* Added MSSQL exploiter report frontend details.
This commit is contained in:
parent
19d324d81f
commit
80d6b327bc
|
@ -88,6 +88,7 @@ class MSSQLExploiter(HostExploiter):
|
||||||
conn = pymssql.connect(host, user, password, port=port, login_timeout=self.LOGIN_TIMEOUT)
|
conn = pymssql.connect(host, user, password, port=port, login_timeout=self.LOGIN_TIMEOUT)
|
||||||
LOG.info('Successfully connected to host: {0}, '
|
LOG.info('Successfully connected to host: {0}, '
|
||||||
'using user: {1}, password: {2}'.format(host, user, password))
|
'using user: {1}, password: {2}'.format(host, user, password))
|
||||||
|
self.report_login_attempt(True, user, password)
|
||||||
cursor = conn.cursor()
|
cursor = conn.cursor()
|
||||||
|
|
||||||
# Handles the payload and return True or False
|
# Handles the payload and return True or False
|
||||||
|
|
|
@ -30,7 +30,8 @@ class ReportService:
|
||||||
'ElasticGroovyExploiter': 'Elastic Groovy Exploiter',
|
'ElasticGroovyExploiter': 'Elastic Groovy Exploiter',
|
||||||
'Ms08_067_Exploiter': 'Conficker Exploiter',
|
'Ms08_067_Exploiter': 'Conficker Exploiter',
|
||||||
'ShellShockExploiter': 'ShellShock Exploiter',
|
'ShellShockExploiter': 'ShellShock Exploiter',
|
||||||
'Struts2Exploiter': 'Struts2 Exploiter'
|
'Struts2Exploiter': 'Struts2 Exploiter',
|
||||||
|
'MSSQLExploiter': 'MSSQL Exploiter'
|
||||||
}
|
}
|
||||||
|
|
||||||
class ISSUES_DICT(Enum):
|
class ISSUES_DICT(Enum):
|
||||||
|
@ -43,6 +44,7 @@ class ReportService:
|
||||||
AZURE = 6
|
AZURE = 6
|
||||||
STOLEN_SSH_KEYS = 7
|
STOLEN_SSH_KEYS = 7
|
||||||
STRUTS2 = 8
|
STRUTS2 = 8
|
||||||
|
MSSQL = 9
|
||||||
|
|
||||||
class WARNINGS_DICT(Enum):
|
class WARNINGS_DICT(Enum):
|
||||||
CROSS_SEGMENT = 0
|
CROSS_SEGMENT = 0
|
||||||
|
@ -298,6 +300,13 @@ class ReportService:
|
||||||
processed_exploit['type'] = 'struts2'
|
processed_exploit['type'] = 'struts2'
|
||||||
return processed_exploit
|
return processed_exploit
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def process_mssql_exploit(exploit):
|
||||||
|
processed_exploit = ReportService.process_general_exploit(exploit)
|
||||||
|
processed_exploit['type'] = 'mssql'
|
||||||
|
return processed_exploit
|
||||||
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def process_exploit(exploit):
|
def process_exploit(exploit):
|
||||||
exploiter_type = exploit['data']['exploiter']
|
exploiter_type = exploit['data']['exploiter']
|
||||||
|
@ -310,7 +319,8 @@ class ReportService:
|
||||||
'ElasticGroovyExploiter': ReportService.process_elastic_exploit,
|
'ElasticGroovyExploiter': ReportService.process_elastic_exploit,
|
||||||
'Ms08_067_Exploiter': ReportService.process_conficker_exploit,
|
'Ms08_067_Exploiter': ReportService.process_conficker_exploit,
|
||||||
'ShellShockExploiter': ReportService.process_shellshock_exploit,
|
'ShellShockExploiter': ReportService.process_shellshock_exploit,
|
||||||
'Struts2Exploiter': ReportService.process_struts2_exploit
|
'Struts2Exploiter': ReportService.process_struts2_exploit,
|
||||||
|
'MSSQLExploiter': ReportService.process_mssql_exploit
|
||||||
}
|
}
|
||||||
|
|
||||||
return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit)
|
return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit)
|
||||||
|
@ -430,6 +440,8 @@ class ReportService:
|
||||||
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_SSH_KEYS.value] = True
|
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_SSH_KEYS.value] = True
|
||||||
elif issue['type'] == 'struts2':
|
elif issue['type'] == 'struts2':
|
||||||
issues_byte_array[ReportService.ISSUES_DICT.STRUTS2.value] = True
|
issues_byte_array[ReportService.ISSUES_DICT.STRUTS2.value] = True
|
||||||
|
elif issue['type'] == 'mssql':
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.MSSQL.value] = True
|
||||||
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
|
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
|
||||||
issue['username'] in config_users or issue['type'] == 'ssh':
|
issue['username'] in config_users or issue['type'] == 'ssh':
|
||||||
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True
|
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True
|
||||||
|
|
|
@ -24,7 +24,8 @@ class ReportPageComponent extends AuthComponent {
|
||||||
CONFICKER: 5,
|
CONFICKER: 5,
|
||||||
AZURE: 6,
|
AZURE: 6,
|
||||||
STOLEN_SSH_KEYS: 7,
|
STOLEN_SSH_KEYS: 7,
|
||||||
STRUTS2: 8
|
STRUTS2: 8,
|
||||||
|
MSSQL: 9
|
||||||
};
|
};
|
||||||
|
|
||||||
Warning =
|
Warning =
|
||||||
|
@ -326,6 +327,10 @@ class ReportPageComponent extends AuthComponent {
|
||||||
<li>Struts2 servers are vulnerable to remote code execution. (<a
|
<li>Struts2 servers are vulnerable to remote code execution. (<a
|
||||||
href="https://cwiki.apache.org/confluence/display/WW/S2-045">
|
href="https://cwiki.apache.org/confluence/display/WW/S2-045">
|
||||||
CVE-2017-5638</a>)</li> : null }
|
CVE-2017-5638</a>)</li> : null }
|
||||||
|
{this.state.report.overview.issues[this.Issue.MSSQL] ?
|
||||||
|
<li>MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command. (<a
|
||||||
|
href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017">
|
||||||
|
More Info.</a>)</li> : null }
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
:
|
:
|
||||||
|
@ -693,7 +698,21 @@ class ReportPageComponent extends AuthComponent {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
generateMSSQLIssue(issue) {
|
||||||
|
return(
|
||||||
|
<li>
|
||||||
|
Disable the xp_cmdshell option.
|
||||||
|
<CollapsibleWellComponent>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> (<span
|
||||||
|
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||||
|
className="label label-danger">Conficker</span> attack.
|
||||||
|
<br/>
|
||||||
|
The attack was made possible because the target machine used an outdated MSSQL server configuration allowing
|
||||||
|
the usage of the xp_cmdshell command.
|
||||||
|
</CollapsibleWellComponent>
|
||||||
|
</li>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
generateIssue = (issue) => {
|
generateIssue = (issue) => {
|
||||||
let data;
|
let data;
|
||||||
|
@ -743,6 +762,9 @@ class ReportPageComponent extends AuthComponent {
|
||||||
case 'struts2':
|
case 'struts2':
|
||||||
data = this.generateStruts2Issue(issue);
|
data = this.generateStruts2Issue(issue);
|
||||||
break;
|
break;
|
||||||
|
case 'mssql':
|
||||||
|
data = this.generateMSSQLIssue(issue);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
return data;
|
return data;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue