forked from p15670423/monkey
Report now uses dynamic data
This commit is contained in:
parent
8632f4d5ca
commit
83c7c3d13c
|
@ -8,6 +8,23 @@ import StolenPasswords from 'components/report-components/StolenPasswords';
|
||||||
import ScannedBreachedChart from 'components/report-components/ScannedBreachedChart';
|
import ScannedBreachedChart from 'components/report-components/ScannedBreachedChart';
|
||||||
|
|
||||||
class ReportPageComponent extends React.Component {
|
class ReportPageComponent extends React.Component {
|
||||||
|
|
||||||
|
Issue =
|
||||||
|
{
|
||||||
|
WEAK_PASSWORD: 0,
|
||||||
|
STOLEN_CREDS: 1,
|
||||||
|
ELASTIC: 2,
|
||||||
|
SAMBACRY: 3,
|
||||||
|
SHELLSHOCK: 4,
|
||||||
|
CONFICKER: 5
|
||||||
|
};
|
||||||
|
|
||||||
|
Warning =
|
||||||
|
{
|
||||||
|
CROSS_SEGMENT: 0,
|
||||||
|
TUNNEL: 1
|
||||||
|
};
|
||||||
|
|
||||||
constructor(props) {
|
constructor(props) {
|
||||||
super(props);
|
super(props);
|
||||||
this.stolen_passwords =
|
this.stolen_passwords =
|
||||||
|
@ -18,13 +35,48 @@ class ReportPageComponent extends React.Component {
|
||||||
{username: 'joe', password: 'FDA95FBECA288D44AAD3B435B51404EE', type: 'LM', origin: 'Monkey-RDP'}
|
{username: 'joe', password: 'FDA95FBECA288D44AAD3B435B51404EE', type: 'LM', origin: 'Monkey-RDP'}
|
||||||
];
|
];
|
||||||
this.state = {
|
this.state = {
|
||||||
report: {},
|
report: {
|
||||||
|
overview:
|
||||||
|
{
|
||||||
|
monkey_start_time: '01/02/2017 21:45',
|
||||||
|
monkey_duration: '23:12 minutes',
|
||||||
|
issues: [false, true, true, true, false, true],
|
||||||
|
warnings: [true, true]
|
||||||
|
},
|
||||||
|
glance:
|
||||||
|
{
|
||||||
|
scanned:
|
||||||
|
[{"services": ["tcp-22: ssh", "elastic-search-9200: Lorelei Travis"], "ip_addresses": ["11.0.0.13"], "accessible_from_nodes": ["webServer-shellshock0"], "label": "Ubuntu-4ubuntu2.1"}, {"services": [], "ip_addresses": ["10.0.3.23"], "accessible_from_nodes": [], "label": "ubuntu"}, {"services": ["tcp-22: ssh", "tcp-80: http"], "ip_addresses": ["10.0.3.68", "11.0.0.41"], "accessible_from_nodes": ["Monkey-MSSQL1", "ubuntu"], "label": "webServer-shellshock0"}, {"services": ["tcp-445: Windows Server 2012 R2 Standard 6.3"], "ip_addresses": ["12.0.0.90", "11.0.0.90"], "accessible_from_nodes": ["webServer-shellshock0"], "label": "Monkey-MSSQL1"}],
|
||||||
|
exploited:
|
||||||
|
[{"ip_addresses": ["10.0.3.68", "11.0.0.41"], "exploits": ["ShellShockExploiter", "ShellShockExploiter"], "label": "webServer-shellshock0"}, {"ip_addresses": ["12.0.0.90", "11.0.0.90"], "exploits": ["SmbExploiter", "SmbExploiter"], "label": "Monkey-MSSQL1"}],
|
||||||
|
stolen_creds: this.stolen_passwords
|
||||||
|
},
|
||||||
|
recommendations:
|
||||||
|
{
|
||||||
|
issues:
|
||||||
|
[
|
||||||
|
{type: 'smb_password', machine: 'Monkey-SMB', ip_addresses: ['192.168.0.1', '10.0.0.18'], username: 'Administrator'},
|
||||||
|
{type: 'smb_pth', machine: 'Monkey-SMB2', ip_addresses: ['192.168.0.1', '10.0.0.18'], username: 'Administrator'},
|
||||||
|
{type: 'wmi_password', machine: 'Monkey-WMI', ip_addresses: ['192.168.0.1', '10.0.0.18'], username: 'Administrator'},
|
||||||
|
{type: 'wmi_pth', machine: 'Monkey-WMI2', ip_addresses: ['192.168.0.1', '10.0.0.18'], username: 'Administrator'},
|
||||||
|
{type: 'ssh', machine: 'Monkey-SMB', ip_addresses: ['192.168.0.1', '10.0.0.18'], username: 'Administrator'},
|
||||||
|
{type: 'rdp', machine: 'Monkey-SMB', ip_addresses: ['192.168.0.1', '10.0.0.18'], username: 'Administrator'},
|
||||||
|
{type: 'sambacry', machine: 'Monkey-SMB', ip_addresses: ['192.168.0.1', '10.0.0.18'], username: 'Administrator'},
|
||||||
|
{type: 'elastic', machine: 'Monkey-SMB', ip_addresses: ['192.168.0.1', '10.0.0.18']},
|
||||||
|
{type: 'shellshock', machine: 'Monkey-SMB', ip_addresses: ['192.168.0.1', '10.0.0.18'], port: 8080, paths: ['/cgi/backserver.cgi', '/cgi/login.cgi']},
|
||||||
|
{type: 'conficker', machine: 'Monkey-SMB', ip_addresses: ['192.168.0.1', '10.0.0.18']},
|
||||||
|
{type: 'cross_segment', machine: 'Monkey-SMB', network: '192.168.0.0/24', server_network: '172.168.0.0/24'},
|
||||||
|
{type: 'tunnel', origin: 'Monkey-SSH', dest: 'Monkey-SambaCry'}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
graph: {nodes: [], edges: []}
|
graph: {nodes: [], edges: []}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
componentDidMount() {
|
componentDidMount() {
|
||||||
this.getReportFromServer();
|
// TODO: uncomment
|
||||||
|
//this.getReportFromServer();
|
||||||
this.updateMapFromServer();
|
this.updateMapFromServer();
|
||||||
this.interval = setInterval(this.updateMapFromServer, 1000);
|
this.interval = setInterval(this.updateMapFromServer, 1000);
|
||||||
}
|
}
|
||||||
|
