p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ui: replace "(UNSAFE)" text with warning icon

This commit is contained in:
Mike Salvatore 2021-01-28 08:14:18 -05:00
parent 32cdc034f3
commit 155da384c2
7 changed files with 62 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
View File

@ -12,6 +12,7 @@ EXPLOITER_CLASSES = {
"SmbExploiter" "SmbExploiter"
], ],
"title": "SMB Exploiter", "title": "SMB Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1075", "T1035"], "attack_techniques": ["T1110", "T1075", "T1035"],
"info": "Brute forces using credentials provided by user and" "info": "Brute forces using credentials provided by user and"
" hashes gathered by mimikatz.", " hashes gathered by mimikatz.",
@ -23,6 +24,7 @@ EXPLOITER_CLASSES = {
"WmiExploiter" "WmiExploiter"
], ],
"title": "WMI Exploiter", "title": "WMI Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1106"], "attack_techniques": ["T1110", "T1106"],
"info": "Brute forces WMI (Windows Management Instrumentation) " "info": "Brute forces WMI (Windows Management Instrumentation) "
"using credentials provided by user and hashes gathered by mimikatz.", "using credentials provided by user and hashes gathered by mimikatz.",
@ -34,6 +36,7 @@ EXPLOITER_CLASSES = {
"MSSQLExploiter" "MSSQLExploiter"
], ],
"title": "MSSQL Exploiter", "title": "MSSQL Exploiter",
"safe": True,
"attack_techniques": ["T1110"], "attack_techniques": ["T1110"],
"info": "Tries to brute force into MsSQL server and uses insecure " "info": "Tries to brute force into MsSQL server and uses insecure "
"configuration to execute commands on server.", "configuration to execute commands on server.",
@ -44,7 +47,8 @@ EXPLOITER_CLASSES = {
"enum": [ "enum": [
"Ms08_067_Exploiter" "Ms08_067_Exploiter"
], ],
"title": "MS08-067 Exploiter (UNSAFE)", "title": "MS08-067 Exploiter",
"safe": False,
"info": "Unsafe exploiter, that might cause system crash due to the use of buffer overflow. " "info": "Unsafe exploiter, that might cause system crash due to the use of buffer overflow. "
"Uses MS08-067 vulnerability.", "Uses MS08-067 vulnerability.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/"
@ -55,6 +59,7 @@ EXPLOITER_CLASSES = {
"SSHExploiter" "SSHExploiter"
], ],
"title": "SSH Exploiter", "title": "SSH Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1145", "T1106"], "attack_techniques": ["T1110", "T1145", "T1106"],
"info": "Brute forces using credentials provided by user and SSH keys gathered from systems.", "info": "Brute forces using credentials provided by user and SSH keys gathered from systems.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/"
@ -65,6 +70,7 @@ EXPLOITER_CLASSES = {
"ShellShockExploiter" "ShellShockExploiter"
], ],
"title": "ShellShock Exploiter", "title": "ShellShock Exploiter",
"safe": True,
"info": "CVE-2014-6271, based on logic from " "info": "CVE-2014-6271, based on logic from "
"https://github.com/nccgroup/shocker/blob/master/shocker.py .", "https://github.com/nccgroup/shocker/blob/master/shocker.py .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/"
@ -75,6 +81,7 @@ EXPLOITER_CLASSES = {
"SambaCryExploiter" "SambaCryExploiter"
], ],
"title": "SambaCry Exploiter", "title": "SambaCry Exploiter",
"safe": True,
"info": "Bruteforces and searches for anonymous shares. Uses Impacket.", "info": "Bruteforces and searches for anonymous shares. Uses Impacket.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/"
}, },
@ -84,6 +91,7 @@ EXPLOITER_CLASSES = {
"ElasticGroovyExploiter" "ElasticGroovyExploiter"
], ],
"title": "ElasticGroovy Exploiter", "title": "ElasticGroovy Exploiter",
"safe": True,
"info": "CVE-2015-1427. Logic is based on Metasploit module.", "info": "CVE-2015-1427. Logic is based on Metasploit module.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/"
}, },
@ -93,6 +101,7 @@ EXPLOITER_CLASSES = {
"Struts2Exploiter" "Struts2Exploiter"
], ],
"title": "Struts2 Exploiter", "title": "Struts2 Exploiter",
"safe": True,
"info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on " "info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on "
"https://www.exploit-db.com/exploits/41570 .", "https://www.exploit-db.com/exploits/41570 .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/"
@ -103,6 +112,7 @@ EXPLOITER_CLASSES = {
"WebLogicExploiter" "WebLogicExploiter"
], ],
"title": "WebLogic Exploiter", "title": "WebLogic Exploiter",
"safe": True,
"info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.", "info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/"
}, },
@ -112,6 +122,7 @@ EXPLOITER_CLASSES = {
"HadoopExploiter" "HadoopExploiter"
], ],
"title": "Hadoop/Yarn Exploiter", "title": "Hadoop/Yarn Exploiter",
"safe": True,
"info": "Remote code execution on HADOOP server with YARN and default settings. " "info": "Remote code execution on HADOOP server with YARN and default settings. "
"Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.", "Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/"
@ -122,6 +133,7 @@ EXPLOITER_CLASSES = {
"VSFTPDExploiter" "VSFTPDExploiter"
], ],
"title": "VSFTPD Exploiter", "title": "VSFTPD Exploiter",
"safe": True,
"info": "Exploits a malicious backdoor that was added to the VSFTPD download archive. " "info": "Exploits a malicious backdoor that was added to the VSFTPD download archive. "
"Logic based on Metasploit module.", "Logic based on Metasploit module.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/"
@ -132,6 +144,7 @@ EXPLOITER_CLASSES = {
"DrupalExploiter" "DrupalExploiter"
], ],
"title": "Drupal Exploiter", "title": "Drupal Exploiter",
"safe": True,
"info": "Exploits a remote command execution vulnerability in a Drupal server," "info": "Exploits a remote command execution vulnerability in a Drupal server,"
"for which certain modules (such as RESTful Web Services) are enabled.", "for which certain modules (such as RESTful Web Services) are enabled.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/"

