p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Replace double quotes with single quotes in SecurityReport.js

This commit is contained in:
VakarisZ 2021-03-01 17:16:50 +02:00 committed by Mike Salvatore
parent 9171ed8190
commit 9e3fe03ce1
1 changed files with 180 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

360
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -110,7 +110,7 @@ class ReportPageComponent extends AuthComponent {
print();
}}/>
</div>
<div className="report-page">
<div className='report-page'>
<ReportHeader report_type={ReportTypes.security}/>
<hr/>
{content}
@ -142,7 +142,7 @@ class ReportPageComponent extends AuthComponent {
generateReportOverviewSection() {
return (
<div id="overview">
<div id='overview'>
<h2>
Overview
</h2>
@ -151,7 +151,7 @@ class ReportPageComponent extends AuthComponent {
this.state.report.glance.exploited.length > 0 ?
''
:
<p className="alert alert-info">
<p className='alert alert-info'>
<FontAwesomeIcon icon={faExclamationTriangle} style={{'marginRight': '5px'}}/>
To improve the monkey's detection rates, try adding users and passwords and enable the "Local
network
@ -160,8 +160,8 @@ class ReportPageComponent extends AuthComponent {
}
<p>
The first monkey run was started on <span
className="badge badge-info">{this.state.report.overview.monkey_start_time}</span>. After <span
className="badge badge-info">{this.state.report.overview.monkey_duration}</span>, all monkeys finished
className='badge badge-info'>{this.state.report.overview.monkey_start_time}</span>. After <span
className='badge badge-info'>{this.state.report.overview.monkey_duration}</span>, all monkeys finished
propagation attempts.
</p>
<p>
@ -238,7 +238,7 @@ class ReportPageComponent extends AuthComponent {
generateReportFindingsSection() {
return (
<div id="findings">
<div id='findings'>
<h3>
Security Findings
</h3>
@ -252,7 +252,7 @@ class ReportPageComponent extends AuthComponent {
}).length > 0 ?
<div>
During this simulated attack the Monkey uncovered <span
className="badge badge-warning">
className='badge badge-warning'>
{this.state.report.overview.issues.filter(function (x) {
return x === true;
}).length} threats</span>:
@ -264,50 +264,50 @@ class ReportPageComponent extends AuthComponent {
{this.state.report.overview.issues[this.Issue.ELASTIC] &&
<li>Elasticsearch servers are vulnerable to
<Button
variant={"link"}
href="https://www.cvedetails.com/cve/cve-2015-1427"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://www.cvedetails.com/cve/cve-2015-1427'
target={'_blank'}
className={'security-report-link'}>
CVE-2015-1427
</Button>.
</li>}
{this.state.report.overview.issues[this.Issue.VSFTPD] &&
<li>VSFTPD is vulnerable to
<Button
variant={"link"}
href="https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor'
target={'_blank'}
className={'security-report-link'}>
CVE-2011-2523
</Button>.
</li>}
{this.state.report.overview.issues[this.Issue.SAMBACRY] &&
<li>Samba servers are vulnerable to SambaCry (
<Button
variant={"link"}
href="https://www.samba.org/samba/security/CVE-2017-7494.html"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://www.samba.org/samba/security/CVE-2017-7494.html'
target={'_blank'}
className={'security-report-link'}>
CVE-2017-7494
</Button>).
</li>}
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] &&
<li>Machines are vulnerable to Shellshock (
<Button
variant={"link"}
href="https://www.cvedetails.com/cve/CVE-2014-6271"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://www.cvedetails.com/cve/CVE-2014-6271'
target={'_blank'}
className={'security-report-link'}>
CVE-2014-6271
</Button>).
</li>}
{this.state.report.overview.issues[this.Issue.CONFICKER] &&
<li>Machines are vulnerable to Conficker (
<Button
variant={"link"}
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067'
target={'_blank'}
className={'security-report-link'}>
MS08-067
</Button>).