@ -55,10 +107,243 @@ class ReportPageComponent extends React.Component {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
generateIpListBadges(ip_addresses) {
|
||||||
|
return ip_addresses.map(ip_address => <span className="label label-info" style={{margin: '2px'}}>{ip_address}</span>);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateShellshockPathListBadges(paths) {
|
||||||
|
return paths.map(path => <span className="label label-warning" style={{margin: '2px'}}>{path}</span>);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateSmbPasswordIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">SMB</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">{issue.username}</span> and its password.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateSmbPthIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">SMB</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span className="label label-success">{issue.username}</span>.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateWmiPasswordIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">WMI</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded by authenticating over WMI protocol with user <span className="label label-success">{issue.username}</span> and its password.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateWmiPthIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">WMI</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span className="label label-success">{issue.username}</span>.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateSshIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">SSH</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded by authenticating over SSH protocol with user <span className="label label-success">{issue.username}</span> and its password.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateRdpIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">RDP</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded by authenticating over RDP protocol with user <span className="label label-success">{issue.username}</span> and its password.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateSambaCryIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">SambaCry</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">{issue.username}</span> and its password, and by using the SambaCry vulnerability.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.</li>
|
||||||
|
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateElasticIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to an <span className="label label-danger">Elastic Groovy</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Update your Elastic Search server to version 1.4.3 and up.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateShellshockIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">ShellShock</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded because the HTTP server running on port <span className="label label-info">{issue.port}</span> was vulnerable to a shell injection attack on the paths: {this.generateShellshockPathListBadges(issue.paths)}.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Update your Bash to a ShellShock-patched version.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateConfickerIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The machine <span className="label label-primary">{issue.machine}</span> with the following IP addresses {this.generateIpListBadges(issue.ip_addresses)} was vulnerable to a <span className="label label-danger">Conficker</span> attack.
|
||||||
|
<br />
|
||||||
|
The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to Conficker.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Install the latest Windows updates or upgrade to a newer operating system.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateCrossSegmentIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
The network can probably be segmented. A monkey instance on <span className="label label-primary">{issue.machine}</span> in the <span className="label label-info">{issue.network}</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">{issue.server_network}</span> network.
|
||||||
|
<br />
|
||||||
|
In order to protect the network, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Segment your network. Make sure machines can't access machines from other segments.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateTunnelIssue(issue) {
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
Machines are not locked down at port level. Network tunnel was set up from <span className="label label-primary">{issue.origin}</span> to <span className="label label-primary">{issue.dest}</span>.
