Replace double quotes with single quotes in SecurityReport.js
This commit is contained in:
parent
9171ed8190
commit
9e3fe03ce1
|
@ -110,7 +110,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
print();
|
||||
}}/>
|
||||
</div>
|
||||
<div className="report-page">
|
||||
<div className='report-page'>
|
||||
<ReportHeader report_type={ReportTypes.security}/>
|
||||
<hr/>
|
||||
{content}
|
||||
|
@ -142,7 +142,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
|
||||
generateReportOverviewSection() {
|
||||
return (
|
||||
<div id="overview">
|
||||
<div id='overview'>
|
||||
<h2>
|
||||
Overview
|
||||
</h2>
|
||||
|
@ -151,7 +151,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
this.state.report.glance.exploited.length > 0 ?
|
||||
''
|
||||
:
|
||||
<p className="alert alert-info">
|
||||
<p className='alert alert-info'>
|
||||
<FontAwesomeIcon icon={faExclamationTriangle} style={{'marginRight': '5px'}}/>
|
||||
To improve the monkey's detection rates, try adding users and passwords and enable the "Local
|
||||
network
|
||||
|
@ -160,8 +160,8 @@ class ReportPageComponent extends AuthComponent {
|
|||
}
|
||||
<p>
|
||||
The first monkey run was started on <span
|
||||
className="badge badge-info">{this.state.report.overview.monkey_start_time}</span>. After <span
|
||||
className="badge badge-info">{this.state.report.overview.monkey_duration}</span>, all monkeys finished
|
||||
className='badge badge-info'>{this.state.report.overview.monkey_start_time}</span>. After <span
|
||||
className='badge badge-info'>{this.state.report.overview.monkey_duration}</span>, all monkeys finished
|
||||
propagation attempts.
|
||||
</p>
|
||||
<p>
|
||||
|
@ -238,7 +238,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
|
||||
generateReportFindingsSection() {
|
||||
return (
|
||||
<div id="findings">
|
||||
<div id='findings'>
|
||||
<h3>
|
||||
Security Findings
|
||||
</h3>
|
||||
|
@ -252,7 +252,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
}).length > 0 ?
|
||||
<div>
|
||||
During this simulated attack the Monkey uncovered <span
|
||||
className="badge badge-warning">
|
||||
className='badge badge-warning'>
|
||||
{this.state.report.overview.issues.filter(function (x) {
|
||||
return x === true;
|
||||
}).length} threats</span>:
|
||||
|
@ -264,50 +264,50 @@ class ReportPageComponent extends AuthComponent {
|
|||
{this.state.report.overview.issues[this.Issue.ELASTIC] &&
|
||||
<li>Elasticsearch servers are vulnerable to
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://www.cvedetails.com/cve/cve-2015-1427"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://www.cvedetails.com/cve/cve-2015-1427'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
CVE-2015-1427
|
||||
</Button>.
|
||||
</li>}
|
||||
{this.state.report.overview.issues[this.Issue.VSFTPD] &&
|
||||
<li>VSFTPD is vulnerable to
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
CVE-2011-2523
|
||||
</Button>.
|
||||
</li>}
|
||||
{this.state.report.overview.issues[this.Issue.SAMBACRY] &&
|
||||
<li>Samba servers are vulnerable to ‘SambaCry’ (
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://www.samba.org/samba/security/CVE-2017-7494.html"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://www.samba.org/samba/security/CVE-2017-7494.html'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
CVE-2017-7494
|
||||
</Button>).
|
||||
</li>}
|
||||
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] &&
|
||||
<li>Machines are vulnerable to ‘Shellshock’ (
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://www.cvedetails.com/cve/CVE-2014-6271"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://www.cvedetails.com/cve/CVE-2014-6271'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
CVE-2014-6271
|
||||
</Button>).
|
||||
</li>}
|
||||
{this.state.report.overview.issues[this.Issue.CONFICKER] &&
|
||||
<li>Machines are vulnerable to ‘Conficker’ (
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
MS08-067
|
||||
</Button>).
