Scribd
Upload
79 views4 pages

Infection Monkey Island Server

The monkey infection scan found no critical security issues. It discovered 4 machines on the network but was unable to breach any of them. It identified a potential issue of weak segmentation between network segments that allows communication between machines that should be isolated. The report provides recommendations to improve network segmentation.

Uploaded by

Senthil Nathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
79 views4 pages

Infection Monkey Island Server

The monkey infection scan found no critical security issues. It discovered 4 machines on the network but was unable to breach any of them. It identified a potential issue of weak segmentation between network segments that allows communication between machines that should be isolated. The report provides recommendations to improve network segmentation.

Uploaded by

Senthil Nathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

10/08/2022, 23:56 Infection Monkey Island Server

Security Report
Security report
Zero trust report ATT&CK report Ransomware report

Infection Monkey
Overview
No critical security issues were detected.

To improve the monkey's detection rates, try adding users


and passwords and enable the "Local network scan" config value
under Basic - Network.

The first monkey run was started on 10/08/2022 23:41:53 . After


14 minutes and 13 seconds , all monkeys finished propagation attempts.

The monkey started propagating from the following machines


where it was manually installed:

S-INECHN-CS02T.ardianet.net

The monkeys were run with the following configuration:

Usernames used for brute-forcing:

Administrator
root
user
Manager
Admin
Test

Passwords used for brute-forcing:

roo******
123******
pas******
123******
qwe******
111******
ilo******
P@s******

The Monkey scans the following IPs:


10.160.50.0/24

Note: Monkeys were configured to avoid scanning of the local


network.
https://localhost:5000/report/security 1/4
10/08/2022, 23:56 Infection Monkey Island Server

Security Findings
Immediate Threats
During this simulated attack the Monkey uncovered 0 threats :

Potential Security Issues


The Monkey uncovered the following possible set of issues:
Weak segmentation - Machines from different segments are
able to communicate.

Machine related recommendations


S-INECHN-CS02T.ARDIANET.NET
1. Segment your network and make sure there is no
communication between machines from different
segments.

The network can probably be segmented. A monkey


instance on S-INECHN-CS02T.ardianet.net in the networks
could directly access the Monkey Island server in the
networks
192.168.99.0/24 192.168.56.0/24 192.168.119.0/24 192.168.136.0/24
.

The Network from the Monkey's Eyes


The Monkey discovered 4 machines and successfully breached 0
of them.

0% of scanned machines exploited


From the attacker's point of view, the network looks like this:

Legend: Exploit | Scan | Tunnel | Island Communication

https://localhost:5000/report/security 2/4
10/08/2022, 23:56 Infection Monkey Island Server

The Monkey discovered  6 open services on  4  machines:

Scanned Servers
Machine IP Addresses Accessible Services
From

unknown 10.160.50.105 S-INECHN-CS02T tcp-445

unknown 10.160.50.104 S-INECHN-CS02T tcp-135


tcp-445

https://localhost:5000/report/security 3/4
10/08/2022, 23:56 Infection Monkey Island Server

unknown 10.160.50.1 S-INECHN-CS02T tcp-80


tcp-443
tcp-22
S-INECHN-CS… 192.168.136.1
192.168.119.1
192.168.56.1
192.168.99.61

The Monkey successfully breached  0 machines:

Breached Servers
No rows found
Machine IP Addresses Exploits

The Monkey performed 8 post-breach actions on 1 machine:

Post breach actions


Machine

S-INECHN-CS02T.ardianet.net (
192.168.136.1
192.168.119.1
192.168.56.1
192.168.99.61
)

Stolen Credentials
No rows found
Username Type Stolen From

Powerful Users
No rows found
Username Machines Services

For questions, suggestions or any other feedback contact:


labs@guardicore.com

https://localhost:5000/report/security 4/4

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy