p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ui: replace "(UNSAFE)" text with warning icon

This commit is contained in:
Mike Salvatore 2021-01-28 08:14:18 -05:00
parent 32cdc034f3
commit 155da384c2
7 changed files with 62 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
View File

@ -12,6 +12,7 @@ EXPLOITER_CLASSES = {
"SmbExploiter"
],
"title": "SMB Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1075", "T1035"],
"info": "Brute forces using credentials provided by user and"
" hashes gathered by mimikatz.",
@ -23,6 +24,7 @@ EXPLOITER_CLASSES = {
"WmiExploiter"
],
"title": "WMI Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1106"],
"info": "Brute forces WMI (Windows Management Instrumentation) "
"using credentials provided by user and hashes gathered by mimikatz.",
@ -34,6 +36,7 @@ EXPLOITER_CLASSES = {
"MSSQLExploiter"
],
"title": "MSSQL Exploiter",
"safe": True,
"attack_techniques": ["T1110"],
"info": "Tries to brute force into MsSQL server and uses insecure "
"configuration to execute commands on server.",
@ -44,7 +47,8 @@ EXPLOITER_CLASSES = {
"enum": [
"Ms08_067_Exploiter"
],
"title": "MS08-067 Exploiter (UNSAFE)",
"title": "MS08-067 Exploiter",
"safe": False,
"info": "Unsafe exploiter, that might cause system crash due to the use of buffer overflow. "
"Uses MS08-067 vulnerability.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/"
@ -55,6 +59,7 @@ EXPLOITER_CLASSES = {
"SSHExploiter"
],
"title": "SSH Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1145", "T1106"],
"info": "Brute forces using credentials provided by user and SSH keys gathered from systems.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/"
@ -65,6 +70,7 @@ EXPLOITER_CLASSES = {
"ShellShockExploiter"
],
"title": "ShellShock Exploiter",
"safe": True,
"info": "CVE-2014-6271, based on logic from "
"https://github.com/nccgroup/shocker/blob/master/shocker.py .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/"
@ -75,6 +81,7 @@ EXPLOITER_CLASSES = {
"SambaCryExploiter"
],
"title": "SambaCry Exploiter",
"safe": True,
"info": "Bruteforces and searches for anonymous shares. Uses Impacket.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/"
},
@ -84,6 +91,7 @@ EXPLOITER_CLASSES = {
"ElasticGroovyExploiter"
],
"title": "ElasticGroovy Exploiter",
"safe": True,
"info": "CVE-2015-1427. Logic is based on Metasploit module.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/"
},
@ -93,6 +101,7 @@ EXPLOITER_CLASSES = {
"Struts2Exploiter"
],
"title": "Struts2 Exploiter",
"safe": True,
"info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on "
"https://www.exploit-db.com/exploits/41570 .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/"
@ -103,6 +112,7 @@ EXPLOITER_CLASSES = {
"WebLogicExploiter"
],
"title": "WebLogic Exploiter",
"safe": True,
"info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/"
},
@ -112,6 +122,7 @@ EXPLOITER_CLASSES = {
"HadoopExploiter"
],
"title": "Hadoop/Yarn Exploiter",
"safe": True,
"info": "Remote code execution on HADOOP server with YARN and default settings. "
"Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/"
@ -122,6 +133,7 @@ EXPLOITER_CLASSES = {
"VSFTPDExploiter"
],
"title": "VSFTPD Exploiter",
"safe": True,
"info": "Exploits a malicious backdoor that was added to the VSFTPD download archive. "
"Logic based on Metasploit module.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/"
@ -132,6 +144,7 @@ EXPLOITER_CLASSES = {
"DrupalExploiter"
],
"title": "Drupal Exploiter",
"safe": True,
"info": "Exploits a remote command execution vulnerability in a Drupal server,"
"for which certain modules (such as RESTful Web Services) are enabled.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/"

8
monkey/monkey_island/cc/services/config_schema/definitions/finger_classes.py
View File

