p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Replace double quotes with single quotes in SecurityReport.js

This commit is contained in:
VakarisZ 2021-03-01 17:16:50 +02:00 committed by Mike Salvatore
parent 9171ed8190
commit 9e3fe03ce1
1 changed files with 180 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

360
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -110,7 +110,7 @@ class ReportPageComponent extends AuthComponent {
print(); print();
}}/> }}/>
</div> </div>
<div className="report-page"> <div className='report-page'>
<ReportHeader report_type={ReportTypes.security}/> <ReportHeader report_type={ReportTypes.security}/>
<hr/> <hr/>
{content} {content}
@ -142,7 +142,7 @@ class ReportPageComponent extends AuthComponent {
generateReportOverviewSection() { generateReportOverviewSection() {
return ( return (
<div id="overview"> <div id='overview'>
<h2> <h2>
Overview Overview
</h2> </h2>
@ -151,7 +151,7 @@ class ReportPageComponent extends AuthComponent {
this.state.report.glance.exploited.length > 0 ? this.state.report.glance.exploited.length > 0 ?
'' ''
: :
<p className="alert alert-info"> <p className='alert alert-info'>
<FontAwesomeIcon icon={faExclamationTriangle} style={{'marginRight': '5px'}}/> <FontAwesomeIcon icon={faExclamationTriangle} style={{'marginRight': '5px'}}/>
To improve the monkey's detection rates, try adding users and passwords and enable the "Local To improve the monkey's detection rates, try adding users and passwords and enable the "Local
network network
@ -160,8 +160,8 @@ class ReportPageComponent extends AuthComponent {
} }
<p> <p>
The first monkey run was started on <span The first monkey run was started on <span
className="badge badge-info">{this.state.report.overview.monkey_start_time}</span>. After <span className='badge badge-info'>{this.state.report.overview.monkey_start_time}</span>. After <span
className="badge badge-info">{this.state.report.overview.monkey_duration}</span>, all monkeys finished className='badge badge-info'>{this.state.report.overview.monkey_duration}</span>, all monkeys finished
propagation attempts. propagation attempts.
</p> </p>
<p> <p>
@ -238,7 +238,7 @@ class ReportPageComponent extends AuthComponent {
generateReportFindingsSection() { generateReportFindingsSection() {
return ( return (
<div id="findings"> <div id='findings'>
<h3> <h3>
Security Findings Security Findings
</h3> </h3>
@ -252,7 +252,7 @@ class ReportPageComponent extends AuthComponent {
}).length > 0 ? }).length > 0 ?
<div> <div>
During this simulated attack the Monkey uncovered <span During this simulated attack the Monkey uncovered <span
className="badge badge-warning"> className='badge badge-warning'>
{this.state.report.overview.issues.filter(function (x) { {this.state.report.overview.issues.filter(function (x) {
return x === true; return x === true;
}).length} threats</span>: }).length} threats</span>:
@ -264,50 +264,50 @@ class ReportPageComponent extends AuthComponent {
{this.state.report.overview.issues[this.Issue.ELASTIC] && {this.state.report.overview.issues[this.Issue.ELASTIC] &&
<li>Elasticsearch servers are vulnerable to <li>Elasticsearch servers are vulnerable to
<Button <Button
variant={"link"} variant={'link'}
href="https://www.cvedetails.com/cve/cve-2015-1427" href='https://www.cvedetails.com/cve/cve-2015-1427'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
CVE-2015-1427 CVE-2015-1427
</Button>. </Button>.
</li>} </li>}
{this.state.report.overview.issues[this.Issue.VSFTPD] && {this.state.report.overview.issues[this.Issue.VSFTPD] &&
<li>VSFTPD is vulnerable to <li>VSFTPD is vulnerable to
<Button <Button
variant={"link"} variant={'link'}
href="https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor" href='https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
CVE-2011-2523 CVE-2011-2523
</Button>. </Button>.
