p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Island: remove sambacry exploiter code and related infrastructure/docs

This commit is contained in:
VakarisZ 2021-11-10 12:25:19 +02:00
parent 73188e78cc
commit 881800047b
8 changed files with 0 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -48,7 +48,6 @@ The Infection Monkey uses the following techniques and exploits to propagate to
* WMI * WMI
* Shellshock * Shellshock
* Conficker * Conficker
* SambaCry
* Elastic Search (CVE-2015-1427) * Elastic Search (CVE-2015-1427)
* Weblogic server * Weblogic server
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters. * and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.

1
monkey/monkey_island/cc/services/config_schema/basic.py
View File

@ -18,7 +18,6 @@ BASIC = {
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"ShellShockExploiter", "ShellShockExploiter",
"SambaCryExploiter",
"ElasticGroovyExploiter", "ElasticGroovyExploiter",
"Struts2Exploiter", "Struts2Exploiter",
"WebLogicExploiter", "WebLogicExploiter",

9
monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
View File

@ -74,15 +74,6 @@ EXPLOITER_CLASSES = {
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
"/shellshock/", "/shellshock/",
}, },
{
"type": "string",
"enum": ["SambaCryExploiter"],
"title": "SambaCry Exploiter",
"safe": True,
"info": "Bruteforces and searches for anonymous shares. Uses Impacket.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
"/sambacry/",
},
{ {
"type": "string", "type": "string",
"enum": ["ElasticGroovyExploiter"], "enum": ["ElasticGroovyExploiter"],

39
monkey/monkey_island/cc/services/config_schema/internal.py
View File

@ -373,45 +373,6 @@ INTERNAL = {
}, },
}, },
}, },
"sambacry": {
"title": "SambaCry",
"type": "object",
"properties": {
"sambacry_trigger_timeout": {
"title": "SambaCry trigger timeout",
"type": "integer",
"default": 5,
"description": "Timeout (in seconds) of SambaCry trigger",
},
"sambacry_folder_paths_to_guess": {
"title": "SambaCry folder paths to guess",
"type": "array",
"uniqueItems": True,
"items": {"type": "string"},
"default": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home",
],
"description": "List of full paths to share folder for SambaCry to "
"guess",
},
"sambacry_shares_not_to_check": {
"title": "SambaCry shares not to check",
"type": "array",
"uniqueItems": True,
"items": {"type": "string"},
"default": ["IPC$", "print$"],
"description": "These shares won't be checked when exploiting with "
"SambaCry",
},
},
},
}, },
"smb_service": { "smb_service": {
"title": "SMB service", "title": "SMB service",

19
monkey/monkey_island/cc/services/reporting/aws_exporter.py
View File

@ -75,7 +75,6 @@ class AWSExporter(Exporter):
CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue, CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue,
CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue, CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue,
}, },
ExploiterDescriptorEnum.SAMBACRY.value.class_name: AWSExporter._handle_sambacry_issue,
"shared_passwords": AWSExporter._handle_shared_passwords_issue, "shared_passwords": AWSExporter._handle_shared_passwords_issue,
ExploiterDescriptorEnum.WMI.value.class_name: { ExploiterDescriptorEnum.WMI.value.class_name: {
CredentialType.PASSWORD.value: AWSExporter._handle_wmi_password_issue, CredentialType.PASSWORD.value: AWSExporter._handle_wmi_password_issue,
@ -192,24 +191,6 @@ class AWSExporter(Exporter):
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
) )
@staticmethod
def _handle_sambacry_issue(issue, instance_arn):
return AWSExporter._build_generic_finding(
severity=10,
title="Samba servers are vulnerable to 'SambaCry'",
description="Change {0} password to a complex one-use password that is not shared "
"with other computers on the "
"network. Update your Samba server to 4.4.14 and up, "
"4.5.10 and up, or 4.6.4 and up.".format(issue["username"]),
recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The "
"Monkey authenticated over the SMB "
"protocol with user {2} and its password, and used the SambaCry "
"vulnerability.".format(issue["machine"], issue["ip_address"], issue["username"]),
instance_arn=instance_arn,
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
)
@staticmethod @staticmethod
def _handle_smb_pth_issue(issue, instance_arn): def _handle_smb_pth_issue(issue, instance_arn):

1
monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
View File

@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum):
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor) SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor) WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor) SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
SAMBACRY = ExploiterDescriptor("SambaCryExploiter", "SambaCry Exploiter", CredExploitProcessor)
ELASTIC = ExploiterDescriptor( ELASTIC = ExploiterDescriptor(
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor "ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
) )

6
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -27,7 +27,6 @@ import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue
import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue'; import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue'; import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue'; import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue';
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue'; import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue'; import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue'; import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue';
@ -122,11 +121,6 @@ class ReportPageComponent extends AuthComponent {
}, },
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}, },
'SambaCryExploiter': {
[this.issueContentTypes.OVERVIEW]: sambacryIssueOverview,
[this.issueContentTypes.REPORT]: sambacryIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'ElasticGroovyExploiter': { 'ElasticGroovyExploiter': {
[this.issueContentTypes.OVERVIEW]: elasticIssueOverview, [this.issueContentTypes.OVERVIEW]: elasticIssueOverview,
[this.issueContentTypes.REPORT]: elasticIssueReport, [this.issueContentTypes.REPORT]: elasticIssueReport,

28
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js
View File

@ -1,28 +0,0 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function sambacryIssueOverview() {
return (<li>Samba servers are vulnerable to SambaCry (<a
href="https://www.samba.org/samba/security/CVE-2017-7494.html"
>CVE-2017-7494</a>).</li>)
}
export function sambacryIssueReport(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network.
<br/>
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SambaCry</span> attack.
<br/>
The Monkey authenticated over the SMB protocol with user <span
className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry
vulnerability.
</CollapsibleWellComponent>
</>
);
}