diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js
index b476b3faa..b55246874 100644
--- a/monkey_island/cc/ui/src/components/pages/ReportPage.js
+++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js
@@ -99,8 +99,8 @@ class ReportPageComponent extends React.Component {
Change {issue.username}'s password to a complex one-use password
that is not shared with other computers on the network.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SMB attack.
The attack succeeded by authenticating over SMB protocol with user {issue.username}'s password to a complex one-use password
that is not shared with other computers on the network.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SMB attack.
The attack succeeded by using a pass-the-hash attack over SMB protocol with user {issue.username}'s password to a complex one-use password
that is not shared with other computers on the network.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a WMI attack.
The attack succeeded by authenticating over WMI protocol with user {issue.username}'s password to a complex one-use password
that is not shared with other computers on the network.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a WMI attack.
The attack succeeded by using a pass-the-hash attack over WMI protocol with user {issue.username}'s password to a complex one-use password
that is not shared with other computers on the network.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SSH attack.
The attack succeeded by authenticating over SSH protocol with user {issue.username}'s password to a complex one-use password
that is not shared with other computers on the network.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a RDP attack.
The attack succeeded by authenticating over RDP protocol with user
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a SambaCry attack.
The attack succeeded by authenticating over SMB protocol with user
Update your Elastic Search server to version 1.4.3 and up.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to an {issue.machine} ({issue.ip_address}) is vulnerable to an Elastic Groovy attack.
- The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427.
+ The attack succeeded because the Elastic Search server is not patched against CVE-2015-1427.
);
@@ -235,12 +235,12 @@ class ReportPageComponent extends React.Component {
Update your Bash to a ShellShock-patched version.
- The machine {issue.machine} with the following IP address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a ShellShock attack.
- The attack succeeded because the HTTP server running on port {issue.port} was vulnerable to a shell injection attack on the
+ The attack succeeded because the HTTP server running on TCP port {issue.port} is vulnerable to a shell injection attack on the
paths: {this.generateShellshockPathListBadges(issue.paths)}.
@@ -252,8 +252,8 @@ class ReportPageComponent extends React.Component {
Install the latest Windows updates or upgrade to a newer operating system.
- The machine {issue.machine} with the following address {issue.ip_address} was vulnerable to a {issue.machine} ({issue.ip_address}) is vulnerable to a Conficker attack.
The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to
@@ -266,7 +266,7 @@ class ReportPageComponent extends React.Component {
generateCrossSegmentIssue(issue) {
return (
- Segment your network. Make sure machines can't access machines from other segments.
+ Segment your network and make sure there is no communication between machines from different segments.
The network can probably be segmented. A monkey instance on {issue.machine} in the
@@ -437,18 +437,19 @@ class ReportPageComponent extends React.Component {
{
this.state.report.overview.config_users.length > 0 ?
- Users to try:
+ Usernames used for brute-forcing:
{this.state.report.overview.config_users.map(x => - {x}
)}
- Passwords to try:
+ Passwords used for brute-forcing:
{this.state.report.overview.config_passwords.map(x => - {x.substr(0, 3) + '******'}
)}
:
- No Users and Passwords were provided for the monkey.
+ Brute forcing uses stolen credentials only. No credentials were supplied during Monkey’s
+ configuration.
}
{
@@ -458,7 +459,7 @@ class ReportPageComponent extends React.Component {
''
:
- Used the following exploit methods:
+ The Monkey uses the following exploit methods:
{this.state.report.overview.config_exploits.map(x => - {x}
)}
@@ -466,13 +467,13 @@ class ReportPageComponent extends React.Component {
)
:
- Don't use any exploit.
+ No exploits are used by the Monkey.
}
{
this.state.report.overview.config_ips.length > 0 ?
- Scan the following IPs:
+ The Monkey scans the following IPs:
{this.state.report.overview.config_ips.map(x => - {x}
)}
@@ -485,7 +486,7 @@ class ReportPageComponent extends React.Component {
''
:
- Monkeys were configured to avoid scanning of the local network.
+ Note: Monkeys were configured to avoid scanning of the local network.
}
@@ -508,26 +509,27 @@ class ReportPageComponent extends React.Component {
return x === true;
}).length} issues:
- {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
- - Users with passwords supplied in config.
: null}
{this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
- - Stolen credentials were used to exploit other machines.
: null}
+ - Stolen credentials are used to exploit other machines.
: null}
{this.state.report.overview.issues[this.Issue.ELASTIC] ?
- - Elastic Search servers not patched for Elasticsearch servers are vulnerable to CVE-2015-1427.
: null}
{this.state.report.overview.issues[this.Issue.SAMBACRY] ?
- - Samba servers not patched for ‘SambaCry’ (Samba servers are vulnerable to ‘SambaCry’ (CVE-2017-7494).
: null}
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] ?
- - Machines not patched for the ‘Shellshock’ (Machines are vulnerable to ‘Shellshock’ (CVE-2014-6271).
: null}
{this.state.report.overview.issues[this.Issue.CONFICKER] ?
- - Machines not patched for the ‘Conficker’ (Machines are vulnerable to ‘Conficker’ (MS08-067).
: null}
+ {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
+ - Machines are accessible using passwords supplied by the user during the Monkey’s
+ configuration.
: null}
:
@@ -539,26 +541,25 @@ class ReportPageComponent extends React.Component {
- Security Issues
+ Potential Security Issues
{
this.state.report.overview.warnings.filter(function (x) {
return x === true;
}).length > 0 ?
- The monkey uncovered the following possible set of issues:
+ The Monkey uncovered the following possible set of issues:
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ?
- - Possible cross segment traffic. Infected machines could communicate with the
- Monkey Island despite crossing segment boundaries using unused ports.
: null}
+ - Weak segmentation - Machines from different segments are able to
+ communicate.
: null}
{this.state.report.overview.warnings[this.Warning.TUNNEL] ?
- - Lack of machine hardening, machines successfully tunneled monkey traffic
- using unused ports.
: null}
+ - Lack of machine hardening, machines successfully tunneled monkey traffic using unused ports.
: null}
:
- The monkey did not find any issues.
+ The Monkey did not find any issues.
}
@@ -585,7 +586,7 @@ class ReportPageComponent extends React.Component {
{
this.state.report.glance.exploited.length > 0 ?
- In addition, while attempting to exploit additional hosts , security software installed in the
+ In addition, while attempting to exploit additional hosts, security software installed in the
network should have picked up the attack attempts and logged them.
:
@@ -603,13 +604,13 @@ class ReportPageComponent extends React.Component {
Legend:
- Exploit
+ Exploit
|
- Scan
+ Scan
|
- Tunnel
+ Tunnel
|
- Island Communication
+ Island Communication
@@ -628,7 +629,7 @@ class ReportPageComponent extends React.Component {
For questions, suggestions or any other feedback
contact: labs@guardicore.com
labs@guardicore.com
-
+