</li>} </li>}
{this.state.report.overview.issues[this.Issue.SAMBACRY] && {this.state.report.overview.issues[this.Issue.SAMBACRY] &&
<li>Samba servers are vulnerable to SambaCry ( <li>Samba servers are vulnerable to SambaCry (
<Button <Button
variant={"link"} variant={'link'}
href="https://www.samba.org/samba/security/CVE-2017-7494.html" href='https://www.samba.org/samba/security/CVE-2017-7494.html'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
CVE-2017-7494 CVE-2017-7494
</Button>). </Button>).
</li>} </li>}
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] && {this.state.report.overview.issues[this.Issue.SHELLSHOCK] &&
<li>Machines are vulnerable to Shellshock ( <li>Machines are vulnerable to Shellshock (
<Button <Button
variant={"link"} variant={'link'}
href="https://www.cvedetails.com/cve/CVE-2014-6271" href='https://www.cvedetails.com/cve/CVE-2014-6271'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
CVE-2014-6271 CVE-2014-6271
</Button>). </Button>).
</li>} </li>}
{this.state.report.overview.issues[this.Issue.CONFICKER] && {this.state.report.overview.issues[this.Issue.CONFICKER] &&
<li>Machines are vulnerable to Conficker ( <li>Machines are vulnerable to Conficker (
<Button <Button
variant={"link"} variant={'link'}
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067" href='https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
MS08-067 MS08-067
</Button>). </Button>).
</li>} </li>}
@ -317,20 +317,20 @@ class ReportPageComponent extends AuthComponent {
{this.state.report.overview.issues[this.Issue.AZURE] && {this.state.report.overview.issues[this.Issue.AZURE] &&
<li>Azure machines expose plaintext passwords. ( <li>Azure machines expose plaintext passwords. (
<Button <Button
variant={"link"} variant={'link'}
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/" href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
More info More info
</Button>) </Button>)
</li>} </li>}
{this.state.report.overview.issues[this.Issue.STRUTS2] && {this.state.report.overview.issues[this.Issue.STRUTS2] &&
<li>Struts2 servers are vulnerable to remote code execution. ( <li>Struts2 servers are vulnerable to remote code execution. (
<Button <Button
variant={"link"} variant={'link'}
href="https://cwiki.apache.org/confluence/display/WW/S2-045" href='https://cwiki.apache.org/confluence/display/WW/S2-045'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
CVE-2017-5638 CVE-2017-5638
</Button>) </Button>)
</li>} </li>}
@ -346,10 +346,10 @@ class ReportPageComponent extends AuthComponent {
{this.state.report.overview.issues[this.Issue.DRUPAL] && {this.state.report.overview.issues[this.Issue.DRUPAL] &&
<li>Drupal servers are susceptible to a remote code execution vulnerability <li>Drupal servers are susceptible to a remote code execution vulnerability
(<Button (<Button
variant={"link"} variant={'link'}
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340" href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
CVE-2019-6340 CVE-2019-6340
</Button>). </Button>).
</li> </li>
@ -360,7 +360,7 @@ class ReportPageComponent extends AuthComponent {
: :
<div> <div>
During this simulated attack the Monkey uncovered <span During this simulated attack the Monkey uncovered <span
className="badge badge-success">0 threats</span>. className='badge badge-success'>0 threats</span>.
</div> </div>
} }
</div> </div>
@ -421,10 +421,10 @@ class ReportPageComponent extends AuthComponent {
if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) { if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) {
zerologonOverview.push(<span> zerologonOverview.push(<span>
<WarningIcon/> Automatic password restoration on a domain controller failed! <WarningIcon/> Automatic password restoration on a domain controller failed!
<Button variant={"link"} <Button variant={'link'}
href={"https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"} href={'https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/'}
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
Restore your domain controller's password manually. Restore your domain controller's password manually.