|
||||||
|
<br />
|
||||||
|
In order to protect the machine, the following steps should be performed:
|
||||||
|
<ul className="report">
|
||||||
|
<li className="report">Use micro-segmentation policies to disable communication other than the required.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
generateIssue = (issue, index) => {
|
||||||
|
let data;
|
||||||
|
switch (issue.type) {
|
||||||
|
case 'smb_password':
|
||||||
|
data = this.generateSmbPasswordIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'smb_pth':
|
||||||
|
data = this.generateSmbPthIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'wmi_password':
|
||||||
|
data = this.generateWmiPasswordIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'wmi_pth':
|
||||||
|
data = this.generateWmiPthIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'ssh':
|
||||||
|
data = this.generateSshIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'rdp':
|
||||||
|
data = this.generateRdpIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'sambacry':
|
||||||
|
data = this.generateSambaCryIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'elastic':
|
||||||
|
data = this.generateElasticIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'shellshock':
|
||||||
|
data = this.generateShellshockIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'conficker':
|
||||||
|
data = this.generateConfickerIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'cross_segment':
|
||||||
|
data = this.generateCrossSegmentIssue(issue);
|
||||||
|
break;
|
||||||
|
case 'tunnel':
|
||||||
|
data = this.generateTunnelIssue(issue);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return (
|
||||||
|
<div>
|
||||||
|
<h4><b><i>Issue #{index+1}</i></b></h4>
|
||||||
|
{data}
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
render() {
|
render() {
|
||||||
let content;
|
let content;
|
||||||
|
// TODO: remove 0==1
|
||||||
if (Object.keys(this.state.report).length === 0) {
|
if (0==1 || Object.keys(this.state.report).length === 0) {
|
||||||
content = (<h1>Generating Report...</h1>);
|
content = (<h1>Generating Report...</h1>);
|
||||||
} else {
|
} else {
|
||||||
content =
|
content =
|
||||||
|
@ -69,8 +354,7 @@ class ReportPageComponent extends React.Component {
|
||||||
Overview
|
Overview
|
||||||
</h1>
|
</h1>
|
||||||
<p>
|
<p>
|
||||||
{/* TODO: Replace 01/02/2017 21:45, 23:12 with data */}
|
The monkey run was started on <span className="label label-info">{this.state.report.overview.monkey_start_time}</span>. After <span className="label label-info">{this.state.report.overview.monkey_duration}</span>, all monkeys finished propagation attempts.
|
||||||
The monkey run was started on <span className="label label-info">01/02/2017 21:45</span>. After <span className="label label-info">23:12 minutes</span>, all monkeys finished propagation attempts.
|
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
From the attacker's point of view, the network looks like this:
|
From the attacker's point of view, the network looks like this:
|
||||||
|
@ -79,24 +363,21 @@ class ReportPageComponent extends React.Component {
|
||||||
<ReactiveGraph graph={this.state.graph} options={options} />
|
<ReactiveGraph graph={this.state.graph} options={options} />
|
||||||
</div>
|
</div>
|
||||||
<div>
|
<div>
|
||||||
{/* TODO: Replace 3 with data */}
|
During this simulated attack the Monkey uncovered <span className="label label-warning">{this.state.report.overview.issues.filter(function(x){return x===true;}).length}</span>, detailed below. The security issues uncovered include:
|
||||||
During this simulated attack the Monkey uncovered <span className="label label-warning">6 issues</span>, detailed below. The security issues uncovered include:
|
|
||||||
<ul className="report">
|
<ul className="report">
|
||||||
{/* TODO: Replace lis with data */}
|
{this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? <li className="report">Users with weak passwords.</li> : null}
|
||||||
<li className="report">Users with weak passwords.</li>
|
{this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?<li className="report">Stolen passwords/hashes were used to exploit other machines.</li> : null}
|
||||||
<li className="report">Stolen passwords/hashes were used to exploit other machines.</li>
|
{this.state.report.overview.issues[this.Issue.ELASTIC] ? <li className="report">Elastic Search servers not patched for <a href="https://www.cvedetails.com/cve/cve-2015-1427" className="report">CVE-2015-1427</a>.</li> : null}
|
||||||
<li className="report">Elastic Search servers not patched for <a href="https://www.cvedetails.com/cve/cve-2015-1427" className="report">CVE-2015-1427</a>.</li>
|
{this.state.report.overview.issues[this.Issue.SAMBACRY] ? <li className="report">Samba servers not patched for ‘SambaCry’ (<a href="https://www.samba.org/samba/security/CVE-2017-7494.html" className="report">CVE-2017-7494</a>).</li> : null}
|
||||||
<li className="report">Samba servers not patched for ‘SambaCry’ (<a href="https://www.samba.org/samba/security/CVE-2017-7494.html" className="report">CVE-2017-7494</a>).</li>
|
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? <li className="report">Machines not patched for the ‘Shellshock’ (<a href="https://www.cvedetails.com/cve/CVE-2014-6271" className="report">CVE-2014-6271</a>).</li> : null}
|
||||||
<li className="report">Machines not patched for the ‘Shellshock’ (<a href="https://www.cvedetails.com/cve/CVE-2014-6271" className="report">CVE-2014-6271</a>).</li>
|