|
||||
</li>}
|
||||
|
@ -317,20 +317,20 @@ class ReportPageComponent extends AuthComponent {
|
|||
{this.state.report.overview.issues[this.Issue.AZURE] &&
|
||||
<li>Azure machines expose plaintext passwords. (
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
More info
|
||||
</Button>)
|
||||
</li>}
|
||||
{this.state.report.overview.issues[this.Issue.STRUTS2] &&
|
||||
<li>Struts2 servers are vulnerable to remote code execution. (
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://cwiki.apache.org/confluence/display/WW/S2-045"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://cwiki.apache.org/confluence/display/WW/S2-045'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
CVE-2017-5638
|
||||
</Button>)
|
||||
</li>}
|
||||
|
@ -346,10 +346,10 @@ class ReportPageComponent extends AuthComponent {
|
|||
{this.state.report.overview.issues[this.Issue.DRUPAL] &&
|
||||
<li>Drupal servers are susceptible to a remote code execution vulnerability
|
||||
(<Button
|
||||
variant={"link"}
|
||||
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
CVE-2019-6340
|
||||
</Button>).
|
||||
</li>
|
||||
|
@ -360,7 +360,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
:
|
||||
<div>
|
||||
During this simulated attack the Monkey uncovered <span
|
||||
className="badge badge-success">0 threats</span>.
|
||||
className='badge badge-success'>0 threats</span>.
|
||||
</div>
|
||||
}
|
||||
</div>
|
||||
|
@ -421,10 +421,10 @@ class ReportPageComponent extends AuthComponent {
|
|||
if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) {
|
||||
zerologonOverview.push(<span>
|
||||
<WarningIcon/> Automatic password restoration on a domain controller failed!
|
||||
<Button variant={"link"}
|
||||
href={"https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"}
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
<Button variant={'link'}
|
||||
href={'https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/'}
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
Restore your domain controller's password manually.
|
||||
</Button>
|
||||
</span>)
|
||||
|
@ -432,10 +432,10 @@ class ReportPageComponent extends AuthComponent {
|
|||
if (this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
|
||||
zerologonOverview.push(<>
|
||||
Some domain controllers are vulnerable to Zerologon exploiter(
|
||||
<Button variant={"link"}
|
||||
href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
<Button variant={'link'}
|
||||
href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
CVE-2020-1472
|
||||
</Button>)!
|
||||
</>)
|
||||
|
@ -447,7 +447,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
|
||||
generateReportRecommendationsSection() {
|
||||
return (
|
||||
<div id="recommendations">
|
||||
<div id='recommendations'>
|
||||
{/* Checks if there are any domain issues. If there are more then one: render the title. Otherwise,
|
||||
* don't render it (since the issues themselves will be empty. */}
|
||||
{Object.keys(this.state.report.recommendations.domain_issues).length !== 0 ?
|
||||
|
@ -470,36 +470,36 @@ class ReportPageComponent extends AuthComponent {
|
|||
let exploitPercentage =
|
||||
(100 * this.state.report.glance.exploited.length) / this.state.report.glance.scanned.length;
|
||||
return (
|
||||
<div id="glance">
|
||||
<div id='glance'>
|
||||
<h3>
|
||||
The Network from the Monkey's Eyes
|
||||
</h3>
|
||||
<div>
|
||||
<p>
|
||||
The Monkey discovered <span
|
||||
className="badge badge-warning">{this.state.report.glance.scanned.length}</span> machines and
|
||||
className='badge badge-warning'>{this.state.report.glance.scanned.length}</span> machines and
|
||||
successfully breached <span
|
||||
className="badge badge-danger">{this.state.report.glance.exploited.length}</span> of them.
|
||||
className='badge badge-danger'>{this.state.report.glance.exploited.length}</span> of them.