</Button> </Button>
</span>) </span>)
@ -432,10 +432,10 @@ class ReportPageComponent extends AuthComponent {
if (this.state.report.overview.issues[this.Issue.ZEROLOGON]) { if (this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
zerologonOverview.push(<> zerologonOverview.push(<>
Some domain controllers are vulnerable to Zerologon exploiter( Some domain controllers are vulnerable to Zerologon exploiter(
<Button variant={"link"} <Button variant={'link'}
href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472" href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
CVE-2020-1472 CVE-2020-1472
</Button>)! </Button>)!
</>) </>)
@ -447,7 +447,7 @@ class ReportPageComponent extends AuthComponent {
generateReportRecommendationsSection() { generateReportRecommendationsSection() {
return ( return (
<div id="recommendations"> <div id='recommendations'>
{/* Checks if there are any domain issues. If there are more then one: render the title. Otherwise, {/* Checks if there are any domain issues. If there are more then one: render the title. Otherwise,
* don't render it (since the issues themselves will be empty. */} * don't render it (since the issues themselves will be empty. */}
{Object.keys(this.state.report.recommendations.domain_issues).length !== 0 ? {Object.keys(this.state.report.recommendations.domain_issues).length !== 0 ?
@ -470,36 +470,36 @@ class ReportPageComponent extends AuthComponent {
let exploitPercentage = let exploitPercentage =
(100 * this.state.report.glance.exploited.length) / this.state.report.glance.scanned.length; (100 * this.state.report.glance.exploited.length) / this.state.report.glance.scanned.length;
return ( return (
<div id="glance"> <div id='glance'>
<h3> <h3>
The Network from the Monkey's Eyes The Network from the Monkey's Eyes
</h3> </h3>
<div> <div>
<p> <p>
The Monkey discovered <span The Monkey discovered <span
className="badge badge-warning">{this.state.report.glance.scanned.length}</span> machines and className='badge badge-warning'>{this.state.report.glance.scanned.length}</span> machines and
successfully breached <span successfully breached <span
className="badge badge-danger">{this.state.report.glance.exploited.length}</span> of them. className='badge badge-danger'>{this.state.report.glance.exploited.length}</span> of them.
</p> </p>
<div className="text-center" style={{margin: '10px'}}> <div className='text-center' style={{margin: '10px'}}>
<Line style={{width: '300px', marginRight: '5px'}} percent={exploitPercentage} strokeWidth="4" <Line style={{width: '300px', marginRight: '5px'}} percent={exploitPercentage} strokeWidth='4'
trailWidth="4" trailWidth='4'
strokeColor="#d9534f" trailColor="#f0ad4e"/> strokeColor='#d9534f' trailColor='#f0ad4e'/>
<b>{Math.round(exploitPercentage)}% of scanned machines exploited</b> <b>{Math.round(exploitPercentage)}% of scanned machines exploited</b>
</div> </div>
</div> </div>
<p> <p>
From the attacker's point of view, the network looks like this: From the attacker's point of view, the network looks like this:
</p> </p>
<div className="map-legend"> <div className='map-legend'>
<b>Legend: </b> <b>Legend: </b>
<span>Exploit <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#cc0200'}}/></span> <span>Exploit <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#cc0200'}}/></span>
<b style={{color: '#aeaeae'}}> | </b> <b style={{color: '#aeaeae'}}> | </b>
<span>Scan <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#ff9900'}}/></span> <span>Scan <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#ff9900'}}/></span>
<b style={{color: '#aeaeae'}}> | </b> <b style={{color: '#aeaeae'}}> | </b>
<span>Tunnel <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#0158aa'}}/></span> <span>Tunnel <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#0158aa'}}/></span>
<b style={{color: '#aeaeae'}}> | </b> <b style={{color: '#aeaeae'}}> | </b>