{this.state.report.overview.issues[this.Issue.CONFICKER] ? <li className="report">Machines not patched for the ‘Conficker’ (<a href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067" className="report">MS08-067</a>).</li> : null}
|
||||||
<li className="report">Machines not patched for the ‘Conficker’ (<a href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067" className="report">MS08-067</a>).</li>
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<div>
|
<div>
|
||||||
In addition, the monkey uncovered the following possible set of issues:
|
In addition, the monkey uncovered the following possible set of issues:
|
||||||
<ul className="report">
|
<ul className="report">
|
||||||
{/* TODO: Replace lis with data */}
|
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? <li className="report">Possible cross segment traffic. Infected machines could communicate with the Monkey Island despite crossing segment boundaries using unused ports.</li> : null}
|
||||||
<li className="report">Possible cross segment traffic. Infected machines could communicate with the Monkey Island despite crossing segment boundaries using unused ports.</li>
|
{this.state.report.overview.warnings[this.Warning.TUNNEL] ? <li className="report">Lack of port level segmentation, machines successfully tunneled monkey activity using unused ports.</li> : null}
|
||||||
<li className="report">Lack of port level segmentation, machines successfully tunneled monkey activity using unused ports.</li>
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<p>
|
<p>
|
||||||
|
@ -110,8 +391,7 @@ class ReportPageComponent extends React.Component {
|
||||||
<div>
|
<div>
|
||||||
<Col lg={10}>
|
<Col lg={10}>
|
||||||
<p>
|
<p>
|
||||||
{/* TODO: Replace 6,2 with data */}
|
The Monkey discovered <span className="label label-info">{this.state.report.glance.scanned.length}</span> machines and successfully breached <span className="label label-warning">{this.state.report.glance.exploited.length}</span> of them.
|
||||||
The Monkey discovered <span className="label label-info">6</span> machines and successfully breached <span className="label label-warning">2</span> of them.
|
|
||||||
<br />
|
<br />
|
||||||
In addition, while attempting to exploit additional hosts , security software installed in the network should have picked up the attack attempts and logged them.
|
In addition, while attempting to exploit additional hosts , security software installed in the network should have picked up the attack attempts and logged them.
|
||||||
<br />
|
<br />
|
||||||
|
@ -120,19 +400,18 @@ class ReportPageComponent extends React.Component {
|
||||||
</Col>
|
</Col>
|
||||||
<Col lg={2}>
|
<Col lg={2}>
|
||||||
<div style={{marginBottom: '20px'}}>
|
<div style={{marginBottom: '20px'}}>
|
||||||
<ScannedBreachedChart />
|
<ScannedBreachedChart scanned={this.state.report.glance.scanned.length} exploited={this.state.report.glance.exploited.length} />
|
||||||
</div>
|
</div>
|
||||||
</Col>
|
</Col>
|
||||||
</div>
|
</div>
|
||||||
<div style={{marginBottom: '20px'}}>
|
<div style={{marginBottom: '20px'}}>
|
||||||
<BreachedServers data={this.state.report.exploited} />
|
<BreachedServers data={this.state.report.glance.exploited} />
|
||||||
</div>
|
</div>
|
||||||
<div style={{marginBottom: '20px'}}>
|
<div style={{marginBottom: '20px'}}>
|
||||||
<ScannedServers data={this.state.report.scanned} />
|
<ScannedServers data={this.state.report.glance.scanned} />
|
||||||
{/* TODO: Add table of scanned servers */}
|
|
||||||
</div>
|
</div>
|
||||||
<div>
|
<div>
|
||||||
<StolenPasswords data={this.stolen_passwords} />
|
<StolenPasswords data={this.state.report.glance.stolen_creds} />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div id="recommendations">
|
<div id="recommendations">
|
||||||
|
@ -140,170 +419,7 @@ class ReportPageComponent extends React.Component {
|
||||||
Recommendations
|
Recommendations
|
||||||
</h1>
|
</h1>
|
||||||
<div>
|
<div>
|
||||||
<div>
|
{this.state.report.recommendations.issues.map(this.generateIssue)}
|
||||||
<h4><b><i>Issue #1</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-SMB</span> with the following IP addresses <span className="label label-info">192.168.0.1</span> <span className="label label-info">10.0.0.18</span> was vulnerable to a <span className="label label-danger">SMB</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">Administrator</span> and its password.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #2</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-SMB2</span> with the following IP address <span className="label label-info">192.168.0.2</span> was vulnerable to a <span className="label label-danger">SMB</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span className="label label-success">temp</span>.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #3</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-WMI</span> with the following IP address <span className="label label-info">192.168.0.3</span> was vulnerable to a <span className="label label-danger">WMI</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded by authenticating over WMI protocol with user <span className="label label-success">Administrator</span> and its password.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #4</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-WMI2</span> with the following IP address <span className="label label-info">192.168.0.4</span> was vulnerable to a <span className="label label-danger">WMI</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span className="label label-success">Administrator</span>.