8
monkey/monkey_island/cc/services/config_schema/definitions/finger_classes.py
View File

@ -10,6 +10,7 @@ FINGER_CLASSES = {
"SMBFinger" "SMBFinger"
], ],
"title": "SMBFinger", "title": "SMBFinger",
"safe": True,
"info": "Figures out if SMB is running and what's the version of it.", "info": "Figures out if SMB is running and what's the version of it.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
}, },
@ -19,6 +20,7 @@ FINGER_CLASSES = {
"SSHFinger" "SSHFinger"
], ],
"title": "SSHFinger", "title": "SSHFinger",
"safe": True,
"info": "Figures out if SSH is running.", "info": "Figures out if SSH is running.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
}, },
@ -28,6 +30,7 @@ FINGER_CLASSES = {
"PingScanner" "PingScanner"
], ],
"title": "PingScanner", "title": "PingScanner",
"safe": True,
"info": "Tries to identify if host is alive and which OS it's running by ping scan." "info": "Tries to identify if host is alive and which OS it's running by ping scan."
}, },
{ {
@ -36,6 +39,7 @@ FINGER_CLASSES = {
"HTTPFinger" "HTTPFinger"
], ],
"title": "HTTPFinger", "title": "HTTPFinger",
"safe": True,
"info": "Checks if host has HTTP/HTTPS ports open." "info": "Checks if host has HTTP/HTTPS ports open."
}, },
{ {
@ -44,6 +48,7 @@ FINGER_CLASSES = {
"MySQLFinger" "MySQLFinger"
], ],
"title": "MySQLFinger", "title": "MySQLFinger",
"safe": True,
"info": "Checks if MySQL server is running and tries to get it's version.", "info": "Checks if MySQL server is running and tries to get it's version.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
}, },
@ -53,6 +58,7 @@ FINGER_CLASSES = {
"MSSQLFinger" "MSSQLFinger"
], ],
"title": "MSSQLFinger", "title": "MSSQLFinger",
"safe": True,
"info": "Checks if Microsoft SQL service is running and tries to gather information about it.", "info": "Checks if Microsoft SQL service is running and tries to gather information about it.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
}, },
@ -62,6 +68,7 @@ FINGER_CLASSES = {
"ElasticFinger" "ElasticFinger"
], ],
"title": "ElasticFinger", "title": "ElasticFinger",
"safe": True,
"info": "Checks if ElasticSearch is running and attempts to find it's version.", "info": "Checks if ElasticSearch is running and attempts to find it's version.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
}, },
@ -71,6 +78,7 @@ FINGER_CLASSES = {
"WindowsServerFinger" "WindowsServerFinger"
], ],
"title": "WindowsServerFinger", "title": "WindowsServerFinger",
"safe": True,
"info": "Checks if server is a Windows Server and tests if it is vulnerable to Zerologon.", "info": "Checks if server is a Windows Server and tests if it is vulnerable to Zerologon.",
"attack_techniques": ["T1210"] "attack_techniques": ["T1210"]
} }

