Content improvements

This commit is contained in:
Itay Mizeretz 2017-12-24 18:34:18 +02:00
parent 6150c6fcc0
commit 5649fa7043
1 changed files with 52 additions and 51 deletions

View File

@ -99,8 +99,8 @@ class ReportPageComponent extends React.Component {
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">SMB</span> attack. className="label label-danger">SMB</span> attack.
<br/> <br/>
The attack succeeded by authenticating over SMB protocol with user <span The attack succeeded by authenticating over SMB protocol with user <span
@ -116,8 +116,8 @@ class ReportPageComponent extends React.Component {
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">SMB</span> attack. className="label label-danger">SMB</span> attack.
<br/> <br/>
The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span
@ -133,8 +133,8 @@ class ReportPageComponent extends React.Component {
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">WMI</span> attack. className="label label-danger">WMI</span> attack.
<br/> <br/>
The attack succeeded by authenticating over WMI protocol with user <span The attack succeeded by authenticating over WMI protocol with user <span
@ -150,8 +150,8 @@ class ReportPageComponent extends React.Component {
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">WMI</span> attack. className="label label-danger">WMI</span> attack.
<br/> <br/>
The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span
@ -167,8 +167,8 @@ class ReportPageComponent extends React.Component {
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">SSH</span> attack. className="label label-danger">SSH</span> attack.
<br/> <br/>
The attack succeeded by authenticating over SSH protocol with user <span The attack succeeded by authenticating over SSH protocol with user <span
@ -184,8 +184,8 @@ class ReportPageComponent extends React.Component {
Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password Change <span className="label label-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">RDP</span> attack. className="label label-danger">RDP</span> attack.
<br/> <br/>
The attack succeeded by authenticating over RDP protocol with user <span The attack succeeded by authenticating over RDP protocol with user <span
@ -203,8 +203,8 @@ class ReportPageComponent extends React.Component {
<br/> <br/>
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up. Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">SambaCry</span> attack. className="label label-danger">SambaCry</span> attack.
<br/> <br/>
The attack succeeded by authenticating over SMB protocol with user <span The attack succeeded by authenticating over SMB protocol with user <span
@ -220,11 +220,11 @@ class ReportPageComponent extends React.Component {
<li> <li>
Update your Elastic Search server to version 1.4.3 and up. Update your Elastic Search server to version 1.4.3 and up.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to an <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
className="label label-danger">Elastic Groovy</span> attack. className="label label-danger">Elastic Groovy</span> attack.
<br/> <br/>
The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427. The attack succeeded because the Elastic Search server is not patched against CVE-2015-1427.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </li>
); );
@ -235,12 +235,12 @@ class ReportPageComponent extends React.Component {
<li> <li>
Update your Bash to a ShellShock-patched version. Update your Bash to a ShellShock-patched version.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following IP address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">ShellShock</span> attack. className="label label-danger">ShellShock</span> attack.
<br/> <br/>
The attack succeeded because the HTTP server running on port <span The attack succeeded because the HTTP server running on TCP port <span
className="label label-info">{issue.port}</span> was vulnerable to a shell injection attack on the className="label label-info">{issue.port}</span> is vulnerable to a shell injection attack on the
paths: {this.generateShellshockPathListBadges(issue.paths)}. paths: {this.generateShellshockPathListBadges(issue.paths)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </li>
@ -252,8 +252,8 @@ class ReportPageComponent extends React.Component {
<li> <li>
Install the latest Windows updates or upgrade to a newer operating system. Install the latest Windows updates or upgrade to a newer operating system.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="label label-primary">{issue.machine}</span> with the following address <span The machine <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span> was vulnerable to a <span className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="label label-danger">Conficker</span> attack. className="label label-danger">Conficker</span> attack.
<br/> <br/>
The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to
@ -266,7 +266,7 @@ class ReportPageComponent extends React.Component {
generateCrossSegmentIssue(issue) { generateCrossSegmentIssue(issue) {
return ( return (
<li> <li>
Segment your network. Make sure machines can't access machines from other segments. Segment your network and make sure there is no communication between machines from different segments.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The network can probably be segmented. A monkey instance on <span The network can probably be segmented. A monkey instance on <span
className="label label-primary">{issue.machine}</span> in the className="label label-primary">{issue.machine}</span> in the
@ -437,18 +437,19 @@ class ReportPageComponent extends React.Component {
{ {
this.state.report.overview.config_users.length > 0 ? this.state.report.overview.config_users.length > 0 ?