</li>}
@ -317,20 +317,20 @@ class ReportPageComponent extends AuthComponent {
{this.state.report.overview.issues[this.Issue.AZURE] &&
<li>Azure machines expose plaintext passwords. (
<Button
variant={"link"}
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/'
target={'_blank'}
className={'security-report-link'}>
More info
</Button>)
</li>}
{this.state.report.overview.issues[this.Issue.STRUTS2] &&
<li>Struts2 servers are vulnerable to remote code execution. (
<Button
variant={"link"}
href="https://cwiki.apache.org/confluence/display/WW/S2-045"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://cwiki.apache.org/confluence/display/WW/S2-045'
target={'_blank'}
className={'security-report-link'}>
CVE-2017-5638
</Button>)
</li>}
@ -346,10 +346,10 @@ class ReportPageComponent extends AuthComponent {
{this.state.report.overview.issues[this.Issue.DRUPAL] &&
<li>Drupal servers are susceptible to a remote code execution vulnerability
(<Button
variant={"link"}
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340'
target={'_blank'}
className={'security-report-link'}>
CVE-2019-6340
</Button>).
</li>
@ -360,7 +360,7 @@ class ReportPageComponent extends AuthComponent {
:
<div>
During this simulated attack the Monkey uncovered <span
className="badge badge-success">0 threats</span>.
className='badge badge-success'>0 threats</span>.
</div>
}
</div>
@ -421,10 +421,10 @@ class ReportPageComponent extends AuthComponent {
if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) {
zerologonOverview.push(<span>
<WarningIcon/> Automatic password restoration on a domain controller failed!
<Button variant={"link"}
href={"https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"}
target={"_blank"}
className={"security-report-link"}>
<Button variant={'link'}
href={'https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/'}
target={'_blank'}
className={'security-report-link'}>
Restore your domain controller's password manually.
</Button>
</span>)
@ -432,10 +432,10 @@ class ReportPageComponent extends AuthComponent {
if (this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
zerologonOverview.push(<>
Some domain controllers are vulnerable to Zerologon exploiter(
<Button variant={"link"}
href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"
target={"_blank"}
className={"security-report-link"}>
<Button variant={'link'}
href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
target={'_blank'}
className={'security-report-link'}>
CVE-2020-1472
</Button>)!
</>)
@ -447,7 +447,7 @@ class ReportPageComponent extends AuthComponent {
generateReportRecommendationsSection() {
return (
<div id="recommendations">
<div id='recommendations'>
{/* Checks if there are any domain issues. If there are more then one: render the title. Otherwise,
* don't render it (since the issues themselves will be empty. */}
{Object.keys(this.state.report.recommendations.domain_issues).length !== 0 ?
@ -470,36 +470,36 @@ class ReportPageComponent extends AuthComponent {
let exploitPercentage =
(100 * this.state.report.glance.exploited.length) / this.state.report.glance.scanned.length;
return (
<div id="glance">
<div id='glance'>
<h3>
The Network from the Monkey's Eyes
</h3>
<div>
<p>
The Monkey discovered <span
className="badge badge-warning">{this.state.report.glance.scanned.length}</span> machines and
className='badge badge-warning'>{this.state.report.glance.scanned.length}</span> machines and
successfully breached <span
className="badge badge-danger">{this.state.report.glance.exploited.length}</span> of them.
className='badge badge-danger'>{this.state.report.glance.exploited.length}</span> of them.