11
monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py
View File

@ -10,6 +10,7 @@ POST_BREACH_ACTIONS = {
"BackdoorUser" "BackdoorUser"
], ],
"title": "Back door user", "title": "Back door user",
"safe": True,
"info": "Attempts to create a new user on the system and delete it afterwards.", "info": "Attempts to create a new user on the system and delete it afterwards.",
"attack_techniques": ["T1136"] "attack_techniques": ["T1136"]
}, },
@ -19,6 +20,7 @@ POST_BREACH_ACTIONS = {
"CommunicateAsNewUser" "CommunicateAsNewUser"
], ],
"title": "Communicate as new user", "title": "Communicate as new user",
"safe": True,
"info": "Attempts to create a new user, create HTTPS requests as that user and delete the user " "info": "Attempts to create a new user, create HTTPS requests as that user and delete the user "
"afterwards.", "afterwards.",
"attack_techniques": ["T1136"] "attack_techniques": ["T1136"]
@ -29,6 +31,7 @@ POST_BREACH_ACTIONS = {
"ModifyShellStartupFiles" "ModifyShellStartupFiles"
], ],
"title": "Modify shell startup files", "title": "Modify shell startup files",
"safe": True,
"info": "Attempts to modify shell startup files, like ~/.profile, ~/.bashrc, ~/.bash_profile " "info": "Attempts to modify shell startup files, like ~/.profile, ~/.bashrc, ~/.bash_profile "
"in linux, and profile.ps1 in windows. Reverts modifications done afterwards.", "in linux, and profile.ps1 in windows. Reverts modifications done afterwards.",
"attack_techniques": ["T1156", "T1504"] "attack_techniques": ["T1156", "T1504"]
@ -39,6 +42,7 @@ POST_BREACH_ACTIONS = {
"HiddenFiles" "HiddenFiles"
], ],
"title": "Hidden files and directories", "title": "Hidden files and directories",
"safe": True,
"info": "Attempts to create a hidden file and remove it afterward.", "info": "Attempts to create a hidden file and remove it afterward.",
"attack_techniques": ["T1158"] "attack_techniques": ["T1158"]
}, },
@ -48,6 +52,7 @@ POST_BREACH_ACTIONS = {
"TrapCommand" "TrapCommand"
], ],
"title": "Trap", "title": "Trap",
"safe": True,
"info": "On Linux systems, attempts to trap an interrupt signal in order to execute a command " "info": "On Linux systems, attempts to trap an interrupt signal in order to execute a command "
"upon receiving that signal. Removes the trap afterwards.", "upon receiving that signal. Removes the trap afterwards.",
"attack_techniques": ["T1154"] "attack_techniques": ["T1154"]
@ -58,6 +63,7 @@ POST_BREACH_ACTIONS = {
"ChangeSetuidSetgid" "ChangeSetuidSetgid"
], ],
"title": "Setuid and Setgid", "title": "Setuid and Setgid",
"safe": True,
"info": "On Linux systems, attempts to set the setuid and setgid bits of a new file. " "info": "On Linux systems, attempts to set the setuid and setgid bits of a new file. "
"Removes the file afterwards.", "Removes the file afterwards.",
"attack_techniques": ["T1166"] "attack_techniques": ["T1166"]
@ -68,6 +74,7 @@ POST_BREACH_ACTIONS = {
"ScheduleJobs" "ScheduleJobs"
], ],
"title": "Job scheduling", "title": "Job scheduling",
"safe": True,
"info": "Attempts to create a scheduled job on the system and remove it.", "info": "Attempts to create a scheduled job on the system and remove it.",
"attack_techniques": ["T1168", "T1053"] "attack_techniques": ["T1168", "T1053"]
}, },
@ -77,6 +84,7 @@ POST_BREACH_ACTIONS = {
"Timestomping" "Timestomping"
], ],
"title": "Timestomping", "title": "Timestomping",
"safe": True,
"info": "Creates a temporary file and attempts to modify its time attributes. Removes the file afterwards.", "info": "Creates a temporary file and attempts to modify its time attributes. Removes the file afterwards.",
"attack_techniques": ["T1099"] "attack_techniques": ["T1099"]
}, },
@ -86,6 +94,7 @@ POST_BREACH_ACTIONS = {
"SignedScriptProxyExecution" "SignedScriptProxyExecution"
], ],
"title": "Signed script proxy execution", "title": "Signed script proxy execution",
"safe": False,
"info": "On Windows systems, attemps to execute an arbitrary file " "info": "On Windows systems, attemps to execute an arbitrary file "
"with the help of a pre-existing signed script.", "with the help of a pre-existing signed script.",
"attack_techniques": ["T1216"] "attack_techniques": ["T1216"]
@ -96,6 +105,7 @@ POST_BREACH_ACTIONS = {
"AccountDiscovery" "AccountDiscovery"
], ],
"title": "Account Discovery", "title": "Account Discovery",
"safe": True,
"info": "Attempts to get a listing of user accounts on the system.", "info": "Attempts to get a listing of user accounts on the system.",
"attack_techniques": ["T1087"] "attack_techniques": ["T1087"]
}, },
@ -105,6 +115,7 @@ POST_BREACH_ACTIONS = {
"ClearCommandHistory" "ClearCommandHistory"
], ],
"title": "Clear command history", "title": "Clear command history",
"safe": False,
"info": "Attempts to clear the command history.", "info": "Attempts to clear the command history.",
"attack_techniques": ["T1146"] "attack_techniques": ["T1146"]
} }