|
||||
</p>
|
||||
<div className="text-center" style={{margin: '10px'}}>
|
||||
<Line style={{width: '300px', marginRight: '5px'}} percent={exploitPercentage} strokeWidth="4"
|
||||
trailWidth="4"
|
||||
strokeColor="#d9534f" trailColor="#f0ad4e"/>
|
||||
<div className='text-center' style={{margin: '10px'}}>
|
||||
<Line style={{width: '300px', marginRight: '5px'}} percent={exploitPercentage} strokeWidth='4'
|
||||
trailWidth='4'
|
||||
strokeColor='#d9534f' trailColor='#f0ad4e'/>
|
||||
<b>{Math.round(exploitPercentage)}% of scanned machines exploited</b>
|
||||
</div>
|
||||
</div>
|
||||
<p>
|
||||
From the attacker's point of view, the network looks like this:
|
||||
</p>
|
||||
<div className="map-legend">
|
||||
<div className='map-legend'>
|
||||
<b>Legend: </b>
|
||||
<span>Exploit <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#cc0200'}}/></span>
|
||||
<span>Exploit <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#cc0200'}}/></span>
|
||||
<b style={{color: '#aeaeae'}}> | </b>
|
||||
<span>Scan <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#ff9900'}}/></span>
|
||||
<span>Scan <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#ff9900'}}/></span>
|
||||
<b style={{color: '#aeaeae'}}> | </b>
|
||||
<span>Tunnel <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#0158aa'}}/></span>
|
||||
<span>Tunnel <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#0158aa'}}/></span>
|
||||
<b style={{color: '#aeaeae'}}> | </b>
|
||||
<span>Island Communication <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#a9aaa9'}}/></span>
|
||||
<span>Island Communication <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#a9aaa9'}}/></span>
|
||||
</div>
|
||||
<div style={{position: 'relative', height: '80vh'}}>
|
||||
<ReactiveGraph graph={this.state.graph} options={getOptions(this.state.nodeStateList)}/>
|
||||
|
@ -529,17 +529,17 @@ class ReportPageComponent extends AuthComponent {
|
|||
|
||||
generateReportFooter() {
|
||||
return (
|
||||
<div id="footer" className="text-center" style={{marginTop: '20px'}}>
|
||||
<div id='footer' className='text-center' style={{marginTop: '20px'}}>
|
||||
For questions, suggestions or any other feedback
|
||||
contact: <a href="mailto://labs@guardicore.com" className="no-print">labs@guardicore.com</a>
|
||||
<div className="force-print" style={{display: 'none'}}>labs@guardicore.com</div>
|
||||
<img src={guardicoreLogoImage} alt="GuardiCore" className="center-block" style={{height: '50px'}}/>
|
||||
contact: <a href='mailto://labs@guardicore.com' className='no-print'>labs@guardicore.com</a>
|
||||
<div className='force-print' style={{display: 'none'}}>labs@guardicore.com</div>
|
||||
<img src={guardicoreLogoImage} alt='GuardiCore' className='center-block' style={{height: '50px'}}/>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
generateInfoBadges(data_array) {
|
||||
return data_array.map(badge_data => <span key={badge_data} className="badge badge-info"
|
||||
return data_array.map(badge_data => <span key={badge_data} className='badge badge-info'
|
||||
style={{margin: '2px'}}>{badge_data}</span>);
|
||||
}
|
||||
|
||||
|
@ -605,21 +605,21 @@ class ReportPageComponent extends AuthComponent {
|
|||
}
|
||||
|
||||
generateShellshockPathListBadges(paths) {
|
||||
return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>);
|
||||
return paths.map(path => <span className='badge badge-warning' style={{margin: '2px'}} key={path}>{path}</span>);
|
||||
}
|
||||
|
||||
generateSmbPasswordIssue(issue) {
|
||||
return (
|
||||
<>
|
||||
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
|
||||
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
|
||||
that is not shared with other computers on the network.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">SMB</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>SMB</span> attack.
|
||||
<br/>
|
||||
The Monkey authenticated over the SMB protocol with user <span
|
||||
className="badge badge-success">{issue.username}</span> and its password.
