p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Changed zerologon links to be more consistent and have a style

This commit is contained in:
VakarisZ 2021-03-01 10:06:51 +02:00 committed by Mike Salvatore
parent b3e9922d0f
commit 8eeed20f7e
1 changed files with 30 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -370,16 +370,23 @@ class ReportPageComponent extends AuthComponent {
if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) { if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) {
zerologonOverview.push(<span> zerologonOverview.push(<span>
<WarningIcon/> Automatic password restoration on a domain controller failed! <WarningIcon/> Automatic password restoration on a domain controller failed!
<Button variant={"link"} href={"#"} target={"_blank"} className={"security-report-link"}> <Button variant={"link"}
Restore your domain controller's password manually.</Button> href={"https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"}
target={"_blank"}
className={"security-report-link"}>
Restore your domain controller's password manually.
</Button>
</span>) </span>)
} }
if(this.state.report.overview.issues[this.Issue.ZEROLOGON]) { if(this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
zerologonOverview.push(<> zerologonOverview.push(<>
Some domain controllers are vulnerable to Zerologon exploiter( Some domain controllers are vulnerable to Zerologon exploiter(
<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472" target={"_blank"}> <Button variant={"link"}
CVE-2020-1472</a>)! href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"
</>) target={"_blank"}
className={"security-report-link"}>
CVE-2020-1472</Button>)!
</>)
} else { } else {
return none; return none;
} }
@ -936,15 +943,28 @@ class ReportPageComponent extends AuthComponent {
<br/> <br/>
The attack was possible because the latest security updates from Microsoft The attack was possible because the latest security updates from Microsoft
have not been applied to this machine. For more information about this have not been applied to this machine. For more information about this
vulnerability, read <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"> vulnerability, read
Microsoft's documentation.</a> <Button
variant={"link"}
href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"
target={"_blank"}
className={"security-report-link"}
>
Microsoft's documentation.</Button>
{!issue.password_restored ? {!issue.password_restored ?
<div className={'info-pane-warning'} key={'warning'}> <div className={'info-pane-warning'} key={'warning'}>
<br/><WarningIcon/> <br/><WarningIcon/>
<span> <span>
The domain controller's password was changed during the exploit and could not be restored successfully. The domain controller's password was changed during the exploit and could not be restored successfully.
Instructions on how to manually reset the domain controller's password can be found <a Instructions on how to manually reset the domain controller's password can be found
href="https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/">here</a>. <Button
variant={"link"}
href="https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
target={"_blank"}
className={"security-report-link"}
>
here
</Button>.
</span> </span>
</div> : null} </div> : null}
</CollapsibleWellComponent> </CollapsibleWellComponent>