6
monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
View File

@ -16,6 +16,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
ENVIRONMENT_COLLECTOR ENVIRONMENT_COLLECTOR
], ],
"title": "Environment collector", "title": "Environment collector",
"safe": True,
"info": "Collects information about machine's environment (on premise/GCP/AWS).", "info": "Collects information about machine's environment (on premise/GCP/AWS).",
"attack_techniques": ["T1082"] "attack_techniques": ["T1082"]
}, },
@ -25,6 +26,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
MIMIKATZ_COLLECTOR MIMIKATZ_COLLECTOR
], ],
"title": "Mimikatz collector", "title": "Mimikatz collector",
"safe": True,
"info": "Collects credentials from Windows credential manager.", "info": "Collects credentials from Windows credential manager.",
"attack_techniques": ["T1003", "T1005"] "attack_techniques": ["T1003", "T1005"]
}, },
@ -34,6 +36,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
AWS_COLLECTOR AWS_COLLECTOR
], ],
"title": "AWS collector", "title": "AWS collector",
"safe": True,
"info": "If on AWS, collects more information about the AWS instance currently running on.", "info": "If on AWS, collects more information about the AWS instance currently running on.",
"attack_techniques": ["T1082"] "attack_techniques": ["T1082"]
}, },
@ -43,6 +46,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
HOSTNAME_COLLECTOR HOSTNAME_COLLECTOR
], ],
"title": "Hostname collector", "title": "Hostname collector",
"safe": True,
"info": "Collects machine's hostname.", "info": "Collects machine's hostname.",
"attack_techniques": ["T1082", "T1016"] "attack_techniques": ["T1082", "T1016"]
}, },
@ -52,6 +56,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
PROCESS_LIST_COLLECTOR PROCESS_LIST_COLLECTOR
], ],
"title": "Process list collector", "title": "Process list collector",
"safe": True,
"info": "Collects a list of running processes on the machine.", "info": "Collects a list of running processes on the machine.",
"attack_techniques": ["T1082"] "attack_techniques": ["T1082"]
}, },
@ -61,6 +66,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
AZURE_CRED_COLLECTOR AZURE_CRED_COLLECTOR
], ],
"title": "Azure credential collector", "title": "Azure credential collector",
"safe": True,
"info": "Collects password credentials from Azure VMs", "info": "Collects password credentials from Azure VMs",
"attack_techniques": ["T1003", "T1005"] "attack_techniques": ["T1003", "T1005"]
} }

