Commit Graph

4319 Commits

Author SHA1 Message Date
Shreya 6babcd099a Change warning order and phrasing in report 2021-03-02 13:02:56 +05:30
VakarisZ 89907d133e Improved warning icon display style in the overview 2021-03-02 09:09:25 +02:00
Mike Salvatore ac530b2555 cc: reword zerologon exploiter class info 2021-03-01 10:35:04 -05:00
VakarisZ 9e3fe03ce1 Replace double quotes with single quotes in SecurityReport.js 2021-03-01 10:27:56 -05:00
VakarisZ 9171ed8190 Minor formatting improvements in SecurityReport.js 2021-03-01 10:27:56 -05:00
VakarisZ e49b7b85cc Improved formatting and link styles in SecurityReport.js 2021-03-01 10:27:56 -05:00
VakarisZ 8eeed20f7e Changed zerologon links to be more consistent and have a style 2021-03-01 10:27:56 -05:00
VakarisZ b3e9922d0f Changed the logic of zerologon password restoration issue overview to be more consistent with the function of issue map. 2021-03-01 10:27:56 -05:00
Mike Salvatore abc76e0c73
docs: add missing comma on zerologon docs
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
2021-02-28 18:35:07 -05:00
Mike Salvatore 5e088e6908
docs: minor rewording in zerologon docs
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
2021-02-28 18:34:47 -05:00
Mike Salvatore f094c3e9c1 docs: Add warnings and password restoration instructions for Zerologon 2021-02-27 19:38:26 -05:00
Shreya 2f99631ed4 Fix unit tests 2021-02-26 22:39:32 +05:30
Shreya c0d2d5b2b6 Fix typo, remove unused import, change function/variable names for consistency 2021-02-25 22:38:17 +05:30
VakarisZ ce697b3a45 Improved exception handling of expected exceptions - if they are expected, we don't need to see the error trace. 2021-02-25 16:27:45 +02:00
VakarisZ e9b84ff86d Improved zero logon exploiter to fail on failed domain controller name fetch. 2021-02-25 16:27:45 +02:00
Mike Salvatore 67fd1712b5 report: rename ZEROLOGON_CRED_RESTORE_FAILED -> ZEROLOGON_PASSWORD_RESTORED 2021-02-25 09:04:47 -05:00
VakarisZ 94ac75e649 Improved zero logon overview UI and added password restoration warning to overview. 2021-02-25 15:29:22 +02:00
VakarisZ 8b7e0d0fa0 Added ZeroLogon overview section to the report 2021-02-25 15:16:00 +02:00
Shreya 6581a5ab0c Add warning to machine-specific recommendation if password was not reset 2021-02-25 18:17:50 +05:30
Shreya 3da1de39a6 Add Zerologon (and Drupal) information to "Immediate Threats" 2021-02-25 14:54:36 +05:30
Mike Salvatore f17c08d286 cc,agent: rename password_restore_success -> password_restored 2021-02-24 17:26:31 -05:00
Mike Salvatore 70fd7d7bb0 cc: add password_restore_success to zerologon report issue 2021-02-24 17:15:32 -05:00
Mike Salvatore 4fbb0f2026 ui: add machine-related recommendation for Zerologon to security report 2021-02-24 16:36:53 -05:00
Mike Salvatore 36bd9834a6 agent: add zerologon password restore success/failure to telemetry 2021-02-24 15:07:42 -05:00
Mike Salvatore b6bb6d8221 cc: format exploiter_classes.py with black 2021-02-24 13:40:49 -05:00
Mike Salvatore b5b8d289ca cc: add a note about resetting password after failed zerologon attempt 2021-02-24 13:23:46 -05:00
Shreya Malviya bc3283c4a5
Merge pull request #911 from shreyamalviya/zerologon-exploiter
Zerologon Exploiter
2021-02-24 17:58:45 +05:30
Shreya Malviya 43cac3568b
Reword exploiter description
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-02-24 16:18:58 +05:30
Shreya 28edf7d2b7 Encrypt credentials before logging 2021-02-24 16:08:36 +05:30
VakarisZ fdeb54d541 Added jwt_required decorator to the "local_run" endpoint, in order to avoid malicious actors running the monkey 2021-02-23 10:47:37 -05:00
Shreya db52f0966f Modify `PaginatedTable`: let `ReactTable` handle the case where no data is available 2021-02-23 10:00:56 -05:00
Mike Salvatore 4aa9a14f13 ci: remove `swimm verify` for now
There is a bug in swimm that is causing `swimm verify` to fail in the CI
pipeline, eventhough it succeeds locally. Disabling for now while the
swimm team works to rectify the issue.
2021-02-23 07:51:56 -05:00
Shreya 353e9844dc Modify unit tests 2021-02-23 12:57:50 +05:30
dependabot[bot] 8b60625d81 build(deps): bump marked in /monkey/monkey_island/cc/ui
Bumps [marked](https://github.com/markedjs/marked) from 1.1.1 to 2.0.0.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js)
- [Commits](https://github.com/markedjs/marked/compare/v1.1.1...v2.0.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-22 12:50:28 -05:00
Shreya a2c11759a4 Add unit tests 2021-02-22 22:35:46 +05:30
Shreya defc94dd59 Add zerologon_utils/vuln_assessment.py 2021-02-22 18:44:06 +05:30
Shreya 4e281d9826 CR changes: type hints and comment 2021-02-22 17:47:27 +05:30
Shreya cc6e3f687b Add SecureAuth Corporation acknowledgement to LICENSE.md 2021-02-22 17:44:15 +05:30
Mike Salvatore 95eb96acc8 Merge branch 'copyediting' into develop 2021-02-22 07:08:21 -05:00
MarketingYeti 8a1fec3f0b
Copyedits for usage sections (#965)
Copy edits - round 2
2021-02-22 07:06:56 -05:00
Shreya b82635d292 Add noqa comment to ignore complexity of DumpSecrets.dump() 2021-02-22 17:30:11 +05:30
Mike Salvatore 776d3421aa agent: add TODO to rework telemetry classes 2021-02-19 19:34:43 -05:00
Shreya 6883e4a5f1 Format all zerologon files with black 2021-02-20 01:12:04 +05:30
Shreya 2ef892e33f Try starting remote shell on victim with all user creds until successful 2021-02-20 01:12:04 +05:30
Shreya c227ccd3a1 Remove Zerologon fingerprinter (and move required functionality to Zerologon exploiter) 2021-02-20 01:12:04 +05:30
Shreya 869d608e09 Modify how `store_extracted_creds_for_exploitation()` is called
+ other little CR changes
2021-02-20 01:12:04 +05:30
Shreya 6c9ce028e0 Use __enter__() and __exit__() for StdoutCapture 2021-02-20 01:12:04 +05:30
Shreya e0ae8381ba restoring pwd: uses next available user account in case Administrator isn't found
and save all other credentials
2021-02-20 01:12:04 +05:30
Shreya c20e677940 Add impacket copyright notice 2021-02-20 01:12:01 +05:30
VakarisZ 4158ed802b Refactored telemetry unit tests to json encode data the same way telemetries do. 2021-02-19 17:19:21 +02:00