UI: Grab credentials from endpoint and render them

This commit is contained in:
Ilija Lazoroski 2022-07-14 16:50:04 +02:00
parent f99bd74cd4
commit 8ccdba7528
1 changed files with 76 additions and 32 deletions

View File

@ -45,6 +45,8 @@ import {
zerologonOverviewWithFailedPassResetWarning
} from './security/issues/ZerologonIssue';
import {powershellIssueOverview, powershellIssueReport} from './security/issues/PowershellIssue';
import {getCredentialsSecrets, getCredentialsUsernames} from './credentialParsing';
import UsedCredentials from './security/UsedCredentials.tsx';
class ReportPageComponent extends AuthComponent {
@ -161,15 +163,31 @@ class ReportPageComponent extends AuthComponent {
this.state = {
report: props.report,
graph: {nodes: [], edges: []},
nodeStateList: []
nodeStateList: [],
stolenCredentials: [],
configuredCredentials: []
};
}
componentDidMount() {
this.getNodeStateListFromServer();
this.getCredentialsFromServer();
this.updateMapFromServer();
}
getCredentialsFromServer = () => {
this.authFetch('/api/propagation-credentials/stolen-credentials')
.then(res => res.json())
.then(creds => {
this.setState({stolenCredentials: creds});
})
this.authFetch('/api/propagation-credentials/configured-credentials')
.then(res => res.json())
.then(creds => {
this.setState({configuredCredentials: creds});
})
}
getNodeStateListFromServer = () => {
this.authFetch('/api/netmap/node-states')
.then(res => res.json())
@ -184,10 +202,19 @@ class ReportPageComponent extends AuthComponent {
componentDidUpdate(prevProps) {
if (this.props.report !== prevProps.report) {
this.setState({report: this.props.report})
this.updateReport(this.props.report);
}
}
updateReport(report) {
let newReport = this.addIssuesToOverviewIssues(report);
this.setState({
report: newReport
})
}
render() {
let content;
@ -273,39 +300,20 @@ class ReportPageComponent extends AuthComponent {
<p>
The monkeys were run with the following configuration:
</p>
{
this.state.report.overview.config_users.length > 0 ?
<>
<p>
Usernames used for brute-forcing:
</p>
<ul>
{this.state.report.overview.config_users.map(x => <li key={x}>{x}</li>)}
</ul>
<p>
Passwords used for brute-forcing:
</p>
<ul>
{this.state.report.overview.config_passwords.map(x => <li key={x}>{x.substr(0, 3) + '******'}</li>)}
</ul>
</>
:
<p>
Brute forcing uses stolen credentials only. No credentials were supplied during Monkeys
configuration.
</p>
}
<UsedCredentials stolen={this.state.stolenCredentials} configured={this.state.configuredCredentials}/>
{
this.state.report.overview.config_exploits.length > 0 ?
<p>
The Monkey uses the following exploit methods:
<ul>
{this.state.report.overview.config_exploits.map(x => <li key={x}>{x}</li>)}
</ul>
</p>
(
<p>
The Monkey attempted the following exploitation methods:
<ul>
{this.state.report.overview.config_exploits.map(x => <li key={x}>{x}</li>)}
</ul>
</p>
)
:
<p>
No exploits are used by the Monkey.
No exploiters were enabled.
</p>
}
{
@ -535,7 +543,7 @@ class ReportPageComponent extends AuthComponent {
</div>
<div style={{marginBottom: '20px'}}>
<StolenPasswords data={this.state.report.glance.stolen_creds}/>
<StolenPasswords data={this.state.stolenCredentials}/>
</div>
<div>
<StrongUsers data={this.state.report.glance.strong_users}/>
@ -582,6 +590,42 @@ class ReportPageComponent extends AuthComponent {
}
return <ul>{issuesDivArray}</ul>;
};
addIssuesToOverviewIssues(report) {
let issues = report.overview.issues;
let overview_issues = [];
for(let i=0; i < issues.length; i++) {
if (this.isWeakCredentialsIssue(issues[i])) {
overview_issues.push('weak_password')
} else if (this.isStolenCredentialsIssue(issues[i])) {
overview_issues.push('stolen_creds');
} else {
overview_issues.push(issues[i])
}
}
const newOverview = { ...report.overview, issues : overview_issues };
const newReport = { ...report, overview : newOverview };
return newReport;
}
isWeakCredentialsIssue(issue) {
return (Object.prototype.hasOwnProperty.call(issue, 'credential_type') &&
issue.credential_type === 'PASSWORD' &&
getCredentialsSecrets(this.state.configuredCredentials, 'password').includes(issue.password) &&
getCredentialsUsernames(this.state.configuredCredentials).includes(issue.username))
}
isStolenCredentialsIssue(issue) {
return ( Object.prototype.hasOwnProperty.call(issue, 'credential_type') &&
(issue.credential_type === 'PASSWORD' ||
issue.credential_type === 'NT_HASH' ||
issue.credential_type === 'LM_HASH'))
}
}
export default ReportPageComponent;