Shreya
6babcd099a
Change warning order and phrasing in report
2021-03-02 13:02:56 +05:30
VakarisZ
89907d133e
Improved warning icon display style in the overview
2021-03-02 09:09:25 +02:00
Mike Salvatore
ac530b2555
cc: reword zerologon exploiter class info
2021-03-01 10:35:04 -05:00
VakarisZ
9e3fe03ce1
Replace double quotes with single quotes in SecurityReport.js
2021-03-01 10:27:56 -05:00
VakarisZ
9171ed8190
Minor formatting improvements in SecurityReport.js
2021-03-01 10:27:56 -05:00
VakarisZ
e49b7b85cc
Improved formatting and link styles in SecurityReport.js
2021-03-01 10:27:56 -05:00
VakarisZ
8eeed20f7e
Changed zerologon links to be more consistent and have a style
2021-03-01 10:27:56 -05:00
VakarisZ
b3e9922d0f
Changed the logic of zerologon password restoration issue overview to be more consistent with the function of issue map.
2021-03-01 10:27:56 -05:00
Mike Salvatore
abc76e0c73
docs: add missing comma on zerologon docs
...
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
2021-02-28 18:35:07 -05:00
Mike Salvatore
5e088e6908
docs: minor rewording in zerologon docs
...
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
2021-02-28 18:34:47 -05:00
Mike Salvatore
f094c3e9c1
docs: Add warnings and password restoration instructions for Zerologon
2021-02-27 19:38:26 -05:00
Shreya
2f99631ed4
Fix unit tests
2021-02-26 22:39:32 +05:30
Shreya
c0d2d5b2b6
Fix typo, remove unused import, change function/variable names for consistency
2021-02-25 22:38:17 +05:30
VakarisZ
ce697b3a45
Improved exception handling of expected exceptions - if they are expected, we don't need to see the error trace.
2021-02-25 16:27:45 +02:00
VakarisZ
e9b84ff86d
Improved zero logon exploiter to fail on failed domain controller name fetch.
2021-02-25 16:27:45 +02:00
Mike Salvatore
67fd1712b5
report: rename ZEROLOGON_CRED_RESTORE_FAILED -> ZEROLOGON_PASSWORD_RESTORED
2021-02-25 09:04:47 -05:00
VakarisZ
94ac75e649
Improved zero logon overview UI and added password restoration warning to overview.
2021-02-25 15:29:22 +02:00
VakarisZ
8b7e0d0fa0
Added ZeroLogon overview section to the report
2021-02-25 15:16:00 +02:00
Shreya
6581a5ab0c
Add warning to machine-specific recommendation if password was not reset
2021-02-25 18:17:50 +05:30
Shreya
3da1de39a6
Add Zerologon (and Drupal) information to "Immediate Threats"
2021-02-25 14:54:36 +05:30
Mike Salvatore
f17c08d286
cc,agent: rename password_restore_success -> password_restored
2021-02-24 17:26:31 -05:00
Mike Salvatore
70fd7d7bb0
cc: add password_restore_success to zerologon report issue
2021-02-24 17:15:32 -05:00
Mike Salvatore
4fbb0f2026
ui: add machine-related recommendation for Zerologon to security report
2021-02-24 16:36:53 -05:00
Mike Salvatore
36bd9834a6
agent: add zerologon password restore success/failure to telemetry
2021-02-24 15:07:42 -05:00
Mike Salvatore
b6bb6d8221
cc: format exploiter_classes.py with black
2021-02-24 13:40:49 -05:00
Mike Salvatore
b5b8d289ca
cc: add a note about resetting password after failed zerologon attempt
2021-02-24 13:23:46 -05:00
Shreya Malviya
bc3283c4a5
Merge pull request #911 from shreyamalviya/zerologon-exploiter
...
Zerologon Exploiter
2021-02-24 17:58:45 +05:30
Shreya Malviya
43cac3568b
Reword exploiter description
...
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-02-24 16:18:58 +05:30
Shreya
28edf7d2b7
Encrypt credentials before logging
2021-02-24 16:08:36 +05:30
VakarisZ
fdeb54d541
Added jwt_required decorator to the "local_run" endpoint, in order to avoid malicious actors running the monkey
2021-02-23 10:47:37 -05:00
Shreya
db52f0966f
Modify `PaginatedTable`: let `ReactTable` handle the case where no data is available
2021-02-23 10:00:56 -05:00
Mike Salvatore
4aa9a14f13
ci: remove `swimm verify` for now
...
There is a bug in swimm that is causing `swimm verify` to fail in the CI
pipeline, eventhough it succeeds locally. Disabling for now while the
swimm team works to rectify the issue.
2021-02-23 07:51:56 -05:00
Shreya
353e9844dc
Modify unit tests
2021-02-23 12:57:50 +05:30
dependabot[bot]
8b60625d81
build(deps): bump marked in /monkey/monkey_island/cc/ui
...
Bumps [marked](https://github.com/markedjs/marked ) from 1.1.1 to 2.0.0.
- [Release notes](https://github.com/markedjs/marked/releases )
- [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js )
- [Commits](https://github.com/markedjs/marked/compare/v1.1.1...v2.0.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-22 12:50:28 -05:00
Shreya
a2c11759a4
Add unit tests
2021-02-22 22:35:46 +05:30
Shreya
defc94dd59
Add zerologon_utils/vuln_assessment.py
2021-02-22 18:44:06 +05:30
Shreya
4e281d9826
CR changes: type hints and comment
2021-02-22 17:47:27 +05:30
Shreya
cc6e3f687b
Add SecureAuth Corporation acknowledgement to LICENSE.md
2021-02-22 17:44:15 +05:30
Mike Salvatore
95eb96acc8
Merge branch 'copyediting' into develop
2021-02-22 07:08:21 -05:00
MarketingYeti
8a1fec3f0b
Copyedits for usage sections ( #965 )
...
Copy edits - round 2
2021-02-22 07:06:56 -05:00
Shreya
b82635d292
Add noqa comment to ignore complexity of DumpSecrets.dump()
2021-02-22 17:30:11 +05:30
Mike Salvatore
776d3421aa
agent: add TODO to rework telemetry classes
2021-02-19 19:34:43 -05:00
Shreya
6883e4a5f1
Format all zerologon files with black
2021-02-20 01:12:04 +05:30
Shreya
2ef892e33f
Try starting remote shell on victim with all user creds until successful
2021-02-20 01:12:04 +05:30
Shreya
c227ccd3a1
Remove Zerologon fingerprinter (and move required functionality to Zerologon exploiter)
2021-02-20 01:12:04 +05:30
Shreya
869d608e09
Modify how `store_extracted_creds_for_exploitation()` is called
...
+ other little CR changes
2021-02-20 01:12:04 +05:30
Shreya
6c9ce028e0
Use __enter__() and __exit__() for StdoutCapture
2021-02-20 01:12:04 +05:30
Shreya
e0ae8381ba
restoring pwd: uses next available user account in case Administrator isn't found
...
and save all other credentials
2021-02-20 01:12:04 +05:30
Shreya
c20e677940
Add impacket copyright notice
2021-02-20 01:12:01 +05:30
VakarisZ
4158ed802b
Refactored telemetry unit tests to json encode data the same way telemetries do.
2021-02-19 17:19:21 +02:00