|
||||
className='badge badge-success'>{issue.username}</span> and its password.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -628,15 +628,15 @@ class ReportPageComponent extends AuthComponent {
|
|||
generateSmbPthIssue(issue) {
|
||||
return (
|
||||
<>
|
||||
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
|
||||
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
|
||||
that is not shared with other computers on the network.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">SMB</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>SMB</span> attack.
|
||||
<br/>
|
||||
The Monkey used a pass-the-hash attack over SMB protocol with user <span
|
||||
className="badge badge-success">{issue.username}</span>.
|
||||
className='badge badge-success'>{issue.username}</span>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -645,15 +645,15 @@ class ReportPageComponent extends AuthComponent {
|
|||
generateWmiPasswordIssue(issue) {
|
||||
return (
|
||||
<>
|
||||
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
|
||||
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
|
||||
that is not shared with other computers on the network.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">WMI</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>WMI</span> attack.
|
||||
<br/>
|
||||
The Monkey authenticated over the WMI protocol with user <span
|
||||
className="badge badge-success">{issue.username}</span> and its password.
|
||||
className='badge badge-success'>{issue.username}</span> and its password.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -662,15 +662,15 @@ class ReportPageComponent extends AuthComponent {
|
|||
generateWmiPthIssue(issue) {
|
||||
return (
|
||||
<>
|
||||
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
|
||||
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
|
||||
that is not shared with other computers on the network.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">WMI</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>WMI</span> attack.
|
||||
<br/>
|
||||
The Monkey used a pass-the-hash attack over WMI protocol with user <span
|
||||
className="badge badge-success">{issue.username}</span>.
|
||||
className='badge badge-success'>{issue.username}</span>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -679,15 +679,15 @@ class ReportPageComponent extends AuthComponent {
|
|||
generateSshIssue(issue) {
|
||||
return (
|
||||
<>
|
||||
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
|
||||
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
|
||||
that is not shared with other computers on the network.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">SSH</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>SSH</span> attack.
|
||||
<br/>
|
||||
The Monkey authenticated over the SSH protocol with user <span
|
||||
className="badge badge-success">{issue.username}</span> and its password.
|
||||
className='badge badge-success'>{issue.username}</span> and its password.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -696,14 +696,14 @@ class ReportPageComponent extends AuthComponent {
|
|||
generateSshKeysIssue(issue) {
|
||||
return (
|
||||
<>
|
||||
Protect <span className="badge badge-success">{issue.ssh_key}</span> private key with a pass phrase.
|
||||
Protect <span className='badge badge-success'>{issue.ssh_key}</span> private key with a pass phrase.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">SSH</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>SSH</span> attack.
|
||||
<br/>
|
||||
The Monkey authenticated over the SSH protocol with private key <span
|
||||
className="badge badge-success">{issue.ssh_key}</span>.
|
||||
className='badge badge-success'>{issue.ssh_key}</span>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -713,17 +713,17 @@ class ReportPageComponent extends AuthComponent {
|
|||
generateSambaCryIssue(issue) {
|
||||
return (
|
||||
<>
|
||||
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
|
||||
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
|
||||
that is not shared with other computers on the network.
|
||||
<br/>
|
||||
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">SambaCry</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>SambaCry</span> attack.
|
||||
<br/>
|
||||
The Monkey authenticated over the SMB protocol with user <span
|
||||
className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry
|
||||
className='badge badge-success'>{issue.username}</span> and its password, and used the SambaCry
|
||||
vulnerability.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
|
@ -735,10 +735,10 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Update your VSFTPD server to the latest version vsftpd-3.0.3.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) has a backdoor running at
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) has a backdoor running at
|
||||
port <span
|
||||
className="badge badge-danger">6200</span>.
|
||||
className='badge badge-danger'>6200</span>.
|
||||
<br/>
|
||||
The attack was made possible because the VSFTPD server was not patched against CVE-2011-2523.
