p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Stolen Passwords section 

Add example of every security issue (both overview and recommendation sections)
Add 'Generating Report' waiting text
This commit is contained in:
Itay Mizeretz 2017-11-14 14:48:36 +02:00
parent c9e6d890e7
commit f2e6600d88
2 changed files with 222 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

266
monkey_island/cc/ui/src/components/pages/ReportPage.js
View File

@ -4,11 +4,18 @@ import BreachedServers from 'components/report-components/BreachedServers';
import ScannedServers from 'components/report-components/ScannedServers';
import {ReactiveGraph} from 'components/reactive-graph/ReactiveGraph';
import {options, edgeGroupToColor} from 'components/map/MapOptions';
import StolenPasswords from 'components/report-components/StolenPasswords';
class ReportPageComponent extends React.Component {
constructor(props) {
super(props);
this.stolen_passwords =
[
{username: 'admin', password: 'secretpassword', type: 'password', origin: 'Monkey-SMB'},
{username: 'user', password: 'my_password', type: 'password', origin: 'Monkey-SMB2'},
{username: 'dan', password: '066DDFD4EF0E9CD7C256FE77191EF43C', type: 'NTLM', origin: 'Monkey-RDP'},
{username: 'joe', password: 'FDA95FBECA288D44AAD3B435B51404EE', type: 'LM', origin: 'Monkey-RDP'}
];
this.state = {
report: {},
graph: {nodes: [], edges: []}
@ -48,89 +55,192 @@ class ReportPageComponent extends React.Component {
}
render() {
let content;
if (Object.keys(this.state.report).length === 0) {
return (<div />);
content = (<h1>Generating Report...</h1>);
} else {
content =
(
<div>
<div id="overview">
<h1>
Overview
</h1>
<p>
{/* TODO: Replace 01/02/2017 21:45, 23:12 with data */}
The monkey run was started on <span className="label label-info">01/02/2017 21:45</span>. After <span className="label label-info">23:12 minutes</span>, all monkeys finished propagation attempts.
</p>
<p>
From the attacker's point of view, the network looks like this:
</p>
<div style={{height: '80vh'}}>
<ReactiveGraph graph={this.state.graph} options={options} />
</div>
<div>
{/* TODO: Replace 3 with data */}
During this simulated attack the Monkey uncovered <span className="label label-warning">6 issues</span>, detailed below. The security issues uncovered included:
<ul className="report">
{/* TODO: Replace lis with data */}
<li className="report">Weak user/passwords combinations.</li>
<li className="report">Stolen passwords/hashes used to exploit other machines.</li>
<li className="report">Elastic Search servers not patched for CVE-2015-1427 bug.</li>
<li className="report">Samba servers not patched for SambaCry bug.</li>
<li className="report">Machines not patched for the Shellshock bug.</li>
<li className="report">Machines not patched for the Conficker bug.</li>
</ul>
</div>
<div>
In addition, the monkey uncovered the following possible set of issues:
<ul className="report">
{/* TODO: Replace lis with data */}
<li className="report">Machines freely accessed the Monkey Island despite being on different networks.</li>
<li className="report">Machines are not locked down at port level, tunnels between network segments were setup successfully.</li>
</ul>
</div>
<p>
A full report of the Monkeys activities follows.
</p>
</div>
<div id="network_overview">
<h1>
Network Overview
</h1>
<p>
{/* TODO: Replace 6,2 with data */}
During the current run, the Monkey discovered <span className="label label-info">6</span> machines and successfully breached <span className="label label-warning">2</span> of them.
In addition, it attempted to exploit the rest, any security software installed in the network should have picked up the attack attempts and logged them.
</p>
<div>
Detailed recommendations in the next part of the <a href="#recommendations">report</a>.
<h4>Breached Servers</h4>
<BreachedServers data={this.state.report.exploited} />
</div>
<div>
<h4>Scanned Servers</h4>
<ScannedServers data={this.state.report.scanned} />
{/* TODO: Add table of scanned servers */}
</div>
</div>
<div id="passwords">
<h1>
Stolen Credentials
</h1>
<StolenPasswords data={this.stolen_passwords} />
</div>
<div id="recommendations">
<h1>
Recommendations
</h1>
<div>
<div>
<h4><b><i>Issue #1</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SMB</span> with the following IP addresses <span className="label label-info">192.168.0.1</span> <span className="label label-info">10.0.0.18</span> was vulnerable to a <span className="label label-danger">SMB</span> attack.
<br />
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">Administrator</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #2</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SMB2</span> with the following IP address <span className="label label-info">192.168.0.2</span> was vulnerable to a <span className="label label-danger">SMB</span> attack.
<br />
The attack succeeded by using a pass-the-hash attack over SMB protocol with user <span className="label label-success">temp</span>.
</p>
</div>
<div>
<h4><b><i>Issue #3</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-WMI</span> with the following IP address <span className="label label-info">192.168.0.3</span> was vulnerable to a <span className="label label-danger">WMI</span> attack.
<br />
The attack succeeded by authenticating over WMI protocol with user <span className="label label-success">Administrator</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #4</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-WMI2</span> with the following IP address <span className="label label-info">192.168.0.4</span> was vulnerable to a <span className="label label-danger">WMI</span> attack.
<br />
The attack succeeded by using a pass-the-hash attack over WMI protocol with user <span className="label label-success">Administrator</span>.
</p>
</div>
<div>
<h4><b><i>Issue #5</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SSH</span> with the following IP address <span className="label label-info">192.168.0.5</span> was vulnerable to a <span className="label label-danger">SSH</span> attack.
<br />
The attack succeeded by authenticating over SSH protocol with user <span className="label label-success">user</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #6</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-RDP</span> with the following IP address <span className="label label-info">192.168.0.6</span> was vulnerable to a <span className="label label-danger">RDP</span> attack.
<br />
The attack succeeded by authenticating over RDP protocol with user <span className="label label-success">Administrator</span> and its password.
</p>
</div>
<div>
<h4><b><i>Issue #7</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SambaCry</span> with the following IP address <span className="label label-info">192.168.0.7</span> was vulnerable to a <span className="label label-danger">SambaCry</span> attack.
<br />
The attack succeeded by authenticating over SMB protocol with user <span className="label label-success">user</span> and its password, and by using the SambaCry vulnerability.
</p>
</div>
<div>
<h4><b><i>Issue #8</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-Elastic</span> with the following IP address <span className="label label-info">192.168.0.8</span> was vulnerable to an <span className="label label-danger">Elastic Groovy</span> attack.
<br />
The attack succeeded because the Elastic Search server was not parched against the CVE-2015-1427 bug.
</p>
</div>
<div>
<h4><b><i>Issue #9</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-Shellshock</span> with the following IP address <span className="label label-info">192.168.0.9</span> was vulnerable to a <span className="label label-danger">ShellShock</span> attack.
<br />
The attack succeeded because the HTTP server running on port <span className="label label-info">8080</span> was vulnerable to a shell injection attack on the paths: <span className="label label-warning">/cgi/backserver.cgi</span> <span className="label label-warning">/cgi/login.cgi</span>.
</p>
</div>
<div>
<h4><b><i>Issue #10</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-Conficker</span> with the following IP address <span className="label label-info">192.168.0.10</span> was vulnerable to a <span className="label label-danger">Conficker</span> attack.
<br />
The attack succeeded because the target machine uses an outdated and unpatched operating system.
</p>
</div>
<div>
<h4><b><i>Issue #11</i></b></h4>
<p>
The network can probably be segmented. A monkey instance on <span className="label label-primary">Monkey-SMB</span> in the <span className="label label-info">192.168.0.0/24</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">172.168.0.0/24</span> network.
</p>
</div>
<div>
<h4><b><i>Issue #12</i></b></h4>
<p>