</p>
<div className="text-center" style={{margin: '10px'}}>
<Line style={{width: '300px', marginRight: '5px'}} percent={exploitPercentage} strokeWidth="4"
trailWidth="4"
strokeColor="#d9534f" trailColor="#f0ad4e"/>
<div className='text-center' style={{margin: '10px'}}>
<Line style={{width: '300px', marginRight: '5px'}} percent={exploitPercentage} strokeWidth='4'
trailWidth='4'
strokeColor='#d9534f' trailColor='#f0ad4e'/>
<b>{Math.round(exploitPercentage)}% of scanned machines exploited</b>
</div>
</div>
<p>
From the attacker's point of view, the network looks like this:
</p>
<div className="map-legend">
<div className='map-legend'>
<b>Legend: </b>
<span>Exploit <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#cc0200'}}/></span>
<span>Exploit <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#cc0200'}}/></span>
<b style={{color: '#aeaeae'}}> | </b>
<span>Scan <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#ff9900'}}/></span>
<span>Scan <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#ff9900'}}/></span>
<b style={{color: '#aeaeae'}}> | </b>
<span>Tunnel <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#0158aa'}}/></span>
<span>Tunnel <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#0158aa'}}/></span>
<b style={{color: '#aeaeae'}}> | </b>
<span>Island Communication <FontAwesomeIcon icon={faMinus} size="lg" style={{color: '#a9aaa9'}}/></span>
<span>Island Communication <FontAwesomeIcon icon={faMinus} size='lg' style={{color: '#a9aaa9'}}/></span>
</div>
<div style={{position: 'relative', height: '80vh'}}>
<ReactiveGraph graph={this.state.graph} options={getOptions(this.state.nodeStateList)}/>
@ -529,17 +529,17 @@ class ReportPageComponent extends AuthComponent {
generateReportFooter() {
return (
<div id="footer" className="text-center" style={{marginTop: '20px'}}>
<div id='footer' className='text-center' style={{marginTop: '20px'}}>
For questions, suggestions or any other feedback
contact: <a href="mailto://labs@guardicore.com" className="no-print">labs@guardicore.com</a>
<div className="force-print" style={{display: 'none'}}>labs@guardicore.com</div>
<img src={guardicoreLogoImage} alt="GuardiCore" className="center-block" style={{height: '50px'}}/>
contact: <a href='mailto://labs@guardicore.com' className='no-print'>labs@guardicore.com</a>
<div className='force-print' style={{display: 'none'}}>labs@guardicore.com</div>
<img src={guardicoreLogoImage} alt='GuardiCore' className='center-block' style={{height: '50px'}}/>
</div>
);
}
generateInfoBadges(data_array) {
return data_array.map(badge_data => <span key={badge_data} className="badge badge-info"
return data_array.map(badge_data => <span key={badge_data} className='badge badge-info'
style={{margin: '2px'}}>{badge_data}</span>);
}
@ -605,21 +605,21 @@ class ReportPageComponent extends AuthComponent {
}
generateShellshockPathListBadges(paths) {
return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>);
return paths.map(path => <span className='badge badge-warning' style={{margin: '2px'}} key={path}>{path}</span>);
}
generateSmbPasswordIssue(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SMB</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>SMB</span> attack.
<br/>
The Monkey authenticated over the SMB protocol with user <span
className="badge badge-success">{issue.username}</span> and its password.
className='badge badge-success'>{issue.username}</span> and its password.
</CollapsibleWellComponent>
</>
);
@ -628,15 +628,15 @@ class ReportPageComponent extends AuthComponent {
generateSmbPthIssue(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SMB</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>SMB</span> attack.
<br/>
The Monkey used a pass-the-hash attack over SMB protocol with user <span
className="badge badge-success">{issue.username}</span>.
className='badge badge-success'>{issue.username}</span>.
</CollapsibleWellComponent>
</>
);
@ -645,15 +645,15 @@ class ReportPageComponent extends AuthComponent {
generateWmiPasswordIssue(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">WMI</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>WMI</span> attack.
<br/>
The Monkey authenticated over the WMI protocol with user <span
className="badge badge-success">{issue.username}</span> and its password.
className='badge badge-success'>{issue.username}</span> and its password.
</CollapsibleWellComponent>
</>
);
@ -662,15 +662,15 @@ class ReportPageComponent extends AuthComponent {
generateWmiPthIssue(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">WMI</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>WMI</span> attack.
<br/>
The Monkey used a pass-the-hash attack over WMI protocol with user <span
className="badge badge-success">{issue.username}</span>.
className='badge badge-success'>{issue.username}</span>.