|
||||
<br/><br/>In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been
|
||||
|
@ -751,7 +751,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
backdoor
|
||||
at port 6200.
|
||||
<br/><br/>Read more about the security issue and remediation <a
|
||||
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523"
|
||||
href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523'
|
||||
>here</a>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
|
@ -763,9 +763,9 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Update your Elastic Search server to version 1.4.3 and up.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
|
||||
className="badge badge-danger">Elastic Groovy</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
|
||||
className='badge badge-danger'>Elastic Groovy</span> attack.
|
||||
<br/>
|
||||
The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.
|
||||
</CollapsibleWellComponent>
|
||||
|
@ -778,12 +778,12 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Update your Bash to a ShellShock-patched version.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">ShellShock</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>ShellShock</span> attack.
|
||||
<br/>
|
||||
The attack was made possible because the HTTP server running on TCP port <span
|
||||
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
|
||||
className='badge badge-info'>{issue.port}</span> was vulnerable to a shell injection attack on the
|
||||
paths: {this.generateShellshockPathListBadges(issue.paths)}.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
|
@ -796,9 +796,9 @@ class ReportPageComponent extends AuthComponent {
|
|||
Delete VM Access plugin configuration files.
|
||||
<CollapsibleWellComponent>
|
||||
Credentials could be stolen from <span
|
||||
className="badge badge-primary">{issue.machine}</span> for the following users <span
|
||||
className="badge badge-primary">{issue.users}</span>. Read more about the security issue and remediation <a
|
||||
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/"
|
||||
className='badge badge-primary'>{issue.machine}</span> for the following users <span
|
||||
className='badge badge-primary'>{issue.users}</span>. Read more about the security issue and remediation <a
|
||||
href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/'
|
||||
>here</a>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
|
@ -810,9 +810,9 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Install the latest Windows updates or upgrade to a newer operating system.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">Conficker</span> attack.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>Conficker</span> attack.
|
||||
<br/>
|
||||
The attack was made possible because the target machine used an outdated and unpatched operating system
|
||||
vulnerable to Conficker.
|
||||
|
@ -827,7 +827,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
Segment your network and make sure there is no communication between machines from different segments.
|
||||
<CollapsibleWellComponent>
|
||||
The network can probably be segmented. A monkey instance on <span
|
||||
className="badge badge-primary">{issue.machine}</span> in the
|
||||
className='badge badge-primary'>{issue.machine}</span> in the
|
||||
networks {this.generateInfoBadges(issue.networks)}
|
||||
could directly access the Monkey Island server in the
|
||||
networks {this.generateInfoBadges(issue.server_networks)}.
|
||||
|
@ -868,7 +868,7 @@ class ReportPageComponent extends AuthComponent {
|
|||
admin sharing.
|
||||
<CollapsibleWellComponent>
|
||||
Here is a list of machines which the account <span
|
||||
className="badge badge-primary">{issue.username}</span> is defined as an administrator:
|
||||
className='badge badge-primary'>{issue.username}</span> is defined as an administrator:
|
||||
{this.generateInfoBadges(issue.shared_machines)}
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
|
@ -895,8 +895,8 @@ class ReportPageComponent extends AuthComponent {
|
|||
Use micro-segmentation policies to disable communication other than the required.
|
||||
<CollapsibleWellComponent>
|
||||
Machines are not locked down at port level. Network tunnel was set up from <span
|
||||
className="badge badge-primary">{issue.machine}</span> to <span
|
||||
className="badge badge-primary">{issue.dest}</span>.
|
||||
className='badge badge-primary'>{issue.machine}</span> to <span
|
||||
className='badge badge-primary'>{issue.dest}</span>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -907,13 +907,13 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.
|
||||
<CollapsibleWellComponent>
|
||||
Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
|
||||
className="badge badge-danger">remote code execution</span> attack.
|
||||
Struts2 server at <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
|
||||
className='badge badge-danger'>remote code execution</span> attack.
