Island: Remove ShellShock Exploiter
This commit is contained in:
parent
64b900b94d
commit
60d16ea4d6
|
@ -18,7 +18,6 @@ BASIC = {
|
|||
"WmiExploiter",
|
||||
"SSHExploiter",
|
||||
"Log4ShellExploiter",
|
||||
"ShellShockExploiter",
|
||||
"ElasticGroovyExploiter",
|
||||
"Struts2Exploiter",
|
||||
"WebLogicExploiter",
|
||||
|
|
|
@ -53,16 +53,6 @@ EXPLOITER_CLASSES = {
|
|||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
|
||||
"/exploiters/sshexec/",
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["ShellShockExploiter"],
|
||||
"title": "ShellShock Exploiter",
|
||||
"safe": True,
|
||||
"info": "CVE-2014-6271, based on logic from "
|
||||
"https://github.com/nccgroup/shocker/blob/master/shocker.py .",
|
||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
|
||||
"/shellshock/",
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["ElasticGroovyExploiter"],
|
||||
|
|
|
@ -68,7 +68,6 @@ class AWSExporter(Exporter):
|
|||
CredentialType.PASSWORD.value: AWSExporter._handle_ssh_issue,
|
||||
CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue,
|
||||
},
|
||||
ExploiterDescriptorEnum.SHELLSHOCK.value.class_name: AWSExporter._handle_shellshock_issue, # noqa:E501
|
||||
"tunnel": AWSExporter._handle_tunnel_issue,
|
||||
ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue,
|
||||
ExploiterDescriptorEnum.SMB.value.class_name: {
|
||||
|
@ -295,23 +294,6 @@ class AWSExporter(Exporter):
|
|||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def _handle_shellshock_issue(issue, instance_arn):
|
||||
|
||||
return AWSExporter._build_generic_finding(
|
||||
severity=10,
|
||||
title="Machines are vulnerable to 'Shellshock'",
|
||||
description="Update your Bash to a ShellShock-patched version.",
|
||||
recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. "
|
||||
"The attack was made possible because the HTTP server running on "
|
||||
"TCP port {2} was vulnerable to a "
|
||||
"shell injection attack on the paths: {3}.".format(
|
||||
issue["machine"], issue["ip_address"], issue["port"], issue["paths"]
|
||||
),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def _handle_smb_password_issue(issue, instance_arn):
|
||||
|
||||
|
|
|
@ -11,9 +11,6 @@ from monkey_island.cc.services.reporting.issue_processing.exploit_processing.pro
|
|||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.log4shell import ( # noqa: E501
|
||||
Log4ShellProcessor,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.shellshock_exploit import ( # noqa: E501
|
||||
ShellShockExploitProcessor,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon import ( # noqa: E501
|
||||
ZerologonExploitProcessor,
|
||||
)
|
||||
|
@ -34,9 +31,6 @@ class ExploiterDescriptorEnum(Enum):
|
|||
ELASTIC = ExploiterDescriptor(
|
||||
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
|
||||
)
|
||||
SHELLSHOCK = ExploiterDescriptor(
|
||||
"ShellShockExploiter", "ShellShock Exploiter", ShellShockExploitProcessor
|
||||
)
|
||||
STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
|
||||
WEBLOGIC = ExploiterDescriptor(
|
||||
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import ( # noqa: E501
|
||||
ExploiterReportInfo,
|
||||
ExploitProcessor,
|
||||
)
|
||||
|
||||
|
||||
class ShellShockExploitProcessor:
|
||||
@staticmethod
|
||||
def get_exploit_info_by_dict(class_name: str, exploit_dict: dict) -> ExploiterReportInfo:
|
||||
exploit_info = ExploitProcessor.get_exploit_info_by_dict(class_name, exploit_dict)
|
||||
|
||||
urls = exploit_dict["data"]["info"]["vulnerable_urls"]
|
||||
exploit_info.port = urls[0].split(":")[2].split("/")[0]
|
||||
exploit_info.paths = ["/" + url.split(":")[2].split("/")[1] for url in urls]
|
||||
return exploit_info
|
|
@ -28,7 +28,6 @@ import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIs
|
|||
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
||||
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
|
||||
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
|
||||
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
|
||||
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
|
||||
import {
|
||||
crossSegmentIssueOverview,
|
||||
|
@ -125,11 +124,6 @@ class ReportPageComponent extends AuthComponent {
|
|||
[this.issueContentTypes.REPORT]: elasticIssueReport,
|
||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||
},
|
||||
'ShellShockExploiter': {
|
||||
[this.issueContentTypes.OVERVIEW]: shellShockIssueOverview,
|
||||
[this.issueContentTypes.REPORT]: shellShockIssueReport,
|
||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||
},
|
||||
'PowerShellExploiter': {
|
||||
[this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
|
||||
[this.issueContentTypes.REPORT]: powershellIssueReport,
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
import React from 'react';
|
||||
import CollapsibleWellComponent from '../CollapsibleWell';
|
||||
|
||||
export function shellShockIssueOverview() {
|
||||
return (<li>Machines are vulnerable to ‘Shellshock’ (<a
|
||||
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
|
||||
</li>)
|
||||
}
|
||||
|
||||
|
||||
function getShellshockPathListBadges(paths) {
|
||||
return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>);
|
||||
}
|
||||
|
||||
export function shellShockIssueReport(issue) {
|
||||
return (
|
||||
<>
|
||||
Update your Bash to a ShellShock-patched version.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">ShellShock</span> attack.
|
||||
<br/>
|
||||
The attack was made possible because the HTTP server running on TCP port <span
|
||||
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
|
||||
paths: {getShellshockPathListBadges(issue.paths)}.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
}
|
Loading…
Reference in New Issue