploiter",
"WebLogicExploiter", "WebLogicExploiter",

View File

@ -53,16 +53,6 @@ EXPLOITER_CLASSES = {
"link": "https://www.guardicore.com/infectionmonkey/docs/reference" "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/sshexec/", "/exploiters/sshexec/",
}, },
{
"type": "string",
"enum": ["ShellShockExploiter"],
"title": "ShellShock Exploiter",
"safe": True,
"info": "CVE-2014-6271, based on logic from "
"https://github.com/nccgroup/shocker/blob/master/shocker.py .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
"/shellshock/",
},
{ {
"type": "string", "type": "string",
"enum": ["ElasticGroovyExploiter"], "enum": ["ElasticGroovyExploiter"],

View File

@ -68,7 +68,6 @@ class AWSExporter(Exporter):
CredentialType.PASSWORD.value: AWSExporter._handle_ssh_issue, CredentialType.PASSWORD.value: AWSExporter._handle_ssh_issue,
CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue, CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue,
}, },
ExploiterDescriptorEnum.SHELLSHOCK.value.class_name: AWSExporter._handle_shellshock_issue, # noqa:E501
"tunnel": AWSExporter._handle_tunnel_issue, "tunnel": AWSExporter._handle_tunnel_issue,
ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue, ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue,
ExploiterDescriptorEnum.SMB.value.class_name: { ExploiterDescriptorEnum.SMB.value.class_name: {
@ -295,23 +294,6 @@ class AWSExporter(Exporter):
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
) )
@staticmethod
def _handle_shellshock_issue(issue, instance_arn):
return AWSExporter._build_generic_finding(
severity=10,
title="Machines are vulnerable to 'Shellshock'",
description="Update your Bash to a ShellShock-patched version.",
recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. "
"The attack was made possible because the HTTP server running on "
"TCP port {2} was vulnerable to a "
"shell injection attack on the paths: {3}.".format(
issue["machine"], issue["ip_address"], issue["port"], issue["paths"]
),
instance_arn=instance_arn,
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
)
@staticmethod @staticmethod
def _handle_smb_password_issue(issue, instance_arn): def _handle_smb_password_issue(issue, instance_arn):

View File

@ -11,9 +11,6 @@ from monkey_island.cc.services.reporting.issue_processing.exploit_processing.pro
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.log4shell import ( # noqa: E501 from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.log4shell import ( # noqa: E501
Log4ShellProcessor, Log4ShellProcessor,
) )
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.shellshock_exploit import ( # noqa: E501
ShellShockExploitProcessor,
)
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon import ( # noqa: E501 from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon import ( # noqa: E501
ZerologonExploitProcessor, ZerologonExploitProcessor,
) )
@ -34,9 +31,6 @@ class ExploiterDescriptorEnum(Enum):
ELASTIC = ExploiterDescriptor( ELASTIC = ExploiterDescriptor(
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor "ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
) )
SHELLSHOCK = ExploiterDescriptor(
"ShellShockExploiter", "ShellShock Exploiter", ShellShockExploitProcessor
)
STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor) STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
WEBLOGIC = ExploiterDescriptor( WEBLOGIC = ExploiterDescriptor(
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor

View File

@ -1,15 +0,0 @@
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import ( # noqa: E501
ExploiterReportInfo,
ExploitProcessor,
)
class ShellShockExploitProcessor:
@staticmethod
def get_exploit_info_by_dict(class_name: str, exploit_dict: dict) -> ExploiterReportInfo:
exploit_info = ExploitProcessor.get_exploit_info_by_dict(class_name, exploit_dict)
urls = exploit_dict["data"]["info"]["vulnerable_urls"]
exploit_info.port = urls[0].split(":")[2].split("/")[0]
exploit_info.paths = ["/" + url.split(":")[2].split("/")[1] for url in urls]
return exploit_info

View File

@ -28,7 +28,6 @@ import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIs
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue'; import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue'; import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue'; import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue'; import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
import { import {
crossSegmentIssueOverview, crossSegmentIssueOverview,
@ -125,11 +124,6 @@ class ReportPageComponent extends AuthComponent {
[this.issueContentTypes.REPORT]: elasticIssueReport, [this.issueContentTypes.REPORT]: elasticIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}, },
'ShellShockExploiter': {
[this.issueContentTypes.OVERVIEW]: shellShockIssueOverview,
[this.issueContentTypes.REPORT]: shellShockIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'PowerShellExploiter': { 'PowerShellExploiter': {
[this.issueContentTypes.OVERVIEW]: powershellIssueOverview, [this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
[this.issueContentTypes.REPORT]: powershellIssueReport, [this.issueContentTypes.REPORT]: powershellIssueReport,

View File

@ -1,30 +0,0 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function shellShockIssueOverview() {
return (<li>Machines are vulnerable to Shellshock (<a
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
</li>)
}
function getShellshockPathListBadges(paths) {
return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>);
}
export function shellShockIssueReport(issue) {
return (
<>
Update your Bash to a ShellShock-patched version.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">ShellShock</span> attack.
<br/>
The attack was made possible because the HTTP server running on TCP port <span
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
paths: {getShellshockPathListBadges(issue.paths)}.
</CollapsibleWellComponent>
</>
);
}