p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Stolen Passwords section 

Add example of every security issue (both overview and recommendation sections)
Add 'Generating Report' waiting text
This commit is contained in:
Itay Mizeretz 2017-11-14 14:48:36 +02:00
parent c9e6d890e7
commit f2e6600d88
2 changed files with 222 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
monkey_island/cc/ui/src/components/pages/ReportPage.js
View File

@ -4,11 +4,18 @@ import BreachedServers from 'components/report-components/BreachedServers';
import ScannedServers from 'components/report-components/ScannedServers';
import {ReactiveGraph} from 'components/reactive-graph/ReactiveGraph';
import {options, edgeGroupToColor} from 'components/map/MapOptions';
import StolenPasswords from 'components/report-components/StolenPasswords';
class ReportPageComponent extends React.Component {
constructor(props) {
super(props);
this.stolen_passwords =
[
{username: 'admin', password: 'secretpassword', type: 'password', origin: 'Monkey-SMB'},
{username: 'user', password: 'my_password', type: 'password', origin: 'Monkey-SMB2'},
{username: 'dan', password: '066DDFD4EF0E9CD7C256FE77191EF43C', type: 'NTLM', origin: 'Monkey-RDP'},
{username: 'joe', password: 'FDA95FBECA288D44AAD3B435B51404EE', type: 'LM', origin: 'Monkey-RDP'}
];
this.state = {
report: {},
graph: {nodes: [], edges: []}
@ -48,13 +55,14 @@ class ReportPageComponent extends React.Component {
}
render() {
let content;
if (Object.keys(this.state.report).length === 0) {
return (<div />);
}
return (
<Col xs={12} lg={8}>
<h1 className="page-title">4. Security Report</h1>
<div style={{'fontSize': '1.2em'}}>
content = (<h1>Generating Report...</h1>);
} else {
content =
(
<div>
<div id="overview">
<h1>
Overview
@ -71,19 +79,23 @@ class ReportPageComponent extends React.Component {
</div>
<div>
{/* TODO: Replace 3 with data */}
During this simulated attack the Monkey uncovered <span className="label label-warning">3 issues</span>, detailed below. The security issues uncovered included:
During this simulated attack the Monkey uncovered <span className="label label-warning">6 issues</span>, detailed below. The security issues uncovered included:
<ul className="report">
{/* TODO: Replace lis with data */}
<li className="report">Weak user/passwords combinations</li>
<li className="report">Machines not patched for the Shellshock bug</li>
<li className="report">Weak user/passwords combinations.</li>
<li className="report">Stolen passwords/hashes used to exploit other machines.</li>
<li className="report">Elastic Search servers not patched for CVE-2015-1427 bug.</li>
<li className="report">Samba servers not patched for SambaCry bug.</li>
<li className="report">Machines not patched for the Shellshock bug.</li>
<li className="report">Machines not patched for the Conficker bug.</li>
</ul>
</div>
<div>
In addition, the monkey uncovered the following possible set of issues:
<ul className="report">
{/* TODO: Replace lis with data */}
<li className="report">Machines from another segment accessed the Monkey Island</li>
<li className="report">Network tunnels were created successfully</li>
<li className="report">Machines freely accessed the Monkey Island despite being on different networks.</li>
<li className="report">Machines are not locked down at port level, tunnels between network segments were setup successfully.</li>
</ul>
</div>
<p>
@ -110,6 +122,12 @@ class ReportPageComponent extends React.Component {
{/* TODO: Add table of scanned servers */}
</div>
</div>
<div id="passwords">
<h1>
Stolen Credentials
</h1>
<StolenPasswords data={this.stolen_passwords} />
</div>
<div id="recommendations">
<h1>
Recommendations
@ -118,20 +136,112 @@ class ReportPageComponent extends React.Component {
<div>
<h4><b><i>Issue #1</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SMB</span> with the following IP addresses <span className="label label-info">192.168.0.1</span> <span className="label label-info">10.0.0.18</span> was vulnerable to a <span className="label label-danger">SmbExploiter</span> attack.
The attack succeeded because weak/stolen password was used over SMB protocol.
The machine <span className="label label-primary">Monkey-SMB</span> with the following IP addresses <span className="label label-info">192.168.0.1</span> <span className="label label-info">10.0.0.18</span> was vulnerable to a <span className="label label-danger">SMB</span> attack.
<br />
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">Administrator</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #2</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SMB2</span> with the following IP address <span className="label label-info">192.168.0.2</span> was vulnerable to a <span className="label label-danger">SMB</span> attack.
<br />
The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span className="label label-success">temp</span>.
</p>
</div>
<div>
<h4><b><i>Issue #3</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-WMI</span> with the following IP address <span className="label label-info">192.168.0.3</span> was vulnerable to a <span className="label label-danger">WMI</span> attack.
