From 3503bf9ccb210baf07a74b5d63ef32e14747ffd1 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 19 Nov 2018 15:55:18 +0200 Subject: [PATCH 1/5] Makes all tabs of equal height --- monkey/monkey_island/cc/ui/src/styles/App.css | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/styles/App.css b/monkey/monkey_island/cc/ui/src/styles/App.css index 7f487694c..1b857a1ec 100644 --- a/monkey/monkey_island/cc/ui/src/styles/App.css +++ b/monkey/monkey_island/cc/ui/src/styles/App.css @@ -138,12 +138,11 @@ body { padding-left: 40px; } } + .main .page-header { margin-top: 0; } - - .index img { margin: 40px auto; border-radius: 4px; @@ -172,6 +171,9 @@ body { display: none; } +.nav-tabs > li > a { + height: 63px +} /* * Run Monkey Page */ @@ -491,4 +493,5 @@ body { .label-danger { background-color: #d9534f !important; } + } From 22a7a5401c061038347c91bf6cccdd73489f26c1 Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Mon, 19 Nov 2018 19:15:02 +0200 Subject: [PATCH 2/5] Hotfix english phrasing in WebLogic recommendation --- monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js index f88df4831..18e39704d 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -837,7 +837,7 @@ class ReportPageComponent extends AuthComponent { return (
  • Install Oracle - critical patch updates. Or change server version. Vulnerable versions are + critical patch updates. Or update to the latest version. Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Oracle WebLogic server at {issue.machine} ( Date: Tue, 20 Nov 2018 17:46:35 +0200 Subject: [PATCH 3/5] Fix typo where Oracle WebLogic showed up --- monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js index 18e39704d..61e80737b 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -857,7 +857,7 @@ class ReportPageComponent extends AuthComponent { Run Hadoop in secure mode ( add Kerberos authentication). - Oracle WebLogic server at {issue.machine} ({issue.machine} ({issue.ip_address}) is vulnerable to remote code execution attack.
    From fac6f970bb8d13da10c286072028e5c090adc7d5 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Sun, 25 Nov 2018 18:38:44 +0200 Subject: [PATCH 4/5] Add support for strings to be encrypted --- monkey/monkey_island/cc/services/config.py | 39 ++++++++++++++++------ 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 64b359f61..9ebe7189c 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -869,6 +869,7 @@ SCHEMA = { } } +# This should be used for config values of array type (array of strings only) ENCRYPTED_CONFIG_ARRAYS = \ [ ['basic', 'credentials', 'exploit_password_list'], @@ -877,6 +878,12 @@ ENCRYPTED_CONFIG_ARRAYS = \ ['internal', 'exploits', 'exploit_ssh_keys'] ] +# This should be used for config values of string type +ENCRYPTED_CONFIG_STRINGS = \ + [ + + ] + class ConfigService: default_config = None @@ -913,8 +920,11 @@ class ConfigService: config = mongo.db.config.find_one({'name': 'initial' if is_initial_config else 'newconfig'}, {config_key: 1}) for config_key_part in config_key_as_arr: config = config[config_key_part] - if should_decrypt and (config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS): - config = [encryptor.dec(x) for x in config] + if should_decrypt: + if config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS: + config = [encryptor.dec(x) for x in config] + elif config_key_as_arr in ENCRYPTED_CONFIG_STRINGS: + config = encryptor.dec(config) return config @staticmethod @@ -1071,7 +1081,7 @@ class ConfigService: """ Same as decrypt_config but for a flat configuration """ - keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS] + keys = [config_arr_as_array[2] for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS)] for key in keys: if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types): # Check if we are decrypting ssh key pair @@ -1085,18 +1095,25 @@ class ConfigService: @staticmethod def _encrypt_or_decrypt_config(config, is_decrypt=False): - for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: + for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS): config_arr = config + prev_config_arr = None + for config_key_part in config_arr_as_array: + prev_config_arr = config_arr config_arr = config_arr[config_key_part] - for i in range(len(config_arr)): - # Check if array of shh key pairs and then decrypt - if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]: - config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \ - ConfigService.decrypt_ssh_key_pair(config_arr[i], True) - else: - config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i]) + if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, string_types): + for i in range(len(config_arr)): + # Check if array of shh key pairs and then decrypt + if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]: + config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \ + ConfigService.decrypt_ssh_key_pair(config_arr[i], True) + else: + config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i]) + else: + prev_config_arr[config_arr_as_array[-1]] =\ + encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr) @staticmethod def decrypt_ssh_key_pair(pair, encrypt=False): From f6a0937b220290ff273ec05c6872990487586bff Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Sun, 25 Nov 2018 18:45:55 +0200 Subject: [PATCH 5/5] rename var + comment --- monkey/monkey_island/cc/services/config.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 9ebe7189c..1b2966026 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -1097,10 +1097,11 @@ class ConfigService: def _encrypt_or_decrypt_config(config, is_decrypt=False): for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS): config_arr = config - prev_config_arr = None + parent_config_arr = None + # Because the config isn't flat, this for-loop gets the actual config value out of the config for config_key_part in config_arr_as_array: - prev_config_arr = config_arr + parent_config_arr = config_arr config_arr = config_arr[config_key_part] if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, string_types): @@ -1112,7 +1113,7 @@ class ConfigService: else: config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i]) else: - prev_config_arr[config_arr_as_array[-1]] =\ + parent_config_arr[config_arr_as_array[-1]] =\ encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr) @staticmethod