<p> <p>
Users to try: Usernames used for brute-forcing:
<ul> <ul>
{this.state.report.overview.config_users.map(x => <li>{x}</li>)} {this.state.report.overview.config_users.map(x => <li>{x}</li>)}
</ul> </ul>
Passwords to try: Passwords used for brute-forcing:
<ul> <ul>
{this.state.report.overview.config_passwords.map(x => <li>{x.substr(0, 3) + '******'}</li>)} {this.state.report.overview.config_passwords.map(x => <li>{x.substr(0, 3) + '******'}</li>)}
</ul> </ul>
</p> </p>
: :
<p> <p>
No Users and Passwords were provided for the monkey. Brute forcing uses stolen credentials only. No credentials were supplied during Monkeys
configuration.
</p> </p>
} }
{ {
@ -458,7 +459,7 @@ class ReportPageComponent extends React.Component {
'' ''
: :
<p> <p>
Used the following exploit methods: The Monkey uses the following exploit methods:
<ul> <ul>
{this.state.report.overview.config_exploits.map(x => <li>{x}</li>)} {this.state.report.overview.config_exploits.map(x => <li>{x}</li>)}
</ul> </ul>
@ -466,13 +467,13 @@ class ReportPageComponent extends React.Component {
) )
: :
<p> <p>
Don't use any exploit. No exploits are used by the Monkey.
</p> </p>
} }
{ {
this.state.report.overview.config_ips.length > 0 ? this.state.report.overview.config_ips.length > 0 ?
<p> <p>
Scan the following IPs: The Monkey scans the following IPs:
<ul> <ul>
{this.state.report.overview.config_ips.map(x => <li>{x}</li>)} {this.state.report.overview.config_ips.map(x => <li>{x}</li>)}
</ul> </ul>
@ -485,7 +486,7 @@ class ReportPageComponent extends React.Component {
'' ''
: :
<p> <p>
Monkeys were configured to avoid scanning of the local network. Note: Monkeys were configured to avoid scanning of the local network.
</p> </p>
} }
</div> </div>
@ -508,26 +509,27 @@ class ReportPageComponent extends React.Component {
return x === true; return x === true;
}).length} issues</span>: }).length} issues</span>:
<ul> <ul>
{this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
<li>Users with passwords supplied in config.</li> : null}
{this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ? {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
<li>Stolen credentials were used to exploit other machines.</li> : null} <li>Stolen credentials are used to exploit other machines.</li> : null}
{this.state.report.overview.issues[this.Issue.ELASTIC] ? {this.state.report.overview.issues[this.Issue.ELASTIC] ?
<li>Elastic Search servers not patched for <a <li>Elasticsearch servers are vulnerable to <a
href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>. href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>.
</li> : null} </li> : null}
{this.state.report.overview.issues[this.Issue.SAMBACRY] ? {this.state.report.overview.issues[this.Issue.SAMBACRY] ?
<li>Samba servers not patched for SambaCry (<a <li>Samba servers are vulnerable to SambaCry (<a
href="https://www.samba.org/samba/security/CVE-2017-7494.html" href="https://www.samba.org/samba/security/CVE-2017-7494.html"
>CVE-2017-7494</a>).</li> : null} >CVE-2017-7494</a>).</li> : null}
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? {this.state.report.overview.issues[this.Issue.SHELLSHOCK] ?
<li>Machines not patched for the Shellshock (<a <li>Machines are vulnerable to Shellshock (<a
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>). href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
</li> : null} </li> : null}
{this.state.report.overview.issues[this.Issue.CONFICKER] ? {this.state.report.overview.issues[this.Issue.CONFICKER] ?
<li>Machines not patched for the Conficker (<a <li>Machines are vulnerable to Conficker (<a
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067" href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067"
>MS08-067</a>).</li> : null} >MS08-067</a>).</li> : null}
{this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
<li>Machines are accessible using passwords supplied by the user during the Monkeys
configuration.</li> : null}
</ul> </ul>
</div> </div>
: :
@ -539,26 +541,25 @@ class ReportPageComponent extends React.Component {
</div> </div>
<div> <div>
<h3> <h3>
Security Issues Potential Security Issues
</h3> </h3>
{ {
this.state.report.overview.warnings.filter(function (x) { this.state.report.overview.warnings.filter(function (x) {
return x === true; return x === true;
}).length > 0 ? }).length > 0 ?
