Island: remove sambacry exploiter code and related infrastructure/docs
This commit is contained in:
parent
73188e78cc
commit
881800047b
|
@ -48,7 +48,6 @@ The Infection Monkey uses the following techniques and exploits to propagate to
|
||||||
* WMI
|
* WMI
|
||||||
* Shellshock
|
* Shellshock
|
||||||
* Conficker
|
* Conficker
|
||||||
* SambaCry
|
|
||||||
* Elastic Search (CVE-2015-1427)
|
* Elastic Search (CVE-2015-1427)
|
||||||
* Weblogic server
|
* Weblogic server
|
||||||
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
|
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
|
||||||
|
|
|
@ -18,7 +18,6 @@ BASIC = {
|
||||||
"WmiExploiter",
|
"WmiExploiter",
|
||||||
"SSHExploiter",
|
"SSHExploiter",
|
||||||
"ShellShockExploiter",
|
"ShellShockExploiter",
|
||||||
"SambaCryExploiter",
|
|
||||||
"ElasticGroovyExploiter",
|
"ElasticGroovyExploiter",
|
||||||
"Struts2Exploiter",
|
"Struts2Exploiter",
|
||||||
"WebLogicExploiter",
|
"WebLogicExploiter",
|
||||||
|
|
|
@ -74,15 +74,6 @@ EXPLOITER_CLASSES = {
|
||||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
|
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
|
||||||
"/shellshock/",
|
"/shellshock/",
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"type": "string",
|
|
||||||
"enum": ["SambaCryExploiter"],
|
|
||||||
"title": "SambaCry Exploiter",
|
|
||||||
"safe": True,
|
|
||||||
"info": "Bruteforces and searches for anonymous shares. Uses Impacket.",
|
|
||||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
|
|
||||||
"/sambacry/",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"enum": ["ElasticGroovyExploiter"],
|
"enum": ["ElasticGroovyExploiter"],
|
||||||
|
|
|
@ -373,45 +373,6 @@ INTERNAL = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"sambacry": {
|
|
||||||
"title": "SambaCry",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"sambacry_trigger_timeout": {
|
|
||||||
"title": "SambaCry trigger timeout",
|
|
||||||
"type": "integer",
|
|
||||||
"default": 5,
|
|
||||||
"description": "Timeout (in seconds) of SambaCry trigger",
|
|
||||||
},
|
|
||||||
"sambacry_folder_paths_to_guess": {
|
|
||||||
"title": "SambaCry folder paths to guess",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "string"},
|
|
||||||
"default": [
|
|
||||||
"/",
|
|
||||||
"/mnt",
|
|
||||||
"/tmp",
|
|
||||||
"/storage",
|
|
||||||
"/export",
|
|
||||||
"/share",
|
|
||||||
"/shares",
|
|
||||||
"/home",
|
|
||||||
],
|
|
||||||
"description": "List of full paths to share folder for SambaCry to "
|
|
||||||
"guess",
|
|
||||||
},
|
|
||||||
"sambacry_shares_not_to_check": {
|
|
||||||
"title": "SambaCry shares not to check",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "string"},
|
|
||||||
"default": ["IPC$", "print$"],
|
|
||||||
"description": "These shares won't be checked when exploiting with "
|
|
||||||
"SambaCry",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
"smb_service": {
|
"smb_service": {
|
||||||
"title": "SMB service",
|
"title": "SMB service",
|
||||||
|
|
|
@ -75,7 +75,6 @@ class AWSExporter(Exporter):
|
||||||
CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue,
|
CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue,
|
||||||
CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue,
|
CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue,
|
||||||
},
|
},
|
||||||
ExploiterDescriptorEnum.SAMBACRY.value.class_name: AWSExporter._handle_sambacry_issue,
|
|
||||||
"shared_passwords": AWSExporter._handle_shared_passwords_issue,
|
"shared_passwords": AWSExporter._handle_shared_passwords_issue,
|
||||||
ExploiterDescriptorEnum.WMI.value.class_name: {
|
ExploiterDescriptorEnum.WMI.value.class_name: {
|
||||||
CredentialType.PASSWORD.value: AWSExporter._handle_wmi_password_issue,
|
CredentialType.PASSWORD.value: AWSExporter._handle_wmi_password_issue,
|
||||||
|
@ -192,24 +191,6 @@ class AWSExporter(Exporter):
|
||||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||||
)
|
)
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def _handle_sambacry_issue(issue, instance_arn):
|
|
||||||
|
|
||||||
return AWSExporter._build_generic_finding(
|
|
||||||
severity=10,
|
|
||||||
title="Samba servers are vulnerable to 'SambaCry'",
|
|
||||||
description="Change {0} password to a complex one-use password that is not shared "