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #5</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-SSH</span> with the following IP address <span className="label label-info">192.168.0.5</span> was vulnerable to a <span className="label label-danger">SSH</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded by authenticating over SSH protocol with user <span className="label label-success">user</span> and its password.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #6</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-RDP</span> with the following IP address <span className="label label-info">192.168.0.6</span> was vulnerable to a <span className="label label-danger">RDP</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded by authenticating over RDP protocol with user <span className="label label-success">Administrator</span> and its password.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #7</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-SambaCry</span> with the following IP address <span className="label label-info">192.168.0.7</span> was vulnerable to a <span className="label label-danger">SambaCry</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">user</span> and its password, and by using the SambaCry vulnerability.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.</li>
|
|
||||||
<li className="report">Use a complex one-use password that is not shared with other computers on the network.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #8</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-Elastic</span> with the following IP address <span className="label label-info">192.168.0.8</span> was vulnerable to an <span className="label label-danger">Elastic Groovy</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded because the Elastic Search server was not parched against CVE-2015-1427.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Update your Elastic Search server to version 1.4.3 and up.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #9</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-Shellshock</span> with the following IP address <span className="label label-info">192.168.0.9</span> was vulnerable to a <span className="label label-danger">ShellShock</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded because the HTTP server running on port <span className="label label-info">8080</span> was vulnerable to a shell injection attack on the paths: <span className="label label-warning">/cgi/backserver.cgi</span> <span className="label label-warning">/cgi/login.cgi</span>.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Update your Bash to a ShellShock-patched version.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #10</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The machine <span className="label label-primary">Monkey-Conficker</span> with the following IP address <span className="label label-info">192.168.0.10</span> was vulnerable to a <span className="label label-danger">Conficker</span> attack.
|
|
||||||
<br />
|
|
||||||
The attack succeeded because the target machine uses an outdated and unpatched operating system vulnerable to Conficker.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Install the latest Windows updates or upgrade to a newer operating system.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #11</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The network can probably be segmented. A monkey instance on <span className="label label-primary">Monkey-SMB</span> in the <span className="label label-info">192.168.0.0/24</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">172.168.0.0/24</span> network.
|
|
||||||
<br />
|
|
||||||
In order to protect the network, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Segment your network. Make sure machines can't access machines from other segments.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #12</i></b></h4>
|
|
||||||
<div>
|
|
||||||
The network can probably be segmented. A monkey instance on <span className="label label-primary">Monkey-SSH</span> in the <span className="label label-info">192.168.0.0/24</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">172.168.0.0/24</span> network.
|
|
||||||
<br />
|
|
||||||
In order to protect the network, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Segment your network. Make sure machines can't access machines from other segments.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div>
|
|
||||||
<h4><b><i>Issue #13</i></b></h4>
|
|
||||||
<div>
|
|
||||||
Machines are not locked down at port level. Network tunnel was set up from <span className="label label-primary">Monkey-SSH</span> to <span className="label label-primary">Monkey-SambaCry</span>.
|
|
||||||
<br />
|
|
||||||
In order to protect the machine, the following steps should be performed:
|
|
||||||
<ul className="report">
|
|
||||||
<li className="report">Use micro-segmentation policies to disable communication other than the required.</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -18,8 +18,8 @@ class ScannedBreachedChartComponent extends React.Component {
|
||||||
|
|
||||||
render() {
|
render() {
|
||||||
const data = [
|
const data = [
|
||||||
{label: 'Scanned', value: 4, color: '#f0ad4e'},
|
{label: 'Scanned', value: this.props.scanned - this.props.exploited, color: '#f0ad4e'},
|
||||||
{label: 'Exploited', value: 2, color: '#d9534f'}
|
{label: 'Exploited', value: this.props.exploited, color: '#d9534f'}
|
||||||
];
|
];
|
||||||
|
|
||||||
return (
|
return (
|
||||||
|
|
Loading…
Reference in New Issue