<br />
The attack succeeded by authenticating over WMI protocol with user <span className="label label-success">Administrator</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #4</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-WMI2</span> with the following IP address <span className="label label-info">192.168.0.4</span> was vulnerable to a <span className="label label-danger">WMI</span> attack.
<br />
The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span className="label label-success">Administrator</span>.
</p>
</div>
<div>
<h4><b><i>Issue #5</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SSH</span> with the following IP address <span className="label label-info">192.168.0.5</span> was vulnerable to a <span className="label label-danger">SSH</span> attack.
<br />
The attack succeeded by authenticating over SSH protocol with user <span className="label label-success">user</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #6</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-RDP</span> with the following IP address <span className="label label-info">192.168.0.6</span> was vulnerable to a <span className="label label-danger">RDP</span> attack.
<br />
The attack succeeded by authenticating over RDP protocol with user <span className="label label-success">Administrator</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #7</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SambaCry</span> with the following IP address <span className="label label-info">192.168.0.7</span> was vulnerable to a <span className="label label-danger">SambaCry</span> attack.
<br />
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">user</span> and its password, and by using the SambaCry vulnerability.
</p>
</div>
<div>
<h4><b><i>Issue #8</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-Elastic</span> with the following IP address <span className="label label-info">192.168.0.8</span> was vulnerable to an <span className="label label-danger">Elastic Groovy</span> attack.
<br />
The attack succeeded because the Elastic Search server was not parched against the CVE-2015-1427 bug.
</p>
</div>
<div>
<h4><b><i>Issue #9</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-Shellshock</span> with the following IP address <span className="label label-info">192.168.0.9</span> was vulnerable to a <span className="label label-danger">ShellShock</span> attack.
<br />
The attack succeeded because the HTTP server running on port <span className="label label-info">8080</span> was vulnerable to a shell injection attack on the paths: <span className="label label-warning">/cgi/backserver.cgi</span> <span className="label label-warning">/cgi/login.cgi</span>.
</p>
</div>
<div>
<h4><b><i>Issue #10</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-Conficker</span> with the following IP address <span className="label label-info">192.168.0.10</span> was vulnerable to a <span className="label label-danger">Conficker</span> attack.
<br />
The attack succeeded because the target machine uses an outdated and unpatched operating system.
</p>
</div>
<div>
<h4><b><i>Issue #11</i></b></h4>
<p>
The network can probably be segmented. A monkey instance on <span className="label label-primary">Monkey-SMB</span> in the <span className="label label-info">192.168.0.0/24</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">172.168.0.0/24</span> network.
</p>
</div>
<div>
<h4><b><i>Issue #12</i></b></h4>
<p>
The network can probably be segmented. A monkey instance on <span className="label label-primary">Monkey-SSH</span> in the <span className="label label-info">192.168.0.0/24</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">172.168.0.0/24</span> network.
</p>
</div>
{/* TODO: Entire part */}
<div>
<h4><b><i>Issue #13</i></b></h4>
<p>
Machines are not locked down at port level. Network tunnel was set up from <span className="label label-primary">Monkey-SSH</span> to <span className="label label-primary">Monkey-SambaCry</span>.
</p>
</div>
</div>
</div>
</div>
);
}
return (
<Col xs={12} lg={8}>
<h1 className="page-title">4. Security Report</h1>
<div style={{'fontSize': '1.2em'}}>
{content}
</div>
</Col>
);
}

34
monkey_island/cc/ui/src/components/report-components/StolenPasswords.js Normal file
View File

@ -0,0 +1,34 @@
import React from 'react';
import ReactTable from 'react-table'
const columns = [
{ Header: 'Username', accessor: 'username'},
{ Header: 'Password/Hash', accessor: 'password'},
{ Header: 'Type', accessor: 'type'},
{ Header: 'Origin', accessor: 'origin'}
];
const pageSize = 10;
class StolenPasswordsComponent extends React.Component {
constructor(props) {
super(props);
}
render() {
let defaultPageSize = this.props.data.length > pageSize ? pageSize : this.props.data.length;
let showPagination = this.props.data.length > pageSize;
return (
<div className="data-table-container">
<ReactTable
columns={columns}
data={this.props.data}
showPagination={showPagination}
defaultPageSize={defaultPageSize}
/>
</div>
);
}
}
export default StolenPasswordsComponent;