<span>Island Communication <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#a9aaa9'}}/></span> <span>Island Communication <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#a9aaa9'}}/></span>
</div> </div>
<div style={{position: 'relative', height: '80vh'}}> <div style={{position: 'relative', height: '80vh'}}>
<ReactiveGraph graph={this.state.graph} options={getOptions(this.state.nodeStateList)}/> <ReactiveGraph graph={this.state.graph} options={getOptions(this.state.nodeStateList)}/>
@ -529,17 +529,17 @@ class ReportPageComponent extends AuthComponent {
generateReportFooter() { generateReportFooter() {
return ( return (
<div id="footer" className="text-center" style={{marginTop: '20px'}}> <div id='footer' className='text-center' style={{marginTop: '20px'}}>
For questions, suggestions or any other feedback For questions, suggestions or any other feedback
contact: <a href="mailto://labs@guardicore.com" className="no-print">labs@guardicore.com</a> contact: <a href='mailto://labs@guardicore.com' className='no-print'>labs@guardicore.com</a>
<div className="force-print" style={{display: 'none'}}>labs@guardicore.com</div> <div className='force-print' style={{display: 'none'}}>labs@guardicore.com</div>
<img src={guardicoreLogoImage} alt="GuardiCore" className="center-block" style={{height: '50px'}}/> <img src={guardicoreLogoImage} alt='GuardiCore' className='center-block' style={{height: '50px'}}/>
</div> </div>
); );
} }
generateInfoBadges(data_array) { generateInfoBadges(data_array) {
return data_array.map(badge_data => <span key={badge_data} className="badge badge-info" return data_array.map(badge_data => <span key={badge_data} className='badge badge-info'
style={{margin: '2px'}}>{badge_data}</span>); style={{margin: '2px'}}>{badge_data}</span>);
} }
@ -605,21 +605,21 @@ class ReportPageComponent extends AuthComponent {
} }
generateShellshockPathListBadges(paths) { generateShellshockPathListBadges(paths) {
return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>); return paths.map(path => <span className='badge badge-warning' style={{margin: '2px'}} key={path}>{path}</span>);
} }
generateSmbPasswordIssue(issue) { generateSmbPasswordIssue(issue) {
return ( return (
<> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SMB</span> attack. className='badge badge-danger'>SMB</span> attack.
<br/> <br/>
The Monkey authenticated over the SMB protocol with user <span The Monkey authenticated over the SMB protocol with user <span
className="badge badge-success">{issue.username}</span> and its password. className='badge badge-success'>{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -628,15 +628,15 @@ class ReportPageComponent extends AuthComponent {
generateSmbPthIssue(issue) { generateSmbPthIssue(issue) {
return ( return (
<> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SMB</span> attack. className='badge badge-danger'>SMB</span> attack.
<br/> <br/>
The Monkey used a pass-the-hash attack over SMB protocol with user <span The Monkey used a pass-the-hash attack over SMB protocol with user <span
className="badge badge-success">{issue.username}</span>. className='badge badge-success'>{issue.username}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -645,15 +645,15 @@ class ReportPageComponent extends AuthComponent {
generateWmiPasswordIssue(issue) { generateWmiPasswordIssue(issue) {
return ( return (
<> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">WMI</span> attack. className='badge badge-danger'>WMI</span> attack.
<br/> <br/>
The Monkey authenticated over the WMI protocol with user <span The Monkey authenticated over the WMI protocol with user <span
className="badge badge-success">{issue.username}</span> and its password. className='badge badge-success'>{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -662,15 +662,15 @@ class ReportPageComponent extends AuthComponent {
generateWmiPthIssue(issue) { generateWmiPthIssue(issue) {
return ( return (
<> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">WMI</span> attack. className='badge badge-danger'>WMI</span> attack.
