Island: add log4shell issue processing and reporting
This commit is contained in:
parent
0b76b9f949
commit
9d5ea0f41f
|
@ -8,6 +8,9 @@ from monkey_island.cc.services.reporting.issue_processing.exploit_processing.pro
|
|||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import ( # noqa: E501
|
||||
ExploitProcessor,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.log4shell import ( # noqa: E501
|
||||
Log4ShellProcessor,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.shellshock_exploit import ( # noqa: E501
|
||||
ShellShockExploitProcessor,
|
||||
)
|
||||
|
@ -52,6 +55,7 @@ class ExploiterDescriptorEnum(Enum):
|
|||
POWERSHELL = ExploiterDescriptor(
|
||||
"PowerShellExploiter", "PowerShell Remoting Exploiter", ExploitProcessor
|
||||
)
|
||||
LOG4SHELL = ExploiterDescriptor("Log4ShellExploiter", "Log4j Exploiter", Log4ShellProcessor)
|
||||
|
||||
@staticmethod
|
||||
def get_by_class_name(class_name: str) -> ExploiterDescriptor:
|
||||
|
|
|
@ -21,3 +21,4 @@ class ExploiterReportInfo:
|
|||
port: Union[str, None] = None
|
||||
paths: Union[List[str], None] = None
|
||||
password_restored: Union[bool, None] = None
|
||||
service: Union[str, None] = None
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.exploiter_report_info import ( # noqa: E501
|
||||
ExploiterReportInfo,
|
||||
)
|
||||
|
||||
|
||||
class Log4ShellProcessor:
|
||||
@staticmethod
|
||||
def get_exploit_info_by_dict(class_name: str, exploit_dict: dict) -> ExploiterReportInfo:
|
||||
ip_addr = exploit_dict["data"]["machine"]["ip_addr"]
|
||||
machine = NodeService.get_node_hostname(NodeService.get_node_or_monkey_by_ip(ip_addr))
|
||||
port = exploit_dict["data"]["info"]["vulnerable_service"]["port"]
|
||||
service = exploit_dict["data"]["info"]["vulnerable_service"]["service_name"]
|
||||
return ExploiterReportInfo(
|
||||
ip_address=ip_addr, machine=machine, type=class_name, port=port, service=service
|
||||
)
|
|
@ -31,6 +31,7 @@ import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues
|
|||
import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue';
|
||||
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
|
||||
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
|
||||
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
|
||||
import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue';
|
||||
import {
|
||||
crossSegmentIssueOverview,
|
||||
|
@ -158,6 +159,11 @@ class ReportPageComponent extends AuthComponent {
|
|||
[this.issueContentTypes.REPORT]: zerologonIssueReport,
|
||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||
},
|
||||
'Log4ShellExploiter': {
|
||||
[this.issueContentTypes.OVERVIEW]: log4shellIssueOverview,
|
||||
[this.issueContentTypes.REPORT]: log4shellIssueReport,
|
||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||
},
|
||||
'zerologon_pass_restore_failed': {
|
||||
[this.issueContentTypes.OVERVIEW]: zerologonOverviewWithFailedPassResetWarning
|
||||
},
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
import React from 'react';
|
||||
import CollapsibleWellComponent from '../CollapsibleWell';
|
||||
|
||||
export function log4shellIssueOverview() {
|
||||
return (<li>Some servers are vulnerable to log4shell remote code execution exploit.</li>)
|
||||
}
|
||||
|
||||
export function log4shellIssueReport(issue) {
|
||||
return (
|
||||
<>
|
||||
Upgrade the log4j component to version 2.15.0 or later.
|
||||
<CollapsibleWellComponent>
|
||||
The {issue.service} server <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}:{issue.port}</span>) is vulnerable to <span
|
||||
className="badge badge-danger">log4shell remote code execution</span> attack.
|
||||
<br/>
|
||||
The attack was made possible due to an old version of log4j component.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
}
|
|
@ -5,6 +5,9 @@ Vulture doesn't mark these as dead again.
|
|||
"""
|
||||
from infection_monkey.exploit.log4shell_utils.ldap_server import LDAPServerFactory
|
||||
from monkey_island.cc.models import Report
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.exploiter_descriptor_enum import (
|
||||
ExploiterDescriptorEnum,
|
||||
)
|
||||
|
||||
fake_monkey_dir_path # unused variable (monkey/tests/infection_monkey/post_breach/actions/test_users_custom_pba.py:37)
|
||||
set_os_linux # unused variable (monkey/tests/infection_monkey/post_breach/actions/test_users_custom_pba.py:37)
|
||||
|
@ -67,6 +70,7 @@ MSSQL # unused variable (monkey/monkey_island/cc/services/reporting/issue_proce
|
|||
VSFTPD # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:45)
|
||||
DRUPAL # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:48)
|
||||
POWERSHELL # (\monkey\monkey_island\cc\services\reporting\issue_processing\exploit_processing\exploiter_descriptor_enum.py:52)
|
||||
ExploiterDescriptorEnum.LOG4SHELL
|
||||
_.do_POST # unused method (monkey/monkey_island/cc/server_utils/bootloader_server.py:26)
|
||||
PbaResults # unused class (monkey/monkey_island/cc/models/pba_results.py:4)
|
||||
internet_access # unused variable (monkey/monkey_island/cc/models/monkey.py:43)
|
||||
|
|
Loading…
Reference in New Issue