7
monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js
View File

@ -123,6 +123,10 @@ class AdvancedMultiSelect extends React.Component {
})); }));
} }
isSafe(itemKey) {
return getFullDefinitionByKey(this.infoPaneRefString, this.registry, itemKey).safe;
}
render() { render() {
const { const {
schema, schema,
@ -149,7 +153,8 @@ class AdvancedMultiSelect extends React.Component {
return ( return (
<ChildCheckbox key={i} onPaneClick={this.setPaneInfo} <ChildCheckbox key={i} onPaneClick={this.setPaneInfo}
onClick={this.onChildCheckboxClick} value={value} onClick={this.onChildCheckboxClick} value={value}
disabled={disabled} label={label} checkboxState={this.props.value.includes(value)}/> disabled={disabled} label={label} checkboxState={this.props.value.includes(value)}
safe={this.isSafe(value)}/>
); );
} }
)} )}

13
monkey/monkey_island/cc/ui/src/components/ui-components/ChildCheckbox.js
View File

@ -2,7 +2,7 @@ import React from 'react';
import {Button, Form} from 'react-bootstrap'; import {Button, Form} from 'react-bootstrap';
import {FontAwesomeIcon} from '@fortawesome/react-fontawesome'; import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
import {faCheckSquare} from '@fortawesome/free-solid-svg-icons'; import {faCheckSquare, faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
import {faSquare} from '@fortawesome/free-regular-svg-icons'; import {faSquare} from '@fortawesome/free-regular-svg-icons';
function ChildCheckbox(props) { function ChildCheckbox(props) {
@ -12,15 +12,22 @@ function ChildCheckbox(props) {
value, value,
disabled, disabled,
label, label,
checkboxState checkboxState,
safe
} = props; } = props;
let displayLabel = [<span key={'label'} className={'option-text'}>{label}</span>];
if (!safe) {
displayLabel.push(<FontAwesomeIcon key="unsafe-indicator" className="unsafe-indicator" icon={faExclamationTriangle}/>)
}
return ( return (
<Form.Group onClick={() => onPaneClick(value)}> <Form.Group onClick={() => onPaneClick(value)}>
<Button value={value} variant={'link'} disabled={disabled} onClick={() => onClick(value)}> <Button value={value} variant={'link'} disabled={disabled} onClick={() => onClick(value)}>
<FontAwesomeIcon icon={checkboxState ? faCheckSquare : faSquare}/> <FontAwesomeIcon icon={checkboxState ? faCheckSquare : faSquare}/>
</Button> </Button>
<span className={'option-text'}>{label}</span> {displayLabel}
</Form.Group> </Form.Group>
); );
} }

7
monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss
View File

@ -57,3 +57,10 @@
white-space: pre-wrap; white-space: pre-wrap;
} }
.unsafe-indicator {
text-transform: uppercase;
color: #ffc107;
font-weight: 900;
margin-left: .75em;
margin-right: .75em;
}