Island: remove sambacry exploiter code and related infrastructure/docs

2021-11-10 12:25:19 +02:00 · 2021-11-10 12:25:19 +02:00 · 881800047b
parent 73188e78cc
commit 881800047b
8 changed files with 0 additions and 104 deletions
--- a/README.md
+++ b/README.md
@ -48,7 +48,6 @@ The Infection Monkey uses the following techniques and exploits to propagate to
  * WMI
  * Shellshock
  * Conficker
-  * SambaCry
  * Elastic Search (CVE-2015-1427)
  * Weblogic server
  * and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
--- a/monkey/monkey_island/cc/services/config_schema/basic.py
+++ b/monkey/monkey_island/cc/services/config_schema/basic.py
@ -18,7 +18,6 @@ BASIC = {
                        "WmiExploiter",
                        "SSHExploiter",
                        "ShellShockExploiter",
-                        "SambaCryExploiter",
                        "ElasticGroovyExploiter",
                        "Struts2Exploiter",
                        "WebLogicExploiter",
--- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
@ -74,15 +74,6 @@ EXPLOITER_CLASSES = {
            "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
            "/shellshock/",
        },
-        {
-            "type": "string",
-            "enum": ["SambaCryExploiter"],
-            "title": "SambaCry Exploiter",
-            "safe": True,
-            "info": "Bruteforces and searches for anonymous shares. Uses Impacket.",
-            "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
-            "/sambacry/",
-        },
        {
            "type": "string",
            "enum": ["ElasticGroovyExploiter"],
--- a/monkey/monkey_island/cc/services/config_schema/internal.py
+++ b/monkey/monkey_island/cc/services/config_schema/internal.py
@ -373,45 +373,6 @@ INTERNAL = {
                        },
                    },
                },
-                "sambacry": {
-                    "title": "SambaCry",
-                    "type": "object",
-                    "properties": {
-                        "sambacry_trigger_timeout": {
-                            "title": "SambaCry trigger timeout",
-                            "type": "integer",
-                            "default": 5,
-                            "description": "Timeout (in seconds) of SambaCry trigger",
-                        },
-                        "sambacry_folder_paths_to_guess": {
-                            "title": "SambaCry folder paths to guess",
-                            "type": "array",
-                            "uniqueItems": True,
-                            "items": {"type": "string"},
-                            "default": [
-                                "/",
-                                "/mnt",
-                                "/tmp",
-                                "/storage",
-                                "/export",
-                                "/share",
-                                "/shares",
-                                "/home",
-                            ],
-                            "description": "List of full paths to share folder for SambaCry to "
-                            "guess",
-                        },
-                        "sambacry_shares_not_to_check": {
-                            "title": "SambaCry shares not to check",
-                            "type": "array",
-                            "uniqueItems": True,
-                            "items": {"type": "string"},
-                            "default": ["IPC$", "print$"],
-                            "description": "These shares won't be checked when exploiting with "
-                            "SambaCry",
-                        },
-                    },
-                },
            },
            "smb_service": {
                "title": "SMB service",
--- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py
+++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
@ -75,7 +75,6 @@ class AWSExporter(Exporter):
                CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue,
                CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue,
            },
-            ExploiterDescriptorEnum.SAMBACRY.value.class_name: AWSExporter._handle_sambacry_issue,
            "shared_passwords": AWSExporter._handle_shared_passwords_issue,
            ExploiterDescriptorEnum.WMI.value.class_name: {
                CredentialType.PASSWORD.value: AWSExporter._handle_wmi_password_issue,
@ -192,24 +191,6 @@ class AWSExporter(Exporter):
            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
        )

-    @staticmethod
-    def _handle_sambacry_issue(issue, instance_arn):
-
-        return AWSExporter._build_generic_finding(
-            severity=10,
-            title="Samba servers are vulnerable to 'SambaCry'",
-            description="Change {0} password to a complex one-use password that is not shared "
-            "with other computers on the "
-            "network. Update your Samba server to 4.4.14 and up, "
-            "4.5.10 and up, or 4.6.4 and up.".format(issue["username"]),
-            recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The "
-            "Monkey authenticated over the SMB "
-            "protocol with user {2} and its password, and used the SambaCry "
-            "vulnerability.".format(issue["machine"], issue["ip_address"], issue["username"]),
-            instance_arn=instance_arn,
-            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
-        )
-
    @staticmethod
    def _handle_smb_pth_issue(issue, instance_arn):

--- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
+++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum):
    SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
    WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
    SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
-    SAMBACRY = ExploiterDescriptor("SambaCryExploiter", "SambaCry Exploiter", CredExploitProcessor)
    ELASTIC = ExploiterDescriptor(
        "ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
    )
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@ -27,7 +27,6 @@ import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue
 import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
 import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
 import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
-import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue';
 import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
 import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
 import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue';
@ -122,11 +121,6 @@ class ReportPageComponent extends AuthComponent {
        },
        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
      },
-      'SambaCryExploiter': {
-        [this.issueContentTypes.OVERVIEW]: sambacryIssueOverview,
-        [this.issueContentTypes.REPORT]: sambacryIssueReport,
-        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
-      },
      'ElasticGroovyExploiter': {
        [this.issueContentTypes.OVERVIEW]: elasticIssueOverview,
        [this.issueContentTypes.REPORT]: elasticIssueReport,
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js
@ -1,28 +0,0 @@
-import React from 'react';
-import CollapsibleWellComponent from '../CollapsibleWell';
-
-export function sambacryIssueOverview() {
-   return (<li>Samba servers are vulnerable to ‘SambaCry’ (<a
-                      href="https://www.samba.org/samba/security/CVE-2017-7494.html"
-                    >CVE-2017-7494</a>).</li>)
-}
-
-export function sambacryIssueReport(issue) {
-  return (
-      <>
-        Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
-        that is not shared with other computers on the network.
-        <br/>
-        Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
-        <CollapsibleWellComponent>
-          The machine <span className="badge badge-primary">{issue.machine}</span> (<span
-          className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
-          className="badge badge-danger">SambaCry</span> attack.
-          <br/>
-          The Monkey authenticated over the SMB protocol with user <span
-          className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry
-          vulnerability.
-        </CollapsibleWellComponent>
-      </>
-    );
-}