|
||||
<br/>
|
||||
The attack was made possible because the server is using an old version of Jakarta based file upload
|
||||
Multipart parser. For possible work-arounds and more info read <a
|
||||
href="https://cwiki.apache.org/confluence/display/WW/S2-045"
|
||||
href='https://cwiki.apache.org/confluence/display/WW/S2-045'
|
||||
>here</a>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
|
@ -925,13 +925,13 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Upgrade Drupal server to versions 8.5.11, 8.6.10, or later.
|
||||
<CollapsibleWellComponent>
|
||||
Drupal server at <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
|
||||
className="badge badge-danger">remote command execution</span> attack.
|
||||
Drupal server at <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
|
||||
className='badge badge-danger'>remote command execution</span> attack.
|
||||
<br/>
|
||||
The attack was made possible because the server is using an old version of Drupal, for which REST API is
|
||||
enabled. For possible workarounds, fixes and more info read
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">here</a>.
|
||||
<a href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340'>here</a>.
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
|
@ -942,9 +942,9 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Update Oracle WebLogic server to the latest supported version.
|
||||
<CollapsibleWellComponent>
|
||||
Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
|
||||
className="badge badge-danger">remote code execution</span> attacks.
|
||||
Oracle WebLogic server at <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
|
||||
className='badge badge-danger'>remote code execution</span> attacks.
|
||||
<br/>
|
||||
The attack was made possible due to one of the following vulnerabilities:
|
||||
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or
|
||||
|
@ -958,12 +958,12 @@ class ReportPageComponent extends AuthComponent {
|
|||
return (
|
||||
<>
|
||||
Run Hadoop in secure mode (<a
|
||||
href="http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html">
|
||||
href='http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html'>
|
||||
add Kerberos authentication</a>).
|
||||
<CollapsibleWellComponent>
|
||||
The Hadoop server at <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
|
||||
className="badge badge-danger">remote code execution</span> attack.
|
||||
The Hadoop server at <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
|
||||
className='badge badge-danger'>remote code execution</span> attack.
|
||||
<br/>
|
||||
The attack was made possible due to default Hadoop/Yarn configuration being insecure.
|
||||
</CollapsibleWellComponent>
|
||||
|
@ -976,17 +976,17 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Disable the xp_cmdshell option.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">MSSQL exploit attack</span>.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>MSSQL exploit attack</span>.
|
||||
<br/>
|
||||
The attack was made possible because the target machine used an outdated MSSQL server configuration allowing
|
||||
the usage of the xp_cmdshell command. To learn more about how to disable this feature, read
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
Microsoft's documentation.
|
||||
</Button>
|
||||
</CollapsibleWellComponent>
|
||||
|
@ -999,18 +999,18 @@ class ReportPageComponent extends AuthComponent {
|
|||
<>
|
||||
Install Windows security updates.
|
||||
<CollapsibleWellComponent>
|
||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className="badge badge-danger">Zerologon exploit</span>.
|
||||
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
|
||||
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
|
||||
className='badge badge-danger'>Zerologon exploit</span>.
|
||||
<br/>
|
||||
The attack was possible because the latest security updates from Microsoft
|
||||
have not been applied to this machine. For more information about this
|
||||
vulnerability, read
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
Microsoft's documentation.
|
||||
</Button>
|
||||
{!issue.password_restored ?
|
||||
|
@ -1020,10 +1020,10 @@ class ReportPageComponent extends AuthComponent {
|
|||
The domain controller's password was changed during the exploit and could not be restored successfully.
|
||||
Instructions on how to manually reset the domain controller's password can be found
|
||||
<Button
|
||||
variant={"link"}
|
||||
href="https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
|
||||
target={"_blank"}
|
||||
className={"security-report-link"}>
|
||||
variant={'link'}
|
||||
href='https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/'
|
||||
target={'_blank'}
|
||||
className={'security-report-link'}>
|
||||
here
|
||||
</Button>.