<br/> <br/>
The Monkey used a pass-the-hash attack over WMI protocol with user <span The Monkey used a pass-the-hash attack over WMI protocol with user <span
className="badge badge-success">{issue.username}</span>. className='badge badge-success'>{issue.username}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -679,15 +679,15 @@ class ReportPageComponent extends AuthComponent {
generateSshIssue(issue) { generateSshIssue(issue) {
return ( return (
<> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SSH</span> attack. className='badge badge-danger'>SSH</span> attack.
<br/> <br/>
The Monkey authenticated over the SSH protocol with user <span The Monkey authenticated over the SSH protocol with user <span
className="badge badge-success">{issue.username}</span> and its password. className='badge badge-success'>{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -696,14 +696,14 @@ class ReportPageComponent extends AuthComponent {
generateSshKeysIssue(issue) { generateSshKeysIssue(issue) {
return ( return (
<> <>
Protect <span className="badge badge-success">{issue.ssh_key}</span> private key with a pass phrase. Protect <span className='badge badge-success'>{issue.ssh_key}</span> private key with a pass phrase.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SSH</span> attack. className='badge badge-danger'>SSH</span> attack.
<br/> <br/>
The Monkey authenticated over the SSH protocol with private key <span The Monkey authenticated over the SSH protocol with private key <span
className="badge badge-success">{issue.ssh_key}</span>. className='badge badge-success'>{issue.ssh_key}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -713,17 +713,17 @@ class ReportPageComponent extends AuthComponent {
generateSambaCryIssue(issue) { generateSambaCryIssue(issue) {
return ( return (
<> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<br/> <br/>
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up. Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SambaCry</span> attack. className='badge badge-danger'>SambaCry</span> attack.
<br/> <br/>
The Monkey authenticated over the SMB protocol with user <span The Monkey authenticated over the SMB protocol with user <span
className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry className='badge badge-success'>{issue.username}</span> and its password, and used the SambaCry
vulnerability. vulnerability.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
@ -735,10 +735,10 @@ class ReportPageComponent extends AuthComponent {
<> <>
Update your VSFTPD server to the latest version vsftpd-3.0.3. Update your VSFTPD server to the latest version vsftpd-3.0.3.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) has a backdoor running at className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) has a backdoor running at
port <span port <span
className="badge badge-danger">6200</span>. className='badge badge-danger'>6200</span>.
<br/> <br/>
The attack was made possible because the VSFTPD server was not patched against CVE-2011-2523. The attack was made possible because the VSFTPD server was not patched against CVE-2011-2523.
<br/><br/>In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been <br/><br/>In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been
@ -751,7 +751,7 @@ class ReportPageComponent extends AuthComponent {
backdoor backdoor
at port 6200. at port 6200.
<br/><br/>Read more about the security issue and remediation <a <br/><br/>Read more about the security issue and remediation <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523" href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523'
>here</a>. >here</a>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
@ -763,9 +763,9 @@ class ReportPageComponent extends AuthComponent {
<> <>
Update your Elastic Search server to version 1.4.3 and up. Update your Elastic Search server to version 1.4.3 and up.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
className="badge badge-danger">Elastic Groovy</span> attack. className='badge badge-danger'>Elastic Groovy</span> attack.
<br/> <br/>
The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427. The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.
</CollapsibleWellComponent> </CollapsibleWellComponent>
@ -778,12 +778,12 @@ class ReportPageComponent extends AuthComponent {
<> <>
Update your Bash to a ShellShock-patched version. Update your Bash to a ShellShock-patched version.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">ShellShock</span> attack. className='badge badge-danger'>ShellShock</span> attack.