</CollapsibleWellComponent>
</>
);
@ -679,15 +679,15 @@ class ReportPageComponent extends AuthComponent {
generateSshIssue(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SSH</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>SSH</span> attack.
<br/>
The Monkey authenticated over the SSH protocol with user <span
className="badge badge-success">{issue.username}</span> and its password.
className='badge badge-success'>{issue.username}</span> and its password.
</CollapsibleWellComponent>
</>
);
@ -696,14 +696,14 @@ class ReportPageComponent extends AuthComponent {
generateSshKeysIssue(issue) {
return (
<>
Protect <span className="badge badge-success">{issue.ssh_key}</span> private key with a pass phrase.
Protect <span className='badge badge-success'>{issue.ssh_key}</span> private key with a pass phrase.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SSH</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>SSH</span> attack.
<br/>
The Monkey authenticated over the SSH protocol with private key <span
className="badge badge-success">{issue.ssh_key}</span>.
className='badge badge-success'>{issue.ssh_key}</span>.
</CollapsibleWellComponent>
</>
);
@ -713,17 +713,17 @@ class ReportPageComponent extends AuthComponent {
generateSambaCryIssue(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
Change <span className='badge badge-success'>{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network.
<br/>
Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">SambaCry</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>SambaCry</span> attack.
<br/>
The Monkey authenticated over the SMB protocol with user <span
className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry
className='badge badge-success'>{issue.username}</span> and its password, and used the SambaCry
vulnerability.
</CollapsibleWellComponent>
</>
@ -735,10 +735,10 @@ class ReportPageComponent extends AuthComponent {
<>
Update your VSFTPD server to the latest version vsftpd-3.0.3.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) has a backdoor running at
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) has a backdoor running at
port <span
className="badge badge-danger">6200</span>.
className='badge badge-danger'>6200</span>.
<br/>
The attack was made possible because the VSFTPD server was not patched against CVE-2011-2523.
<br/><br/>In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been
@ -751,7 +751,7 @@ class ReportPageComponent extends AuthComponent {
backdoor
at port 6200.
<br/><br/>Read more about the security issue and remediation <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523"
href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523'
>here</a>.
</CollapsibleWellComponent>
</>
@ -763,9 +763,9 @@ class ReportPageComponent extends AuthComponent {
<>
Update your Elastic Search server to version 1.4.3 and up.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
className="badge badge-danger">Elastic Groovy</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
className='badge badge-danger'>Elastic Groovy</span> attack.
<br/>
The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.
</CollapsibleWellComponent>
@ -778,12 +778,12 @@ class ReportPageComponent extends AuthComponent {
<>
Update your Bash to a ShellShock-patched version.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">ShellShock</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>ShellShock</span> attack.
<br/>
The attack was made possible because the HTTP server running on TCP port <span
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
className='badge badge-info'>{issue.port}</span> was vulnerable to a shell injection attack on the
paths: {this.generateShellshockPathListBadges(issue.paths)}.
</CollapsibleWellComponent>
</>
@ -796,9 +796,9 @@ class ReportPageComponent extends AuthComponent {
Delete VM Access plugin configuration files.
<CollapsibleWellComponent>
Credentials could be stolen from <span
className="badge badge-primary">{issue.machine}</span> for the following users <span
className="badge badge-primary">{issue.users}</span>. Read more about the security issue and remediation <a
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/"
className='badge badge-primary'>{issue.machine}</span> for the following users <span
className='badge badge-primary'>{issue.users}</span>. Read more about the security issue and remediation <a
href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/'
>here</a>.
</CollapsibleWellComponent>
</>
@ -810,9 +810,9 @@ class ReportPageComponent extends AuthComponent {
<>
Install the latest Windows updates or upgrade to a newer operating system.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">Conficker</span> attack.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>Conficker</span> attack.
<br/>
The attack was made possible because the target machine used an outdated and unpatched operating system
vulnerable to Conficker.
@ -827,7 +827,7 @@ class ReportPageComponent extends AuthComponent {
Segment your network and make sure there is no communication between machines from different segments.
<CollapsibleWellComponent>
The network can probably be segmented. A monkey instance on <span
className="badge badge-primary">{issue.machine}</span> in the
className='badge badge-primary'>{issue.machine}</span> in the
networks {this.generateInfoBadges(issue.networks)}
could directly access the Monkey Island server in the
networks {this.generateInfoBadges(issue.server_networks)}.
@ -868,7 +868,7 @@ class ReportPageComponent extends AuthComponent {
admin sharing.
<CollapsibleWellComponent>
Here is a list of machines which the account <span
className="badge badge-primary">{issue.username}</span> is defined as an administrator:
className='badge badge-primary'>{issue.username}</span> is defined as an administrator:
{this.generateInfoBadges(issue.shared_machines)}
</CollapsibleWellComponent>
</>
@ -895,8 +895,8 @@ class ReportPageComponent extends AuthComponent {
Use micro-segmentation policies to disable communication other than the required.
<CollapsibleWellComponent>
Machines are not locked down at port level. Network tunnel was set up from <span
className="badge badge-primary">{issue.machine}</span> to <span
className="badge badge-primary">{issue.dest}</span>.
className='badge badge-primary'>{issue.machine}</span> to <span
className='badge badge-primary'>{issue.dest}</span>.
</CollapsibleWellComponent>
</>
);
@ -907,13 +907,13 @@ class ReportPageComponent extends AuthComponent {
<>
Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.
<CollapsibleWellComponent>
Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="badge badge-danger">remote code execution</span> attack.
Struts2 server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className='badge badge-danger'>remote code execution</span> attack.
<br/>
The attack was made possible because the server is using an old version of Jakarta based file upload
Multipart parser. For possible work-arounds and more info read <a
href="https://cwiki.apache.org/confluence/display/WW/S2-045"
href='https://cwiki.apache.org/confluence/display/WW/S2-045'
>here</a>.
</CollapsibleWellComponent>
</>
@ -925,13 +925,13 @@ class ReportPageComponent extends AuthComponent {
<>
Upgrade Drupal server to versions 8.5.11, 8.6.10, or later.
<CollapsibleWellComponent>
Drupal server at <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="badge badge-danger">remote command execution</span> attack.
Drupal server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className='badge badge-danger'>remote command execution</span> attack.
<br/>
The attack was made possible because the server is using an old version of Drupal, for which REST API is
enabled. For possible workarounds, fixes and more info read
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">here</a>.
<a href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340'>here</a>.
</CollapsibleWellComponent>
</>
);
@ -942,9 +942,9 @@ class ReportPageComponent extends AuthComponent {
<>
Update Oracle WebLogic server to the latest supported version.
<CollapsibleWellComponent>
Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
className="badge badge-danger">remote code execution</span> attacks.
Oracle WebLogic server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
className='badge badge-danger'>remote code execution</span> attacks.
<br/>
The attack was made possible due to one of the following vulnerabilities:
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or
@ -958,12 +958,12 @@ class ReportPageComponent extends AuthComponent {
return (
<>
Run Hadoop in secure mode (<a
href="http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html">
href='http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html'>
add Kerberos authentication</a>).
<CollapsibleWellComponent>
The Hadoop server at <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="badge badge-danger">remote code execution</span> attack.
The Hadoop server at <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className='badge badge-danger'>remote code execution</span> attack.
<br/>
The attack was made possible due to default Hadoop/Yarn configuration being insecure.
</CollapsibleWellComponent>
@ -976,17 +976,17 @@ class ReportPageComponent extends AuthComponent {
<>
Disable the xp_cmdshell option.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">MSSQL exploit attack</span>.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>MSSQL exploit attack</span>.
<br/>
The attack was made possible because the target machine used an outdated MSSQL server configuration allowing
the usage of the xp_cmdshell command. To learn more about how to disable this feature, read
<Button
variant={"link"}
href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017'
target={'_blank'}
className={'security-report-link'}>
Microsoft's documentation.