|
||||
</span>
|
||||
|
@ -1036,76 +1036,76 @@ class ReportPageComponent extends AuthComponent {
|
|||
generateIssue = (issue) => {
|
||||
let issueData;
|
||||
switch (issue.type) {
|
||||
case "vsftp":
|
||||
case 'vsftp':
|
||||
issueData = this.generateVsftpdBackdoorIssue(issue);
|
||||
break;
|
||||
case "smb_password":
|
||||
case 'smb_password':
|
||||
issueData = this.generateSmbPasswordIssue(issue);
|
||||
break;
|
||||
case "smb_pth":
|
||||
case 'smb_pth':
|
||||
issueData = this.generateSmbPthIssue(issue);
|
||||
break;
|
||||
case "wmi_password":
|
||||
case 'wmi_password':
|
||||
issueData = this.generateWmiPasswordIssue(issue);
|
||||
break;
|
||||
case "wmi_pth":
|
||||
case 'wmi_pth':
|
||||
issueData = this.generateWmiPthIssue(issue);
|
||||
break;
|
||||
case "ssh":
|
||||
case 'ssh':
|
||||
issueData = this.generateSshIssue(issue);
|
||||
break;
|
||||
case "ssh_key":
|
||||
case 'ssh_key':
|
||||
issueData = this.generateSshKeysIssue(issue);
|
||||
break;
|
||||
case "sambacry":
|
||||
case 'sambacry':
|
||||
issueData = this.generateSambaCryIssue(issue);
|
||||
break;
|
||||
case "elastic":
|
||||
case 'elastic':
|
||||
issueData = this.generateElasticIssue(issue);
|
||||
break;
|
||||
case "shellshock":
|
||||
case 'shellshock':
|
||||
issueData = this.generateShellshockIssue(issue);
|
||||
break;
|
||||
case "conficker":
|
||||
case 'conficker':
|
||||
issueData = this.generateConfickerIssue(issue);
|
||||
break;
|
||||
case "island_cross_segment":
|
||||
case 'island_cross_segment':
|
||||
issueData = this.generateIslandCrossSegmentIssue(issue);
|
||||
break;
|
||||
case "shared_passwords":
|
||||
case 'shared_passwords':
|
||||
issueData = this.generateSharedCredsIssue(issue);
|
||||
break;
|
||||
case "shared_passwords_domain":
|
||||
case 'shared_passwords_domain':
|
||||
issueData = this.generateSharedCredsDomainIssue(issue);
|
||||
break;
|
||||
case "shared_admins_domain":
|
||||
case 'shared_admins_domain':
|
||||
issueData = this.generateSharedLocalAdminsIssue(issue);
|
||||
break;
|
||||
case "strong_users_on_crit":
|
||||
case 'strong_users_on_crit':
|
||||
issueData = this.generateStrongUsersOnCritIssue(issue);
|
||||
break;
|
||||
case "tunnel":
|
||||
case 'tunnel':
|
||||
issueData = this.generateTunnelIssue(issue);
|
||||
break;
|
||||
case "azure_password":
|
||||
case 'azure_password':
|
||||
issueData = this.generateAzureIssue(issue);
|
||||
break;
|
||||
case "struts2":
|
||||
case 'struts2':
|
||||
issueData = this.generateStruts2Issue(issue);
|
||||
break;
|
||||
case "weblogic":
|
||||
case 'weblogic':
|
||||
issueData = this.generateWebLogicIssue(issue);
|
||||
break;
|
||||
case "hadoop":
|
||||
case 'hadoop':
|
||||
issueData = this.generateHadoopIssue(issue);
|
||||
break;
|
||||
case "mssql":
|
||||
case 'mssql':
|
||||
issueData = this.generateMSSQLIssue(issue);
|
||||
break;
|
||||
case "drupal":
|
||||
case 'drupal':
|
||||
issueData = this.generateDrupalIssue(issue);
|
||||
break;
|
||||
case "zerologon":
|
||||
case 'zerologon':
|
||||
issueData = this.generateZerologonIssue(issue);
|
||||
break;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue