p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Implemented issues and warnings on overview

This commit is contained in:
Itay Mizeretz 2017-12-12 16:33:16 +02:00
parent f2b631745d
commit 434c72f69f
2 changed files with 119 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
monkey_island/cc/services/report.py
View File

@ -25,6 +25,18 @@ class ReportService:
'ShellShockExploiter': 'ShellShock Exploiter', 'ShellShockExploiter': 'ShellShock Exploiter',
} }
class ISSUES_DICT:
WEAK_PASSWORD = 0
STOLEN_CREDS = 1
ELASTIC = 2
SAMBACRY = 3
SHELLSHOCK = 4
CONFICKER = 5
class WARNINGS_DICT:
CROSS_SEGMENT = 0
TUNNEL = 1
@staticmethod @staticmethod
def get_first_monkey_time(): def get_first_monkey_time():
return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', 1)]).limit(1)[0]['timestamp'] return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', 1)]).limit(1)[0]['timestamp']
@ -139,6 +151,7 @@ class ReportService:
processed_exploit['username'] = attempt['user'] processed_exploit['username'] = attempt['user']
if len(attempt['password']) > 0: if len(attempt['password']) > 0:
processed_exploit['type'] = 'password' processed_exploit['type'] = 'password'
processed_exploit['password'] = attempt['password']
else: else:
processed_exploit['type'] = 'hash' processed_exploit['type'] = 'hash'
return processed_exploit return processed_exploit
@ -232,9 +245,9 @@ class ReportService:
@staticmethod @staticmethod
def get_monkey_subnets(monkey_guid): def get_monkey_subnets(monkey_guid):
network_info = mongo.db.telemetry.find_one( network_info = mongo.db.telemetry.find_one(
{'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid}, {'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid},
{'data.network_info.networks': 1} {'data.network_info.networks': 1}
) )
if network_info is None: if network_info is None:
return [] return []
@ -315,22 +328,61 @@ class ReportService:
def get_config_scan(): def get_config_scan():
return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan'], True) return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan'], True)
@staticmethod
def get_issues_overview(issues, config_users, config_passwords):
issues_byte_array = [False] * 6
for machine in issues:
for issue in issues[machine]:
if issue['type'] == 'elastic':
issues_byte_array[ReportService.ISSUES_DICT.ELASTIC] = True
elif issue['type'] == 'sambacry':
issues_byte_array[ReportService.ISSUES_DICT.SAMBACRY] = True
elif issue['type'] == 'shellshock':
issues_byte_array[ReportService.ISSUES_DICT.SHELLSHOCK] = True
elif issue['type'] == 'conficker':
issues_byte_array[ReportService.ISSUES_DICT.CONFICKER] = True
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
issue['username'] in config_users:
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD] = True
elif issue['type'].endswith('_pth') or issue['type'].endswith('_password'):
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_CREDS] = True
return issues_byte_array
@staticmethod
def get_warnings_overview(issues):
warnings_byte_array = [False] * 2
for machine in issues:
for issue in issues[machine]:
if issue['type'] == 'cross_segment':
warnings_byte_array[ReportService.WARNINGS_DICT.CROSS_SEGMENT] = True
elif issue['type'] == 'tunnel':
warnings_byte_array[ReportService.WARNINGS_DICT.TUNNEL] = True
return warnings_byte_array
@staticmethod @staticmethod
def get_report(): def get_report():
issues = ReportService.get_issues()
config_users = ReportService.get_config_users()
config_passwords = ReportService.get_config_passwords()
return \ return \
{ {
'overview': 'overview':
{ {
'manual_monkeys': ReportService.get_manual_monkeys(), 'manual_monkeys': ReportService.get_manual_monkeys(),
'config_users': ReportService.get_config_users(), 'config_users': config_users,
'config_passwords': ReportService.get_config_passwords(), 'config_passwords': config_passwords,
'config_exploits': ReportService.get_config_exploits(), 'config_exploits': ReportService.get_config_exploits(),
'config_ips': ReportService.get_config_ips(), 'config_ips': ReportService.get_config_ips(),
'config_scan': ReportService.get_config_scan(), 'config_scan': ReportService.get_config_scan(),
'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"), 'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"),
'monkey_duration': ReportService.get_monkey_duration(), 'monkey_duration': ReportService.get_monkey_duration(),
'issues': [False, True, True, True, False, True], 'issues': ReportService.get_issues_overview(issues, config_users, config_passwords),
'warnings': [True, True] 'warnings': ReportService.get_warnings_overview(issues)
}, },
'glance': 'glance':
{ {
@ -340,7 +392,7 @@ class ReportService:
}, },
'recommendations': 'recommendations':
{ {
'issues': ReportService.get_issues() 'issues': issues
} }
} }