|
|
||||||
"with other computers on the "
|
|
||||||
"network. Update your Samba server to 4.4.14 and up, "
|
|
||||||
"4.5.10 and up, or 4.6.4 and up.".format(issue["username"]),
|
|
||||||
recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The "
|
|
||||||
"Monkey authenticated over the SMB "
|
|
||||||
"protocol with user {2} and its password, and used the SambaCry "
|
|
||||||
"vulnerability.".format(issue["machine"], issue["ip_address"], issue["username"]),
|
|
||||||
instance_arn=instance_arn,
|
|
||||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
|
||||||
)
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _handle_smb_pth_issue(issue, instance_arn):
|
def _handle_smb_pth_issue(issue, instance_arn):
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum):
|
||||||
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
|
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
|
||||||
WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
|
WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
|
||||||
SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
|
SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
|
||||||
SAMBACRY = ExploiterDescriptor("SambaCryExploiter", "SambaCry Exploiter", CredExploitProcessor)
|
|
||||||
ELASTIC = ExploiterDescriptor(
|
ELASTIC = ExploiterDescriptor(
|
||||||
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
|
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
|
||||||
)
|
)
|
||||||
|
|
|
@ -27,7 +27,6 @@ import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue
|
||||||
import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
|
import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
|
||||||
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
||||||
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
|
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
|
||||||
import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue';
|
|
||||||
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
|
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
|
||||||
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
|
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
|
||||||
import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue';
|
import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue';
|
||||||
|
@ -122,11 +121,6 @@ class ReportPageComponent extends AuthComponent {
|
||||||
},
|
},
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||||
},
|
},
|
||||||
'SambaCryExploiter': {
|
|
||||||
[this.issueContentTypes.OVERVIEW]: sambacryIssueOverview,
|
|
||||||
[this.issueContentTypes.REPORT]: sambacryIssueReport,
|
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
|
||||||
},
|
|
||||||
'ElasticGroovyExploiter': {
|
'ElasticGroovyExploiter': {
|
||||||
[this.issueContentTypes.OVERVIEW]: elasticIssueOverview,
|
[this.issueContentTypes.OVERVIEW]: elasticIssueOverview,
|
||||||
[this.issueContentTypes.REPORT]: elasticIssueReport,
|
[this.issueContentTypes.REPORT]: elasticIssueReport,
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
import React from 'react';
|
|
||||||
import CollapsibleWellComponent from '../CollapsibleWell';
|
|
||||||
|
|
||||||
export function sambacryIssueOverview() {
|
|
||||||
return (<li>Samba servers are vulnerable to ‘SambaCry’ (<a
|
|
||||||
href="https://www.samba.org/samba/security/CVE-2017-7494.html"
|
|
||||||
>CVE-2017-7494</a>).</li>)
|
|
||||||
}
|
|
||||||
|
|
||||||
export function sambacryIssueReport(issue) {
|
|
||||||
return (
|
|
||||||
<>
|
|
||||||
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
|
|
||||||
that is not shared with other computers on the network.
|
|
||||||
<br/>
|
|
||||||
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
|
|
||||||
<CollapsibleWellComponent>
|
|
||||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
|
||||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
|
||||||
className="badge badge-danger">SambaCry</span> attack.
|
|
||||||
<br/>
|
|
||||||
The Monkey authenticated over the SMB protocol with user <span
|
|
||||||
className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry
|
|
||||||
vulnerability.
|
|
||||||
</CollapsibleWellComponent>
|
|
||||||
</>
|
|
||||||
);
|
|
||||||
}
|
|
Loading…
Reference in New Issue