<div> <div>
The monkey uncovered the following possible set of issues: The Monkey uncovered the following possible set of issues:
<ul> <ul>
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ?
<li>Possible cross segment traffic. Infected machines could communicate with the <li>Weak segmentation - Machines from different segments are able to
Monkey Island despite crossing segment boundaries using unused ports.</li> : null} communicate.</li> : null}
{this.state.report.overview.warnings[this.Warning.TUNNEL] ? {this.state.report.overview.warnings[this.Warning.TUNNEL] ?
<li>Lack of machine hardening, machines successfully tunneled monkey traffic <li>Lack of machine hardening, machines successfully tunneled monkey traffic using unused ports.</li> : null}
using unused ports.</li> : null}
</ul> </ul>
</div> </div>
: :
<div> <div>
The monkey did not find any issues. The Monkey did not find any issues.
</div> </div>
} }
</div> </div>
@ -585,7 +586,7 @@ class ReportPageComponent extends React.Component {
{ {
this.state.report.glance.exploited.length > 0 ? this.state.report.glance.exploited.length > 0 ?
<p> <p>
In addition, while attempting to exploit additional hosts , security software installed in the In addition, while attempting to exploit additional hosts, security software installed in the
network should have picked up the attack attempts and logged them. network should have picked up the attack attempts and logged them.
</p> </p>
: :
@ -603,13 +604,13 @@ class ReportPageComponent extends React.Component {
</p> </p>
<div className="map-legend"> <div className="map-legend">
<b>Legend: </b> <b>Legend: </b>
<span>Exploit <i className="fa fa-lg fa-minus" style={{color: '#cc0200'}} /></span> <span>Exploit <i className="fa fa-lg fa-minus" style={{color: '#cc0200'}}/></span>
<b style={{color: '#aeaeae'}}> | </b> <b style={{color: '#aeaeae'}}> | </b>
<span>Scan <i className="fa fa-lg fa-minus" style={{color: '#ff9900'}} /></span> <span>Scan <i className="fa fa-lg fa-minus" style={{color: '#ff9900'}}/></span>
<b style={{color: '#aeaeae'}}> | </b> <b style={{color: '#aeaeae'}}> | </b>
<span>Tunnel <i className="fa fa-lg fa-minus" style={{color: '#0158aa'}} /></span> <span>Tunnel <i className="fa fa-lg fa-minus" style={{color: '#0158aa'}}/></span>
<b style={{color: '#aeaeae'}}> | </b> <b style={{color: '#aeaeae'}}> | </b>
<span>Island Communication <i className="fa fa-lg fa-minus" style={{color: '#a9aaa9'}} /></span> <span>Island Communication <i className="fa fa-lg fa-minus" style={{color: '#a9aaa9'}}/></span>
</div> </div>
<div style={{position: 'relative', height: '80vh'}}> <div style={{position: 'relative', height: '80vh'}}>
<ReactiveGraph graph={this.state.graph} options={options}/> <ReactiveGraph graph={this.state.graph} options={options}/>
@ -628,7 +629,7 @@ class ReportPageComponent extends React.Component {
For questions, suggestions or any other feedback For questions, suggestions or any other feedback
contact: <a href="mailto://labs@guardicore.com" className="no-print">labs@guardicore.com</a> contact: <a href="mailto://labs@guardicore.com" className="no-print">labs@guardicore.com</a>
<div className="force-print" style={{display: 'none'}}>labs@guardicore.com</div> <div className="force-print" style={{display: 'none'}}>labs@guardicore.com</div>
<img src={guardicoreLogoImage} alt="GuardiCore" className="center-block" style={{height: '50px'}} /> <img src={guardicoreLogoImage} alt="GuardiCore" className="center-block" style={{height: '50px'}}/>
</div> </div>
</div> </div>
<div className="text-center no-print" style={{marginTop: '20px'}}> <div className="text-center no-print" style={{marginTop: '20px'}}>