</Button>
</CollapsibleWellComponent>
@ -999,18 +999,18 @@ class ReportPageComponent extends AuthComponent {
<>
Install Windows security updates.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className="badge badge-danger">Zerologon exploit</span>.
The machine <span className='badge badge-primary'>{issue.machine}</span> (<span
className='badge badge-info' style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
className='badge badge-danger'>Zerologon exploit</span>.
<br/>
The attack was possible because the latest security updates from Microsoft
have not been applied to this machine. For more information about this
vulnerability, read
<Button
variant={"link"}
href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
target={'_blank'}
className={'security-report-link'}>
Microsoft's documentation.
</Button>
{!issue.password_restored ?
@ -1020,10 +1020,10 @@ class ReportPageComponent extends AuthComponent {
The domain controller's password was changed during the exploit and could not be restored successfully.
Instructions on how to manually reset the domain controller's password can be found
<Button
variant={"link"}
href="https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
target={"_blank"}
className={"security-report-link"}>
variant={'link'}
href='https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/'
target={'_blank'}
className={'security-report-link'}>
here
</Button>.
</span>
@ -1036,76 +1036,76 @@ class ReportPageComponent extends AuthComponent {
generateIssue = (issue) => {
let issueData;
switch (issue.type) {
case "vsftp":
case 'vsftp':
issueData = this.generateVsftpdBackdoorIssue(issue);
break;
case "smb_password":
case 'smb_password':
issueData = this.generateSmbPasswordIssue(issue);
break;
case "smb_pth":
case 'smb_pth':
issueData = this.generateSmbPthIssue(issue);
break;
case "wmi_password":
case 'wmi_password':
issueData = this.generateWmiPasswordIssue(issue);
break;
case "wmi_pth":
case 'wmi_pth':
issueData = this.generateWmiPthIssue(issue);
break;
case "ssh":
case 'ssh':
issueData = this.generateSshIssue(issue);
break;
case "ssh_key":
case 'ssh_key':
issueData = this.generateSshKeysIssue(issue);
break;
case "sambacry":
case 'sambacry':
issueData = this.generateSambaCryIssue(issue);
break;
case "elastic":
case 'elastic':
issueData = this.generateElasticIssue(issue);
break;
case "shellshock":
case 'shellshock':
issueData = this.generateShellshockIssue(issue);
break;
case "conficker":
case 'conficker':
issueData = this.generateConfickerIssue(issue);
break;
case "island_cross_segment":
case 'island_cross_segment':
issueData = this.generateIslandCrossSegmentIssue(issue);
break;
case "shared_passwords":
case 'shared_passwords':
issueData = this.generateSharedCredsIssue(issue);
break;
case "shared_passwords_domain":
case 'shared_passwords_domain':
issueData = this.generateSharedCredsDomainIssue(issue);
break;
case "shared_admins_domain":
case 'shared_admins_domain':
issueData = this.generateSharedLocalAdminsIssue(issue);
break;
case "strong_users_on_crit":
case 'strong_users_on_crit':
issueData = this.generateStrongUsersOnCritIssue(issue);
break;
case "tunnel":
case 'tunnel':
issueData = this.generateTunnelIssue(issue);
break;
case "azure_password":
case 'azure_password':
issueData = this.generateAzureIssue(issue);
break;
case "struts2":
case 'struts2':
issueData = this.generateStruts2Issue(issue);
break;
case "weblogic":
case 'weblogic':
issueData = this.generateWebLogicIssue(issue);
break;
case "hadoop":
case 'hadoop':
issueData = this.generateHadoopIssue(issue);
break;
case "mssql":
case 'mssql':
issueData = this.generateMSSQLIssue(issue);
break;
case "drupal":
case 'drupal':
issueData = this.generateDrupalIssue(issue);
break;
case "zerologon":
case 'zerologon':
issueData = this.generateZerologonIssue(issue);
break;
}