@ -10,6 +10,7 @@ FINGER_CLASSES = {
"SMBFinger"
],
"title": "SMBFinger",
"safe": True,
"info": "Figures out if SMB is running and what's the version of it.",
"attack_techniques": ["T1210"]
},
@ -19,6 +20,7 @@ FINGER_CLASSES = {
"SSHFinger"
],
"title": "SSHFinger",
"safe": True,
"info": "Figures out if SSH is running.",
"attack_techniques": ["T1210"]
},
@ -28,6 +30,7 @@ FINGER_CLASSES = {
"PingScanner"
],
"title": "PingScanner",
"safe": True,
"info": "Tries to identify if host is alive and which OS it's running by ping scan."
},
{
@ -36,6 +39,7 @@ FINGER_CLASSES = {
"HTTPFinger"
],
"title": "HTTPFinger",
"safe": True,
"info": "Checks if host has HTTP/HTTPS ports open."
},
{
@ -44,6 +48,7 @@ FINGER_CLASSES = {
"MySQLFinger"
],
"title": "MySQLFinger",
"safe": True,
"info": "Checks if MySQL server is running and tries to get it's version.",
"attack_techniques": ["T1210"]
},
@ -53,6 +58,7 @@ FINGER_CLASSES = {
"MSSQLFinger"
],
"title": "MSSQLFinger",
"safe": True,
"info": "Checks if Microsoft SQL service is running and tries to gather information about it.",
"attack_techniques": ["T1210"]
},
@ -62,6 +68,7 @@ FINGER_CLASSES = {
"ElasticFinger"
],
"title": "ElasticFinger",
"safe": True,
"info": "Checks if ElasticSearch is running and attempts to find it's version.",
"attack_techniques": ["T1210"]
},
@ -71,6 +78,7 @@ FINGER_CLASSES = {
"WindowsServerFinger"
],
"title": "WindowsServerFinger",
"safe": True,
"info": "Checks if server is a Windows Server and tests if it is vulnerable to Zerologon.",
"attack_techniques": ["T1210"]
}

11
monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py
View File

@ -10,6 +10,7 @@ POST_BREACH_ACTIONS = {
"BackdoorUser"
],
"title": "Back door user",
"safe": True,
"info": "Attempts to create a new user on the system and delete it afterwards.",
"attack_techniques": ["T1136"]
},
@ -19,6 +20,7 @@ POST_BREACH_ACTIONS = {
"CommunicateAsNewUser"
],
"title": "Communicate as new user",
"safe": True,
"info": "Attempts to create a new user, create HTTPS requests as that user and delete the user "
"afterwards.",
"attack_techniques": ["T1136"]
@ -29,6 +31,7 @@ POST_BREACH_ACTIONS = {
"ModifyShellStartupFiles"
],
"title": "Modify shell startup files",
"safe": True,
"info": "Attempts to modify shell startup files, like ~/.profile, ~/.bashrc, ~/.bash_profile "
"in linux, and profile.ps1 in windows. Reverts modifications done afterwards.",
"attack_techniques": ["T1156", "T1504"]
@ -39,6 +42,7 @@ POST_BREACH_ACTIONS = {
"HiddenFiles"
],
"title": "Hidden files and directories",
"safe": True,
"info": "Attempts to create a hidden file and remove it afterward.",
"attack_techniques": ["T1158"]
},
@ -48,6 +52,7 @@ POST_BREACH_ACTIONS = {
"TrapCommand"
],
"title": "Trap",
"safe": True,
"info": "On Linux systems, attempts to trap an interrupt signal in order to execute a command "
"upon receiving that signal. Removes the trap afterwards.",
"attack_techniques": ["T1154"]
@ -58,6 +63,7 @@ POST_BREACH_ACTIONS = {
"ChangeSetuidSetgid"
],
"title": "Setuid and Setgid",
"safe": True,
"info": "On Linux systems, attempts to set the setuid and setgid bits of a new file. "
"Removes the file afterwards.",
"attack_techniques": ["T1166"]
@ -68,6 +74,7 @@ POST_BREACH_ACTIONS = {
"ScheduleJobs"
],
"title": "Job scheduling",
"safe": True,
"info": "Attempts to create a scheduled job on the system and remove it.",
"attack_techniques": ["T1168", "T1053"]
},
@ -77,6 +84,7 @@ POST_BREACH_ACTIONS = {
"Timestomping"
],
"title": "Timestomping",
"safe": True,
"info": "Creates a temporary file and attempts to modify its time attributes. Removes the file afterwards.",
"attack_techniques": ["T1099"]
},
@ -86,6 +94,7 @@ POST_BREACH_ACTIONS = {
"SignedScriptProxyExecution"
],
"title": "Signed script proxy execution",
"safe": False,
"info": "On Windows systems, attemps to execute an arbitrary file "
"with the help of a pre-existing signed script.",
"attack_techniques": ["T1216"]
@ -96,6 +105,7 @@ POST_BREACH_ACTIONS = {
"AccountDiscovery"
],
"title": "Account Discovery",
"safe": True,
"info": "Attempts to get a listing of user accounts on the system.",
"attack_techniques": ["T1087"]
},
@ -105,6 +115,7 @@ POST_BREACH_ACTIONS = {
"ClearCommandHistory"
],
"title": "Clear command history",
"safe": False,
"info": "Attempts to clear the command history.",
"attack_techniques": ["T1146"]
}

