diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py
index 0fa0b80d4..ec01f8899 100644
--- a/monkey/monkey_island/cc/services/config_schema/basic.py
+++ b/monkey/monkey_island/cc/services/config_schema/basic.py
@@ -27,7 +27,8 @@ BASIC = {
"HadoopExploiter",
"VSFTPDExploiter",
"MSSQLExploiter",
- "DrupalExploiter"
+ "DrupalExploiter",
+ "ZerologonExploiter"
]
}
}
diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
index 25158d73a..2cbbca431 100644
--- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
@@ -148,6 +148,18 @@ EXPLOITER_CLASSES = {
"info": "Exploits a remote command execution vulnerability in a Drupal server,"
"for which certain modules (such as RESTful Web Services) are enabled.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/"
+ },
+ {
+ "type": "string",
+ "enum": [
+ "ZerologonExploiter"
+ ],
+ "title": "Zerologon Exploiter (UNSAFE)",
+ "info": "Unsafe exploiter (changes the password of a Windows server domain controller account and "
+ "breaks communication with other domain controllers.) "
+ "Exploits a privilege escalation vulnerability in a Windows server domain controller, "
+ "using the Netlogon Remote Protocol (MS-NRPC).",
+ # "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
}
]
}
diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py
index 1e77065d4..8b85f638d 100644
--- a/monkey/monkey_island/cc/services/reporting/report.py
+++ b/monkey/monkey_island/cc/services/reporting/report.py
@@ -44,7 +44,8 @@ class ReportService:
'HadoopExploiter': 'Hadoop/Yarn Exploiter',
'MSSQLExploiter': 'MSSQL Exploiter',
'VSFTPDExploiter': 'VSFTPD Backdoor Exploiter',
- 'DrupalExploiter': 'Drupal Server Exploiter'
+ 'DrupalExploiter': 'Drupal Server Exploiter',
+ 'ZerologonExploiter': 'Windows Server Zerologon Exploiter'
}
class ISSUES_DICT(Enum):
@@ -63,6 +64,7 @@ class ReportService:
MSSQL = 12
VSFTPD = 13
DRUPAL = 14
+ ZEROLOGON = 15
class WARNINGS_DICT(Enum):
CROSS_SEGMENT = 0
@@ -363,6 +365,12 @@ class ReportService:
processed_exploit['type'] = 'drupal'
return processed_exploit
+ @staticmethod
+ def process_zerologon_exploit(exploit):
+ processed_exploit = ReportService.process_general_exploit(exploit)
+ processed_exploit['type'] = 'zerologon'
+ return processed_exploit
+
@staticmethod
def process_exploit(exploit):
exploiter_type = exploit['data']['exploiter']
@@ -379,7 +387,8 @@ class ReportService:
'HadoopExploiter': ReportService.process_hadoop_exploit,
'MSSQLExploiter': ReportService.process_mssql_exploit,
'VSFTPDExploiter': ReportService.process_vsftpd_exploit,
- 'DrupalExploiter': ReportService.process_drupal_exploit
+ 'DrupalExploiter': ReportService.process_drupal_exploit,
+ 'ZerologonExploiter': ReportService.process_zerologon_exploit
}
return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit)
@@ -678,6 +687,8 @@ class ReportService:
issues_byte_array[ReportService.ISSUES_DICT.HADOOP.value] = True
elif issue['type'] == 'drupal':
issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
+ elif issue['type'] == 'zerologon':
+ issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
issue['username'] in config_users or issue['type'] == 'ssh':
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True