diff --git a/infection_monkey/exploit/mssqlexec.py b/infection_monkey/exploit/mssqlexec.py
index 54207d009..0fae16fe4 100644
--- a/infection_monkey/exploit/mssqlexec.py
+++ b/infection_monkey/exploit/mssqlexec.py
@@ -88,6 +88,7 @@ class MSSQLExploiter(HostExploiter):
conn = pymssql.connect(host, user, password, port=port, login_timeout=self.LOGIN_TIMEOUT)
LOG.info('Successfully connected to host: {0}, '
'using user: {1}, password: {2}'.format(host, user, password))
+ self.report_login_attempt(True, user, password)
cursor = conn.cursor()
# Handles the payload and return True or False
diff --git a/monkey_island/cc/services/report.py b/monkey_island/cc/services/report.py
index 369b29c25..f3774804e 100644
--- a/monkey_island/cc/services/report.py
+++ b/monkey_island/cc/services/report.py
@@ -30,7 +30,8 @@ class ReportService:
'ElasticGroovyExploiter': 'Elastic Groovy Exploiter',
'Ms08_067_Exploiter': 'Conficker Exploiter',
'ShellShockExploiter': 'ShellShock Exploiter',
- 'Struts2Exploiter': 'Struts2 Exploiter'
+ 'Struts2Exploiter': 'Struts2 Exploiter',
+ 'MSSQLExploiter': 'MSSQL Exploiter'
}
class ISSUES_DICT(Enum):
@@ -43,6 +44,7 @@ class ReportService:
AZURE = 6
STOLEN_SSH_KEYS = 7
STRUTS2 = 8
+ MSSQL = 9
class WARNINGS_DICT(Enum):
CROSS_SEGMENT = 0
@@ -298,6 +300,13 @@ class ReportService:
processed_exploit['type'] = 'struts2'
return processed_exploit
+ @staticmethod
+ def process_mssql_exploit(exploit):
+ processed_exploit = ReportService.process_general_exploit(exploit)
+ processed_exploit['type'] = 'mssql'
+ return processed_exploit
+
+
@staticmethod
def process_exploit(exploit):
exploiter_type = exploit['data']['exploiter']
@@ -310,7 +319,8 @@ class ReportService:
'ElasticGroovyExploiter': ReportService.process_elastic_exploit,
'Ms08_067_Exploiter': ReportService.process_conficker_exploit,
'ShellShockExploiter': ReportService.process_shellshock_exploit,
- 'Struts2Exploiter': ReportService.process_struts2_exploit
+ 'Struts2Exploiter': ReportService.process_struts2_exploit,
+ 'MSSQLExploiter': ReportService.process_mssql_exploit
}
return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit)
@@ -430,6 +440,8 @@ class ReportService:
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_SSH_KEYS.value] = True
elif issue['type'] == 'struts2':
issues_byte_array[ReportService.ISSUES_DICT.STRUTS2.value] = True
+ elif issue['type'] == 'mssql':
+ issues_byte_array[ReportService.ISSUES_DICT.MSSQL.value] = True
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
issue['username'] in config_users or issue['type'] == 'ssh':
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True
diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js
index 2a02a092d..49becf70e 100644
--- a/monkey_island/cc/ui/src/components/pages/ReportPage.js
+++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js
@@ -24,7 +24,8 @@ class ReportPageComponent extends AuthComponent {
CONFICKER: 5,
AZURE: 6,
STOLEN_SSH_KEYS: 7,
- STRUTS2: 8
+ STRUTS2: 8,
+ MSSQL: 9
};
Warning =
@@ -326,6 +327,10 @@ class ReportPageComponent extends AuthComponent {
Struts2 servers are vulnerable to remote code execution. (
CVE-2017-5638) : null }
+ {this.state.report.overview.issues[this.Issue.MSSQL] ?
+ MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command. (
+ More Info.) : null }
:
@@ -693,7 +698,21 @@ class ReportPageComponent extends AuthComponent {
);
}
-
+ generateMSSQLIssue(issue) {
+ return(
+
+ Disable the xp_cmdshell option.
+
+ The machine {issue.machine} ({issue.ip_address}) is vulnerable to a Conficker attack.
+
+ The attack was made possible because the target machine used an outdated MSSQL server configuration allowing
+ the usage of the xp_cmdshell command.
+
+
+ );
+ }
generateIssue = (issue) => {
let data;
@@ -743,6 +762,9 @@ class ReportPageComponent extends AuthComponent {
case 'struts2':
data = this.generateStruts2Issue(issue);
break;
+ case 'mssql':
+ data = this.generateMSSQLIssue(issue);
+ break;
}
return data;
};