From 3a9a92d1b9f2749c2a91251cf7ec557e5ffc092a Mon Sep 17 00:00:00 2001 From: "maor.rayzin" Date: Sun, 5 Aug 2018 11:46:47 +0300 Subject: [PATCH] * More info in the recommendations section --- monkey_island/cc/services/pth_report.py | 68 ++++++++++++++++--- .../cc/ui/src/components/pages/ReportPage.js | 32 +++++++++ 2 files changed, 91 insertions(+), 9 deletions(-) diff --git a/monkey_island/cc/services/pth_report.py b/monkey_island/cc/services/pth_report.py index 7a615db2d..6f244e09b 100644 --- a/monkey_island/cc/services/pth_report.py +++ b/monkey_island/cc/services/pth_report.py @@ -3,11 +3,18 @@ from cc.services.pth_report_utils import PassTheHashReport, Machine class PTHReportService(object): + """ + + """ + def __init__(self): pass @staticmethod def get_duplicated_password_nodes(pth): + """ + + """ usernames_lists = [] usernames_per_sid_list = [] @@ -110,7 +117,6 @@ class PTHReportService(object): @staticmethod def get_duplicated_passwords_issues(pth, password_groups): issues = [] - issues_dict = {} for group in password_groups: for username in group['cred_group']: sid = list(pth.GetSidsByUsername(username.split('\\')[1])) @@ -124,13 +130,38 @@ class PTHReportService(object): } ) - for issue in issues: - machine = issue['machine'] - if machine not in issues_dict: - issues_dict[machine] = [] - issues_dict[machine].append(issue) + return issues - return issues_dict + @staticmethod + def get_shared_local_admins_issues(shared_admins_machines): + issues = [] + for machine in shared_admins_machines: + issues.append( + { + 'type': 'shared_admins', + 'machine': machine.get('hostname'), + 'shared_accounts': machine.get('admins_accounts'), + 'ip': machine.get('ip'), + } + ) + + return issues + + @staticmethod + def strong_users_on_crit_issues(strong_users): + issues = [] + for machine in strong_users: + issues.append( + { + 'type': 'strong_users_on_crit', + 'machine': machine.get('hostname'), + 'services': machine.get('services_names'), + 'ip': machine.get('ip'), + 'threatening_users': machine.get('threatening_users') + } + ) + + return issues @staticmethod def generate_map_nodes(pth): @@ -150,14 +181,33 @@ class PTHReportService(object): return nodes_list + @staticmethod + def get_issues_list(issues): + issues_dict = {} + + for issue in issues: + machine = issue['machine'] + if machine not in issues_dict: + issues_dict[machine] = [] + issues_dict[machine].append(issue) + + return issues_dict + @staticmethod def get_report(): + + issues = [] pth = PassTheHashReport() + same_password = PTHReportService.get_duplicated_password_nodes(pth) local_admin_shared = PTHReportService.get_shared_local_admins_nodes(pth) strong_users_on_crit_services = PTHReportService.get_strong_users_on_crit_services(pth) strong_users_on_non_crit_services = PTHReportService.get_strong_users_on_non_crit_services(pth) - issues = PTHReportService.get_duplicated_passwords_issues(pth, same_password) + + issues += PTHReportService.get_duplicated_passwords_issues(pth, same_password) + issues += PTHReportService.get_shared_local_admins_issues(local_admin_shared) + issues += PTHReportService.strong_users_on_crit_issues(strong_users_on_crit_services) + formated_issues = PTHReportService.get_issues_list(issues) report = \ { @@ -167,7 +217,7 @@ class PTHReportService(object): 'local_admin_shared': local_admin_shared, 'strong_users_on_crit_services': strong_users_on_crit_services, 'strong_users_on_non_crit_services': strong_users_on_non_crit_services, - 'pth_issues': issues + 'pth_issues': formated_issues }, 'pthmap': { diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js index ed75da059..5db48036b 100644 --- a/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -751,6 +751,32 @@ class ReportPageComponent extends AuthComponent { ); } + generateSharedLocalAdminsIssue(issue) { + return ( +
  • + This machine shares a local admin account with another machine + + Here is a list showing users that are acting as admins on this machine and others: + {this.generateInfoBadges(issue.shared_accounts)} + +
    • + ); + } + + generateStrongUsersOnCritIssue(issue) { + return ( +
  • + This critical machine is open to attacks via strong users with access to it. + + The services: {this.generateInfoBadges(issue.services)} have been found on the machine + thus classifying it as a critical machine. + These users has access to it: + {this.generateInfoBadges(issue.threatening_users)}. + +
    • + ); + } + generateTunnelIssue(issue) { return (
  • @@ -826,6 +852,12 @@ class ReportPageComponent extends AuthComponent { case 'shared_password': data = this.generateSharedCredsIssue(issue); break; + case 'shared_admins': + data = this.generateSharedLocalAdminsIssue(issue); + break; + case 'strong_users_on_crit': + data = this.generateStrongUsersOnCritIssue(issue); + break; case 'tunnel': data = this.generateTunnelIssue(issue); break;