<br/> <br/>
The attack was made possible because the HTTP server running on TCP port <span The attack was made possible because the HTTP server running on TCP port <span
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the className='badge badge-info'>{issue.port}</span> was vulnerable to a shell injection attack on the
paths: {this.generateShellshockPathListBadges(issue.paths)}. paths: {this.generateShellshockPathListBadges(issue.paths)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
@ -796,9 +796,9 @@ class ReportPageComponent extends AuthComponent {
Delete VM Access plugin configuration files. Delete VM Access plugin configuration files.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Credentials could be stolen from <span Credentials could be stolen from <span
className="badge badge-primary">{issue.machine}</span> for the following users <span className='badge badge-primary'>{issue.machine}</span> for the following users <span
className="badge badge-primary">{issue.users}</span>. Read more about the security issue and remediation <a className='badge badge-primary'>{issue.users}</span>. Read more about the security issue and remediation <a
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/" href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/'
>here</a>. >here</a>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
@ -810,9 +810,9 @@ class ReportPageComponent extends AuthComponent {
<> <>
Install the latest Windows updates or upgrade to a newer operating system. Install the latest Windows updates or upgrade to a newer operating system.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">Conficker</span> attack. className='badge badge-danger'>Conficker</span> attack.
<br/> <br/>
The attack was made possible because the target machine used an outdated and unpatched operating system The attack was made possible because the target machine used an outdated and unpatched operating system
vulnerable to Conficker. vulnerable to Conficker.
@ -827,7 +827,7 @@ class ReportPageComponent extends AuthComponent {
Segment your network and make sure there is no communication between machines from different segments. Segment your network and make sure there is no communication between machines from different segments.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The network can probably be segmented. A monkey instance on <span The network can probably be segmented. A monkey instance on <span
className="badge badge-primary">{issue.machine}</span> in the className='badge badge-primary'>{issue.machine}</span> in the
networks {this.generateInfoBadges(issue.networks)} networks {this.generateInfoBadges(issue.networks)}
could directly access the Monkey Island server in the could directly access the Monkey Island server in the
networks {this.generateInfoBadges(issue.server_networks)}. networks {this.generateInfoBadges(issue.server_networks)}.
@ -868,7 +868,7 @@ class ReportPageComponent extends AuthComponent {
admin sharing. admin sharing.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Here is a list of machines which the account <span Here is a list of machines which the account <span
className="badge badge-primary">{issue.username}</span> is defined as an administrator: className='badge badge-primary'>{issue.username}</span> is defined as an administrator:
{this.generateInfoBadges(issue.shared_machines)} {this.generateInfoBadges(issue.shared_machines)}
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
@ -895,8 +895,8 @@ class ReportPageComponent extends AuthComponent {
Use micro-segmentation policies to disable communication other than the required. Use micro-segmentation policies to disable communication other than the required.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Machines are not locked down at port level. Network tunnel was set up from <span Machines are not locked down at port level. Network tunnel was set up from <span
className="badge badge-primary">{issue.machine}</span> to <span className='badge badge-primary'>{issue.machine}</span> to <span
className="badge badge-primary">{issue.dest}</span>. className='badge badge-primary'>{issue.dest}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -907,13 +907,13 @@ class ReportPageComponent extends AuthComponent {
<> <>
Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions. Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span Struts2 server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="badge badge-danger">remote code execution</span> attack. className='badge badge-danger'>remote code execution</span> attack.
<br/> <br/>
The attack was made possible because the server is using an old version of Jakarta based file upload The attack was made possible because the server is using an old version of Jakarta based file upload
Multipart parser. For possible work-arounds and more info read <a Multipart parser. For possible work-arounds and more info read <a
href="https://cwiki.apache.org/confluence/display/WW/S2-045" href='https://cwiki.apache.org/confluence/display/WW/S2-045'
>here</a>. >here</a>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
@ -925,13 +925,13 @@ class ReportPageComponent extends AuthComponent {
<> <>
Upgrade Drupal server to versions 8.5.11, 8.6.10, or later. Upgrade Drupal server to versions 8.5.11, 8.6.10, or later.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Drupal server at <span className="badge badge-primary">{issue.machine}</span> (<span Drupal server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="badge badge-danger">remote command execution</span> attack. className='badge badge-danger'>remote command execution</span> attack.