6
monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
View File

@ -16,6 +16,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
ENVIRONMENT_COLLECTOR
],
"title": "Environment collector",
"safe": True,
"info": "Collects information about machine's environment (on premise/GCP/AWS).",
"attack_techniques": ["T1082"]
},
@ -25,6 +26,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
MIMIKATZ_COLLECTOR
],
"title": "Mimikatz collector",
"safe": True,
"info": "Collects credentials from Windows credential manager.",
"attack_techniques": ["T1003", "T1005"]
},
@ -34,6 +36,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
AWS_COLLECTOR
],
"title": "AWS collector",
"safe": True,
"info": "If on AWS, collects more information about the AWS instance currently running on.",
"attack_techniques": ["T1082"]
},
@ -43,6 +46,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
HOSTNAME_COLLECTOR
],
"title": "Hostname collector",
"safe": True,
"info": "Collects machine's hostname.",
"attack_techniques": ["T1082", "T1016"]
},
@ -52,6 +56,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
PROCESS_LIST_COLLECTOR
],
"title": "Process list collector",
"safe": True,
"info": "Collects a list of running processes on the machine.",
"attack_techniques": ["T1082"]
},
@ -61,6 +66,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
AZURE_CRED_COLLECTOR
],
"title": "Azure credential collector",
"safe": True,
"info": "Collects password credentials from Azure VMs",
"attack_techniques": ["T1003", "T1005"]
}

7
monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js
View File

@ -123,6 +123,10 @@ class AdvancedMultiSelect extends React.Component {
}));
}
isSafe(itemKey) {
return getFullDefinitionByKey(this.infoPaneRefString, this.registry, itemKey).safe;
}
render() {
const {
schema,
@ -149,7 +153,8 @@ class AdvancedMultiSelect extends React.Component {
return (
<ChildCheckbox key={i} onPaneClick={this.setPaneInfo}
onClick={this.onChildCheckboxClick} value={value}
disabled={disabled} label={label} checkboxState={this.props.value.includes(value)}/>
disabled={disabled} label={label} checkboxState={this.props.value.includes(value)}
safe={this.isSafe(value)}/>
);
}
)}

13
monkey/monkey_island/cc/ui/src/components/ui-components/ChildCheckbox.js
View File

@ -2,7 +2,7 @@ import React from 'react';
import {Button, Form} from 'react-bootstrap';
import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
import {faCheckSquare} from '@fortawesome/free-solid-svg-icons';
import {faCheckSquare, faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
import {faSquare} from '@fortawesome/free-regular-svg-icons';
function ChildCheckbox(props) {
@ -12,15 +12,22 @@ function ChildCheckbox(props) {
value,
disabled,
label,
checkboxState
checkboxState,
safe
} = props;
let displayLabel = [<span key={'label'} className={'option-text'}>{label}</span>];
if (!safe) {
displayLabel.push(<FontAwesomeIcon key="unsafe-indicator" className="unsafe-indicator" icon={faExclamationTriangle}/>)
}
return (
<Form.Group onClick={() => onPaneClick(value)}>
<Button value={value} variant={'link'} disabled={disabled} onClick={() => onClick(value)}>
<FontAwesomeIcon icon={checkboxState ? faCheckSquare : faSquare}/>
</Button>
<span className={'option-text'}>{label}</span>
{displayLabel}
</Form.Group>
);
}

7
monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss
View File

@ -57,3 +57,10 @@
white-space: pre-wrap;
}
.unsafe-indicator {
text-transform: uppercase;
color: #ffc107;
font-weight: 900;
margin-left: .75em;
margin-right: .75em;
}