From f787801ab7b922157bb7455f66a512e6f6c94c8d Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Tue, 14 Nov 2017 16:10:22 +0200 Subject: [PATCH] Add recommendations to security issues --- .../cc/ui/src/components/pages/ReportPage.js | 68 ++++++++++++++++++- 1 file changed, 67 insertions(+), 1 deletion(-) diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js index 1bf41a2e8..6bdb62fbc 100644 --- a/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -146,6 +146,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-SMB with the following IP addresses 192.168.0.1 10.0.0.18 was vulnerable to a SMB attack.
The attack succeeded by authenticating over SMB protocol with user Administrator and its password. +
+ In order to protect the machine, the following steps should be performed: +

@@ -154,6 +159,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-SMB2 with the following IP address 192.168.0.2 was vulnerable to a SMB attack.
The attack succeeded by using a pass-the-hash attack over SMB protocol with user temp. +
+ In order to protect the machine, the following steps should be performed: +

@@ -162,6 +172,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-WMI with the following IP address 192.168.0.3 was vulnerable to a WMI attack.
The attack succeeded by authenticating over WMI protocol with user Administrator and its password. +
+ In order to protect the machine, the following steps should be performed: +

@@ -170,6 +185,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-WMI2 with the following IP address 192.168.0.4 was vulnerable to a WMI attack.
The attack succeeded by using a pass-the-hash attack over WMI protocol with user Administrator. +
+ In order to protect the machine, the following steps should be performed: +

@@ -178,6 +198,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-SSH with the following IP address 192.168.0.5 was vulnerable to a SSH attack.
The attack succeeded by authenticating over SSH protocol with user user and its password. +
+ In order to protect the machine, the following steps should be performed: +

@@ -186,6 +211,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-RDP with the following IP address 192.168.0.6 was vulnerable to a RDP attack.
The attack succeeded by authenticating over RDP protocol with user Administrator and its password. +
+ In order to protect the machine, the following steps should be performed: +

@@ -194,6 +224,12 @@ class ReportPageComponent extends React.Component { The machine Monkey-SambaCry with the following IP address 192.168.0.7 was vulnerable to a SambaCry attack.
The attack succeeded by authenticating over SMB protocol with user user and its password, and by using the SambaCry vulnerability. +
+ In order to protect the machine, the following steps should be performed: +

@@ -202,6 +238,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-Elastic with the following IP address 192.168.0.8 was vulnerable to an Elastic Groovy attack.
The attack succeeded because the Elastic Search server was not parched against the CVE-2015-1427 bug. +
+ In order to protect the machine, the following steps should be performed: +

@@ -210,6 +251,11 @@ class ReportPageComponent extends React.Component { The machine Monkey-Shellshock with the following IP address 192.168.0.9 was vulnerable to a ShellShock attack.
The attack succeeded because the HTTP server running on port 8080 was vulnerable to a shell injection attack on the paths: /cgi/backserver.cgi /cgi/login.cgi. +
+ In order to protect the machine, the following steps should be performed: +

@@ -217,25 +263,45 @@ class ReportPageComponent extends React.Component {

The machine Monkey-Conficker with the following IP address 192.168.0.10 was vulnerable to a Conficker attack.
- The attack succeeded because the target machine uses an outdated and unpatched operating system. + The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to Conficker. +
+ In order to protect the machine, the following steps should be performed: +

Issue #11

The network can probably be segmented. A monkey instance on Monkey-SMB in the 192.168.0.0/24 network could directly access the Monkey Island C&C server in the 172.168.0.0/24 network. +
+ In order to protect the network, the following steps should be performed: +

Issue #12

The network can probably be segmented. A monkey instance on Monkey-SSH in the 192.168.0.0/24 network could directly access the Monkey Island C&C server in the 172.168.0.0/24 network. +
+ In order to protect the network, the following steps should be performed: +

Issue #13

Machines are not locked down at port level. Network tunnel was set up from Monkey-SSH to Monkey-SambaCry. +
+ In order to protect the machine, the following steps should be performed: +