<br/> <br/>
The attack was made possible because the server is using an old version of Drupal, for which REST API is The attack was made possible because the server is using an old version of Drupal, for which REST API is
enabled. For possible workarounds, fixes and more info read enabled. For possible workarounds, fixes and more info read
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">here</a>. <a href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340'>here</a>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -942,9 +942,9 @@ class ReportPageComponent extends AuthComponent {
<> <>
Update Oracle WebLogic server to the latest supported version. Update Oracle WebLogic server to the latest supported version.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span Oracle WebLogic server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
className="badge badge-danger">remote code execution</span> attacks. className='badge badge-danger'>remote code execution</span> attacks.
<br/> <br/>
The attack was made possible due to one of the following vulnerabilities: The attack was made possible due to one of the following vulnerabilities:
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or <a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or
@ -958,12 +958,12 @@ class ReportPageComponent extends AuthComponent {
return ( return (
<> <>
Run Hadoop in secure mode (<a Run Hadoop in secure mode (<a
href="http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html"> href='http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html'>
add Kerberos authentication</a>). add Kerberos authentication</a>).
<CollapsibleWellComponent> <CollapsibleWellComponent>
The Hadoop server at <span className="badge badge-primary">{issue.machine}</span> (<span The Hadoop server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="badge badge-danger">remote code execution</span> attack. className='badge badge-danger'>remote code execution</span> attack.
<br/> <br/>
The attack was made possible due to default Hadoop/Yarn configuration being insecure. The attack was made possible due to default Hadoop/Yarn configuration being insecure.
</CollapsibleWellComponent> </CollapsibleWellComponent>
@ -976,17 +976,17 @@ class ReportPageComponent extends AuthComponent {
<> <>
Disable the xp_cmdshell option. Disable the xp_cmdshell option.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">MSSQL exploit attack</span>. className='badge badge-danger'>MSSQL exploit attack</span>.
<br/> <br/>
The attack was made possible because the target machine used an outdated MSSQL server configuration allowing The attack was made possible because the target machine used an outdated MSSQL server configuration allowing
the usage of the xp_cmdshell command. To learn more about how to disable this feature, read the usage of the xp_cmdshell command. To learn more about how to disable this feature, read
<Button <Button
variant={"link"} variant={'link'}
href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017" href='https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
Microsoft's documentation. Microsoft's documentation.
</Button> </Button>
</CollapsibleWellComponent> </CollapsibleWellComponent>
@ -999,18 +999,18 @@ class ReportPageComponent extends AuthComponent {
<> <>
Install Windows security updates. Install Windows security updates.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">Zerologon exploit</span>. className='badge badge-danger'>Zerologon exploit</span>.
<br/> <br/>
The attack was possible because the latest security updates from Microsoft The attack was possible because the latest security updates from Microsoft
have not been applied to this machine. For more information about this have not been applied to this machine. For more information about this
vulnerability, read vulnerability, read
<Button <Button
variant={"link"} variant={'link'}
href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472" href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
Microsoft's documentation. Microsoft's documentation.
</Button> </Button>
{!issue.password_restored ? {!issue.password_restored ?
@ -1020,10 +1020,10 @@ class ReportPageComponent extends AuthComponent {
The domain controller's password was changed during the exploit and could not be restored successfully. The domain controller's password was changed during the exploit and could not be restored successfully.
Instructions on how to manually reset the domain controller's password can be found Instructions on how to manually reset the domain controller's password can be found
<Button <Button
variant={"link"} variant={'link'}
href="https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/" href='https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/'
target={"_blank"} target={'_blank'}
className={"security-report-link"}> className={'security-report-link'}>
here here
</Button>. </Button>.