The network can probably be segmented. A monkey instance on <span className="label label-primary">Monkey-SSH</span> in the <span className="label label-info">192.168.0.0/24</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">172.168.0.0/24</span> network.
</p>
</div>
<div>
<h4><b><i>Issue #13</i></b></h4>
<p>
Machines are not locked down at port level. Network tunnel was set up from <span className="label label-primary">Monkey-SSH</span> to <span className="label label-primary">Monkey-SambaCry</span>.
</p>
</div>
</div>
</div>
</div>
);
}
return (
<Col xs={12} lg={8}>
<h1 className="page-title">4. Security Report</h1>
<div style={{'fontSize': '1.2em'}}>
<div id="overview">
<h1>
Overview
</h1>
<p>
{/* TODO: Replace 01/02/2017 21:45, 23:12 with data */}
The monkey run was started on <span className="label label-info">01/02/2017 21:45</span>. After <span className="label label-info">23:12 minutes</span>, all monkeys finished propagation attempts.
</p>
<p>
From the attacker's point of view, the network looks like this:
</p>
<div style={{height: '80vh'}}>
<ReactiveGraph graph={this.state.graph} options={options} />
</div>
<div>
{/* TODO: Replace 3 with data */}
During this simulated attack the Monkey uncovered <span className="label label-warning">3 issues</span>, detailed below. The security issues uncovered included:
<ul className="report">
{/* TODO: Replace lis with data */}
<li className="report">Weak user/passwords combinations</li>
<li className="report">Machines not patched for the Shellshock bug</li>
</ul>
</div>
<div>
In addition, the monkey uncovered the following possible set of issues:
<ul className="report">
{/* TODO: Replace lis with data */}
<li className="report">Machines from another segment accessed the Monkey Island</li>
<li className="report">Network tunnels were created successfully</li>
</ul>
</div>
<p>
A full report of the Monkeys activities follows.
</p>
</div>
<div id="network_overview">
<h1>
Network Overview
</h1>
<p>
{/* TODO: Replace 6,2 with data */}
During the current run, the Monkey discovered <span className="label label-info">6</span> machines and successfully breached <span className="label label-warning">2</span> of them.
In addition, it attempted to exploit the rest, any security software installed in the network should have picked up the attack attempts and logged them.
</p>
<div>
Detailed recommendations in the next part of the <a href="#recommendations">report</a>.
<h4>Breached Servers</h4>
<BreachedServers data={this.state.report.exploited} />
</div>
<div>
<h4>Scanned Servers</h4>
<ScannedServers data={this.state.report.scanned} />
{/* TODO: Add table of scanned servers */}
</div>
</div>
<div id="recommendations">
<h1>
Recommendations
</h1>
<div>
<div>
<h4><b><i>Issue #1</i></b></h4>
<p>
The machine <span className="label label-primary">Monkey-SMB</span> with the following IP addresses <span className="label label-info">192.168.0.1</span> <span className="label label-info">10.0.0.18</span> was vulnerable to a <span className="label label-danger">SmbExploiter</span> attack.
The attack succeeded because weak/stolen password was used over SMB protocol.
</p>
</div>
<div>
<h4><b><i>Issue #2</i></b></h4>
<p>
The network can probably be segmented. A monkey instance on <span className="label label-primary">Monkey-SMB</span> in the <span className="label label-info">192.168.0.0/24</span> network could directly access the Monkey Island C&C server in the <span className="label label-info">172.168.0.0/24</span> network.
</p>
</div>
</div>
{/* TODO: Entire part */}
</div>
{content}
</div>
</Col>
);

34
monkey_island/cc/ui/src/components/report-components/StolenPasswords.js Normal file
View File

@ -0,0 +1,34 @@
import React from 'react';
import ReactTable from 'react-table'
const columns = [
{ Header: 'Username', accessor: 'username'},
{ Header: 'Password/Hash', accessor: 'password'},
{ Header: 'Type', accessor: 'type'},
{ Header: 'Origin', accessor: 'origin'}
];
const pageSize = 10;
class StolenPasswordsComponent extends React.Component {
constructor(props) {
super(props);
}
render() {
let defaultPageSize = this.props.data.length > pageSize ? pageSize : this.props.data.length;
let showPagination = this.props.data.length > pageSize;
return (
<div className="data-table-container">
<ReactTable
columns={columns}
data={this.props.data}
showPagination={showPagination}
defaultPageSize={defaultPageSize}
/>
</div>
);
}
}
export default StolenPasswordsComponent;