94
monkey_island/cc/ui/src/components/pages/ReportPage.js
View File

@ -498,46 +498,70 @@ class ReportPageComponent extends React.Component {
<h3> <h3>
Immediate Threats Immediate Threats
</h3> </h3>
During this simulated attack the Monkey uncovered <span {
className="label label-warning">{this.state.report.overview.issues.filter(function (x) { this.state.report.overview.issues.filter(function (x) {
return x === true; return x === true;
}).length} issues</span>: }).length > 0 ?
<ul> <div>
{this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? During this simulated attack the Monkey uncovered <span
<li>Users with weak passwords.</li> : null} className="label label-warning">
{this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ? {this.state.report.overview.issues.filter(function (x) {
<li>Stolen credentials were used to exploit other machines.</li> : null} return x === true;
{this.state.report.overview.issues[this.Issue.ELASTIC] ? }).length} issues</span>:
<li>Elastic Search servers not patched for <a <ul>
href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>. {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
</li> : null} <li>Users with passwords supplied in config.</li> : null}
{this.state.report.overview.issues[this.Issue.SAMBACRY] ? {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
<li>Samba servers not patched for SambaCry (<a <li>Stolen credentials were used to exploit other machines.</li> : null}
href="https://www.samba.org/samba/security/CVE-2017-7494.html" {this.state.report.overview.issues[this.Issue.ELASTIC] ?
>CVE-2017-7494</a>).</li> : null} <li>Elastic Search servers not patched for <a
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>.
<li>Machines not patched for the Shellshock (<a </li> : null}
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>). {this.state.report.overview.issues[this.Issue.SAMBACRY] ?
</li> : null} <li>Samba servers not patched for SambaCry (<a
{this.state.report.overview.issues[this.Issue.CONFICKER] ? href="https://www.samba.org/samba/security/CVE-2017-7494.html"
<li>Machines not patched for the Conficker (<a >CVE-2017-7494</a>).</li> : null}
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067" {this.state.report.overview.issues[this.Issue.SHELLSHOCK] ?
>MS08-067</a>).</li> : null} <li>Machines not patched for the Shellshock (<a
</ul> href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
</li> : null}
{this.state.report.overview.issues[this.Issue.CONFICKER] ?
<li>Machines not patched for the Conficker (<a
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067"
>MS08-067</a>).</li> : null}
</ul>
</div>
:
<div>
During this simulated attack the Monkey uncovered <span
className="label label-success">0 issues</span>.
</div>
}
</div> </div>
<div> <div>
<h3> <h3>
Security Issues Security Issues
</h3> </h3>
The monkey uncovered the following possible set of issues: {
<ul> this.state.report.overview.warnings.filter(function (x) {
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? return x === true;
<li>Possible cross segment traffic. Infected machines could communicate with the }).length > 0 ?
Monkey Island despite crossing segment boundaries using unused ports.</li> : null} <div>
{this.state.report.overview.warnings[this.Warning.TUNNEL] ? The monkey uncovered the following possible set of issues:
<li>Lack of Micro-segmentation, machines successfully tunneled monkey activity <ul>
using unused ports.</li> : null} {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ?
</ul> <li>Possible cross segment traffic. Infected machines could communicate with the
Monkey Island despite crossing segment boundaries using unused ports.</li> : null}
{this.state.report.overview.warnings[this.Warning.TUNNEL] ?
<li>Lack of Micro-segmentation, machines successfully tunneled monkey activity
using unused ports.</li> : null}
</ul>
</div>
:
<div>
The monkey did not find any issues.
</div>
}
</div> </div>
</div> </div>
<div id="recommendations"> <div id="recommendations">