</span> </span>
@ -1036,76 +1036,76 @@ class ReportPageComponent extends AuthComponent {
generateIssue = (issue) => { generateIssue = (issue) => {
let issueData; let issueData;
switch (issue.type) { switch (issue.type) {
case "vsftp": case 'vsftp':
issueData = this.generateVsftpdBackdoorIssue(issue); issueData = this.generateVsftpdBackdoorIssue(issue);
break; break;
case "smb_password": case 'smb_password':
issueData = this.generateSmbPasswordIssue(issue); issueData = this.generateSmbPasswordIssue(issue);
break; break;
case "smb_pth": case 'smb_pth':
issueData = this.generateSmbPthIssue(issue); issueData = this.generateSmbPthIssue(issue);
break; break;
case "wmi_password": case 'wmi_password':
issueData = this.generateWmiPasswordIssue(issue); issueData = this.generateWmiPasswordIssue(issue);
break; break;
case "wmi_pth": case 'wmi_pth':
issueData = this.generateWmiPthIssue(issue); issueData = this.generateWmiPthIssue(issue);
break; break;
case "ssh": case 'ssh':
issueData = this.generateSshIssue(issue); issueData = this.generateSshIssue(issue);
break; break;
case "ssh_key": case 'ssh_key':
issueData = this.generateSshKeysIssue(issue); issueData = this.generateSshKeysIssue(issue);
break; break;
case "sambacry": case 'sambacry':
issueData = this.generateSambaCryIssue(issue); issueData = this.generateSambaCryIssue(issue);
break; break;
case "elastic": case 'elastic':
issueData = this.generateElasticIssue(issue); issueData = this.generateElasticIssue(issue);
break; break;
case "shellshock": case 'shellshock':
issueData = this.generateShellshockIssue(issue); issueData = this.generateShellshockIssue(issue);
break; break;
case "conficker": case 'conficker':
issueData = this.generateConfickerIssue(issue); issueData = this.generateConfickerIssue(issue);
break; break;
case "island_cross_segment": case 'island_cross_segment':
issueData = this.generateIslandCrossSegmentIssue(issue); issueData = this.generateIslandCrossSegmentIssue(issue);
break; break;
case "shared_passwords": case 'shared_passwords':
issueData = this.generateSharedCredsIssue(issue); issueData = this.generateSharedCredsIssue(issue);
break; break;
case "shared_passwords_domain": case 'shared_passwords_domain':
issueData = this.generateSharedCredsDomainIssue(issue); issueData = this.generateSharedCredsDomainIssue(issue);
break; break;
case "shared_admins_domain": case 'shared_admins_domain':
issueData = this.generateSharedLocalAdminsIssue(issue); issueData = this.generateSharedLocalAdminsIssue(issue);
break; break;
case "strong_users_on_crit": case 'strong_users_on_crit':
issueData = this.generateStrongUsersOnCritIssue(issue); issueData = this.generateStrongUsersOnCritIssue(issue);
break; break;
case "tunnel": case 'tunnel':
issueData = this.generateTunnelIssue(issue); issueData = this.generateTunnelIssue(issue);
break; break;
case "azure_password": case 'azure_password':
issueData = this.generateAzureIssue(issue); issueData = this.generateAzureIssue(issue);
break; break;
case "struts2": case 'struts2':
issueData = this.generateStruts2Issue(issue); issueData = this.generateStruts2Issue(issue);
break; break;
case "weblogic": case 'weblogic':
issueData = this.generateWebLogicIssue(issue); issueData = this.generateWebLogicIssue(issue);
break; break;
case "hadoop": case 'hadoop':
issueData = this.generateHadoopIssue(issue); issueData = this.generateHadoopIssue(issue);
break; break;
case "mssql": case 'mssql':
issueData = this.generateMSSQLIssue(issue); issueData = this.generateMSSQLIssue(issue);
break; break;
case "drupal": case 'drupal':
issueData = this.generateDrupalIssue(issue); issueData = this.generateDrupalIssue(issue);
break; break;
case "zerologon": case 'zerologon':
issueData = this.generateZerologonIssue(issue); issueData = this.generateZerologonIssue(issue);
break; break;
} }