From f787801ab7b922157bb7455f66a512e6f6c94c8d Mon Sep 17 00:00:00 2001
From: Itay Mizeretz
Date: Tue, 14 Nov 2017 16:10:22 +0200
Subject: [PATCH] Add recommendations to security issues
---
.../cc/ui/src/components/pages/ReportPage.js | 68 ++++++++++++++++++-
1 file changed, 67 insertions(+), 1 deletion(-)
diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js
index 1bf41a2e8..6bdb62fbc 100644
--- a/monkey_island/cc/ui/src/components/pages/ReportPage.js
+++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js
@@ -146,6 +146,11 @@ class ReportPageComponent extends React.Component {
The machine Monkey-SMB with the following IP addresses 192.168.0.1 10.0.0.18 was vulnerable to a SMB attack.
The attack succeeded by authenticating over SMB protocol with user Administrator and its password.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Use a complex one-use password that is not shared with other computers on the network.
+
@@ -154,6 +159,11 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-SMB2 with the following IP address
192.168.0.2 was vulnerable to a
SMB attack.
The attack succeeded by using a pass-the-hash attack over SMB protocol with user
temp.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Use a complex one-use password that is not shared with other computers on the network.
+
@@ -162,6 +172,11 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-WMI with the following IP address
192.168.0.3 was vulnerable to a
WMI attack.
The attack succeeded by authenticating over WMI protocol with user
Administrator and its password.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Use a complex one-use password that is not shared with other computers on the network.
+
@@ -170,6 +185,11 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-WMI2 with the following IP address
192.168.0.4 was vulnerable to a
WMI attack.
The attack succeeded by using a pass-the-hash attack over WMI protocol with user
Administrator.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Use a complex one-use password that is not shared with other computers on the network.
+
@@ -178,6 +198,11 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-SSH with the following IP address
192.168.0.5 was vulnerable to a
SSH attack.
The attack succeeded by authenticating over SSH protocol with user
user and its password.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Use a complex one-use password that is not shared with other computers on the network.
+
@@ -186,6 +211,11 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-RDP with the following IP address
192.168.0.6 was vulnerable to a
RDP attack.
The attack succeeded by authenticating over RDP protocol with user
Administrator and its password.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Use a complex one-use password that is not shared with other computers on the network.
+
@@ -194,6 +224,12 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-SambaCry with the following IP address
192.168.0.7 was vulnerable to a
SambaCry attack.
The attack succeeded by authenticating over SMB protocol with user
user and its password, and by using the SambaCry vulnerability.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
+ - Use a complex one-use password that is not shared with other computers on the network.
+
@@ -202,6 +238,11 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-Elastic with the following IP address
192.168.0.8 was vulnerable to an
Elastic Groovy attack.
The attack succeeded because the Elastic Search server was not parched against the CVE-2015-1427 bug.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Update your Elastic Search server to version 1.4.3 and up.
+
@@ -210,6 +251,11 @@ class ReportPageComponent extends React.Component {
The machine
Monkey-Shellshock with the following IP address
192.168.0.9 was vulnerable to a
ShellShock attack.
The attack succeeded because the HTTP server running on port
8080 was vulnerable to a shell injection attack on the paths:
/cgi/backserver.cgi /cgi/login.cgi.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Update your Bash to a ShellShock-patched version.
+
@@ -217,25 +263,45 @@ class ReportPageComponent extends React.Component {
The machine Monkey-Conficker with the following IP address 192.168.0.10 was vulnerable to a Conficker attack.
- The attack succeeded because the target machine uses an outdated and unpatched operating system.
+ The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to Conficker.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Install the latest Windows updates or upgrade to a newer operating system.
+
Issue #11
The network can probably be segmented. A monkey instance on Monkey-SMB in the 192.168.0.0/24 network could directly access the Monkey Island C&C server in the 172.168.0.0/24 network.
+
+ In order to protect the network, the following steps should be performed:
+
+ - Segment your network. Make sure machines can't access machines from other segments.
+
Issue #12
The network can probably be segmented. A monkey instance on Monkey-SSH in the 192.168.0.0/24 network could directly access the Monkey Island C&C server in the 172.168.0.0/24 network.
+
+ In order to protect the network, the following steps should be performed:
+
+ - Segment your network. Make sure machines can't access machines from other segments.
+
Issue #13
Machines are not locked down at port level. Network tunnel was set up from Monkey-SSH to Monkey-SambaCry.
+
+ In order to protect the machine, the following steps should be performed:
+
+ - Use micro-segmentation policies to disable communication other than the required.
+