p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

UI: Remove components related to the VSFTPD exploiter

This commit is contained in:
Shreya Malviya 2021-10-29 18:12:06 +05:30
parent 40b9b5b730
commit 97c50c3caa
2 changed files with 0 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -25,7 +25,6 @@ import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebL
import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue'; import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue'; import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue'; import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
import {vsftpdIssueOverview, vsftpdIssueReport} from './security/issues/VsftpdIssue';
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue'; import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue'; import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue'; import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue';
@ -108,11 +107,6 @@ class ReportPageComponent extends AuthComponent {
[this.issueContentTypes.REPORT]: drupalIssueReport, [this.issueContentTypes.REPORT]: drupalIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}, },
'VSFTPDExploiter': {
[this.issueContentTypes.OVERVIEW]: vsftpdIssueOverview,
[this.issueContentTypes.REPORT]: vsftpdIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'WmiExploiter': { 'WmiExploiter': {
[this.issueContentTypes.REPORT]: { [this.issueContentTypes.REPORT]: {
[this.credentialTypes.PASSWORD]: wmiPasswordIssueReport, [this.credentialTypes.PASSWORD]: wmiPasswordIssueReport,

36
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js
View File

@ -1,36 +0,0 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function vsftpdIssueOverview() {
return (<li>VSFTPD is vulnerable to <a
href="https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor">CVE-2011-2523</a>.
</li>)
}
export function vsftpdIssueReport(issue) {
return (
<>
Update your VSFTPD server to the latest version vsftpd-3.0.3.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) has a backdoor running at
port <span
className="badge badge-danger">6200</span>.
<br/>
The attack was made possible because the VSFTPD server was not patched against CVE-2011-2523.
<br/><br/>In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been
compromised.
Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a
command
shell on port 6200.
<br/><br/>
The Monkey executed commands by first logging in with ":)" in the username and then sending commands to the
backdoor
at port 6200.
<br/><br/>Read more about the security issue and remediation <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523"
>here</a>.
</CollapsibleWellComponent>
</>
);
}