From 881800047b9e5e990e56fae1e01c932ebf0130fb Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 10 Nov 2021 12:25:19 +0200 Subject: [PATCH] Island: remove sambacry exploiter code and related infrastructure/docs --- README.md | 1 - .../cc/services/config_schema/basic.py | 1 - .../definitions/exploiter_classes.py | 9 ----- .../cc/services/config_schema/internal.py | 39 ------------------- .../cc/services/reporting/aws_exporter.py | 19 --------- .../exploiter_descriptor_enum.py | 1 - .../report-components/SecurityReport.js | 6 --- .../security/issues/SambacryIssue.js | 28 ------------- 8 files changed, 104 deletions(-) delete mode 100644 monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js diff --git a/README.md b/README.md index 294be6579..1e9477ea9 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,6 @@ The Infection Monkey uses the following techniques and exploits to propagate to * WMI * Shellshock * Conficker - * SambaCry * Elastic Search (CVE-2015-1427) * Weblogic server * and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters. diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py index b822c98ea..a9eb03d62 100644 --- a/monkey/monkey_island/cc/services/config_schema/basic.py +++ b/monkey/monkey_island/cc/services/config_schema/basic.py @@ -18,7 +18,6 @@ BASIC = { "WmiExploiter", "SSHExploiter", "ShellShockExploiter", - "SambaCryExploiter", "ElasticGroovyExploiter", "Struts2Exploiter", "WebLogicExploiter", diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py index 348deb255..44463bbcd 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py @@ -74,15 +74,6 @@ EXPLOITER_CLASSES = { "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters" "/shellshock/", }, - { - "type": "string", - "enum": ["SambaCryExploiter"], - "title": "SambaCry Exploiter", - "safe": True, - "info": "Bruteforces and searches for anonymous shares. Uses Impacket.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters" - "/sambacry/", - }, { "type": "string", "enum": ["ElasticGroovyExploiter"], diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py index df59d4054..0ba7ca07d 100644 --- a/monkey/monkey_island/cc/services/config_schema/internal.py +++ b/monkey/monkey_island/cc/services/config_schema/internal.py @@ -373,45 +373,6 @@ INTERNAL = { }, }, }, - "sambacry": { - "title": "SambaCry", - "type": "object", - "properties": { - "sambacry_trigger_timeout": { - "title": "SambaCry trigger timeout", - "type": "integer", - "default": 5, - "description": "Timeout (in seconds) of SambaCry trigger", - }, - "sambacry_folder_paths_to_guess": { - "title": "SambaCry folder paths to guess", - "type": "array", - "uniqueItems": True, - "items": {"type": "string"}, - "default": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home", - ], - "description": "List of full paths to share folder for SambaCry to " - "guess", - }, - "sambacry_shares_not_to_check": { - "title": "SambaCry shares not to check", - "type": "array", - "uniqueItems": True, - "items": {"type": "string"}, - "default": ["IPC$", "print$"], - "description": "These shares won't be checked when exploiting with " - "SambaCry", - }, - }, - }, }, "smb_service": { "title": "SMB service", diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index e235739bc..c2d216152 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -75,7 +75,6 @@ class AWSExporter(Exporter): CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue, CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue, }, - ExploiterDescriptorEnum.SAMBACRY.value.class_name: AWSExporter._handle_sambacry_issue, "shared_passwords": AWSExporter._handle_shared_passwords_issue, ExploiterDescriptorEnum.WMI.value.class_name: { CredentialType.PASSWORD.value: AWSExporter._handle_wmi_password_issue, @@ -192,24 +191,6 @@ class AWSExporter(Exporter): instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, ) - @staticmethod - def _handle_sambacry_issue(issue, instance_arn): - - return AWSExporter._build_generic_finding( - severity=10, - title="Samba servers are vulnerable to 'SambaCry'", - description="Change {0} password to a complex one-use password that is not shared " - "with other computers on the " - "network. Update your Samba server to 4.4.14 and up, " - "4.5.10 and up, or 4.6.4 and up.".format(issue["username"]), - recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The " - "Monkey authenticated over the SMB " - "protocol with user {2} and its password, and used the SambaCry " - "vulnerability.".format(issue["machine"], issue["ip_address"], issue["username"]), - instance_arn=instance_arn, - instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, - ) - @staticmethod def _handle_smb_pth_issue(issue, instance_arn): diff --git a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py index 932243c33..44e0c922a 100644 --- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py +++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py @@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum): SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor) WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor) SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor) - SAMBACRY = ExploiterDescriptor("SambaCryExploiter", "SambaCry Exploiter", CredExploitProcessor) ELASTIC = ExploiterDescriptor( "ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor ) diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js index c8b46c2bf..28cbb1793 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js @@ -27,7 +27,6 @@ import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue'; import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue'; import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue'; -import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue'; import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue'; import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue'; import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue'; @@ -122,11 +121,6 @@ class ReportPageComponent extends AuthComponent { }, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, - 'SambaCryExploiter': { - [this.issueContentTypes.OVERVIEW]: sambacryIssueOverview, - [this.issueContentTypes.REPORT]: sambacryIssueReport, - [this.issueContentTypes.TYPE]: this.issueTypes.DANGER - }, 'ElasticGroovyExploiter': { [this.issueContentTypes.OVERVIEW]: elasticIssueOverview, [this.issueContentTypes.REPORT]: elasticIssueReport, diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js deleted file mode 100644 index 05bcb6850..000000000 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js +++ /dev/null @@ -1,28 +0,0 @@ -import React from 'react'; -import CollapsibleWellComponent from '../CollapsibleWell'; - -export function sambacryIssueOverview() { - return (
  • Samba servers are vulnerable to ‘SambaCry’ (CVE-2017-7494).
    • ) -} - -export function sambacryIssueReport(issue) { - return ( - <> - Change {issue.username}'s password to a complex one-use password - that is not shared with other computers on the network. -
    - Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up. - - The machine {issue.machine} ({issue.ip_address}) is vulnerable to a SambaCry attack. -
    - The Monkey authenticated over the SMB protocol with user {issue.username} and its password, and used the SambaCry - vulnerability. -     - - ); -}