p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Island: Remove WebLogic exploiter

This commit is contained in:
Ilija Lazoroski 2022-04-08 14:06:34 +02:00 committed by ilija-lazoroski
parent d9c295bed4
commit c10b5c9e79
6 changed files with 0 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
monkey/monkey_island/cc/services/config_schema/basic.py
View File

@ -18,7 +18,6 @@ BASIC = {
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"Log4ShellExploiter", "Log4ShellExploiter",
"WebLogicExploiter",
"HadoopExploiter", "HadoopExploiter",
"MSSQLExploiter", "MSSQLExploiter",
"PowerShellExploiter", "PowerShellExploiter",

9
monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
View File

@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
"link": "https://www.guardicore.com/infectionmonkey/docs/reference" "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/sshexec/", "/exploiters/sshexec/",
}, },
{
"type": "string",
"enum": ["WebLogicExploiter"],
"title": "WebLogic Exploiter",
"safe": True,
"info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
"/weblogic/",
},
{ {
"type": "string", "type": "string",
"enum": ["HadoopExploiter"], "enum": ["HadoopExploiter"],

22
monkey/monkey_island/cc/services/reporting/aws_exporter.py
View File

@ -81,7 +81,6 @@ class AWSExporter(Exporter):
"shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue, "shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue,
"shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue, "shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue,
"strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue, "strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue,
ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue,
ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue, ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue,
} }
@ -386,27 +385,6 @@ class AWSExporter(Exporter):
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
) )
@staticmethod
def _handle_weblogic_issue(issue, instance_arn):
return AWSExporter._build_generic_finding(
severity=10,
title="Oracle WebLogic servers are vulnerable to remote code execution.",
description="Install Oracle critical patch updates. Or update to the latest "
"version. "
"Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and "
"12.2.1.2.0.",
recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable "
"to remote code execution attack."
"The attack was made possible due to incorrect permission "
"assignment in Oracle Fusion Middleware "
"(subcomponent: WLS Security).".format(
machine=issue["machine"], ip_address=issue["ip_address"]
),
instance_arn=instance_arn,
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
)
@staticmethod @staticmethod
def _handle_hadoop_issue(issue, instance_arn): def _handle_hadoop_issue(issue, instance_arn):

3
monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
View File

@ -28,9 +28,6 @@ class ExploiterDescriptorEnum(Enum):
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor) SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor) WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor) SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
WEBLOGIC = ExploiterDescriptor(
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
)
HADOOP = ExploiterDescriptor("HadoopExploiter", "Hadoop/Yarn Exploiter", ExploitProcessor) HADOOP = ExploiterDescriptor("HadoopExploiter", "Hadoop/Yarn Exploiter", ExploitProcessor)
MSSQL = ExploiterDescriptor("MSSQLExploiter", "MSSQL Exploiter", ExploitProcessor) MSSQL = ExploiterDescriptor("MSSQLExploiter", "MSSQL Exploiter", ExploitProcessor)
ZEROLOGON = ExploiterDescriptor( ZEROLOGON = ExploiterDescriptor(

6
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -20,7 +20,6 @@ import guardicoreLogoImage from '../../images/guardicore-logo.png'
import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons'; import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
import '../../styles/App.css'; import '../../styles/App.css';
import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue'; import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue';
import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue'; import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue'; import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue'; import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
@ -76,11 +75,6 @@ class ReportPageComponent extends AuthComponent {
}, },
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}, },
'WebLogicExploiter': {
[this.issueContentTypes.OVERVIEW]: webLogicIssueOverview,
[this.issueContentTypes.REPORT]: webLogicIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'HadoopExploiter': { 'HadoopExploiter': {
[this.issueContentTypes.OVERVIEW]: hadoopIssueOverview, [this.issueContentTypes.OVERVIEW]: hadoopIssueOverview,
[this.issueContentTypes.REPORT]: hadoopIssueReport, [this.issueContentTypes.REPORT]: hadoopIssueReport,

23
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js
View File

@ -1,23 +0,0 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function webLogicIssueOverview() {
return (<li>Oracle WebLogic servers are susceptible to a remote code execution vulnerability.</li>)
}
export function webLogicIssueReport(issue) {
return (
<>
Update Oracle WebLogic server to the latest supported version.
<CollapsibleWellComponent>
Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
className="badge badge-danger">remote code execution</span> attacks.
<br/>
The attack was made possible due to one of the following vulnerabilities:
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725'}> CVE-2019-2725</a>
</CollapsibleWellComponent>
</>
);
}