Commit Graph

4593 Commits

Author SHA1 Message Date
Mike Salvatore f094c3e9c1 docs: Add warnings and password restoration instructions for Zerologon 2021-02-27 19:38:26 -05:00
Mike Salvatore f6fc380fd7 ui: add fingerprinters to SafeOptionValidator 2021-02-26 14:40:49 -05:00
Mike Salvatore 67e142f4fe ui: generalize isUnsafeOptionSelected 2021-02-26 14:33:42 -05:00
Mike Salvatore dd7c1bb08c ui: rework logic to remove unsafeOptionsConfirmed 2021-02-26 14:27:18 -05:00
Mike Salvatore 95af08a5fa ui: improve names in unsafeItemSelected 2021-02-26 12:50:31 -05:00
Mike Salvatore 75bf30913a ui: extract UnsafeOptionsConfirmationModal JSX invocation into a function 2021-02-26 12:49:57 -05:00
Shreya 2f99631ed4 Fix unit tests 2021-02-26 22:39:32 +05:30
Mike Salvatore 5a9cb8b4af ui: switch unsafe modal cancel button to variant secondary 2021-02-26 11:11:52 -05:00
Mike Salvatore 11c30fec14 ui: simplify `onClick()` callbacks in UnsafeOptionsConfirmationModal 2021-02-26 11:08:57 -05:00
Mike Salvatore 2ef81d5688 ui: change language from "use" -> submit for consistency 2021-02-26 11:06:33 -05:00
Mike Salvatore 7079a6fd23 ui: pass callback, not return value, to setState() 2021-02-26 08:42:04 -05:00
Mike Salvatore f094efba8f
ui: minor change to unsafe modal dialog language
Co-authored-by: VakarisZ <36815064+VakarisZ@users.noreply.github.com>
2021-02-26 08:10:13 -05:00
Mike Salvatore 10a4252aff ui: remove unnecessary semicolons 2021-02-26 08:08:48 -05:00
Mike Salvatore 68e835433a ui: sort unsafe options first so they're less likely to be hidden 2021-02-26 08:08:39 -05:00
Mike Salvatore 88e2ccb30a ui: pass callback, not return value, to setState() 2021-02-25 20:02:33 -05:00
Mike Salvatore f82d4a1b97 ui: fix capitalization of "Import config" button for consistency 2021-02-25 19:54:32 -05:00
Mike Salvatore 8f32c48964 ui: make unsafeItemSelected() a pure function 2021-02-25 19:47:21 -05:00
Mike Salvatore ff28509d0d ui: fix race in unsafe confirmation modal dialog 2021-02-25 19:41:36 -05:00
Mike Salvatore 8fd1582909 ui: display modal dialog when unsafe config is imported 2021-02-25 19:19:36 -05:00
Mike Salvatore d160787851 ui: extract renderUnsafeOptionsConfirmationModal() into a component 2021-02-25 15:39:32 -05:00
Mike Salvatore 6813262b30 ui: check PBA, exploiter, and system info safety on submit 2021-02-25 13:37:41 -05:00
Shreya c0d2d5b2b6 Fix typo, remove unused import, change function/variable names for consistency 2021-02-25 22:38:17 +05:30
Mike Salvatore 510b001c2a ui: add a modal dialog that asks users to confirm unsafe options 2021-02-25 11:59:01 -05:00
Shreya f9ea196b98 Add unit tests for `set_server_ips_in_config()` in monkey_island/cc/services/config.py 2021-02-25 22:14:36 +05:30
VakarisZ ce697b3a45 Improved exception handling of expected exceptions - if they are expected, we don't need to see the error trace. 2021-02-25 16:27:45 +02:00
VakarisZ e9b84ff86d Improved zero logon exploiter to fail on failed domain controller name fetch. 2021-02-25 16:27:45 +02:00
Mike Salvatore 67fd1712b5 report: rename ZEROLOGON_CRED_RESTORE_FAILED -> ZEROLOGON_PASSWORD_RESTORED 2021-02-25 09:04:47 -05:00
Shreya 11e6b9e281 Take IPs for Run Monkey -> Manual page from configuration 2021-02-25 19:06:17 +05:30
VakarisZ 94ac75e649 Improved zero logon overview UI and added password restoration warning to overview. 2021-02-25 15:29:22 +02:00
VakarisZ 8b7e0d0fa0 Added ZeroLogon overview section to the report 2021-02-25 15:16:00 +02:00
Shreya 6581a5ab0c Add warning to machine-specific recommendation if password was not reset 2021-02-25 18:17:50 +05:30
Shreya 3da1de39a6 Add Zerologon (and Drupal) information to "Immediate Threats" 2021-02-25 14:54:36 +05:30
Mike Salvatore f17c08d286 cc,agent: rename password_restore_success -> password_restored 2021-02-24 17:26:31 -05:00
Mike Salvatore 70fd7d7bb0 cc: add password_restore_success to zerologon report issue 2021-02-24 17:15:32 -05:00
Mike Salvatore 4fbb0f2026 ui: add machine-related recommendation for Zerologon to security report 2021-02-24 16:36:53 -05:00
Mike Salvatore 36bd9834a6 agent: add zerologon password restore success/failure to telemetry 2021-02-24 15:07:42 -05:00
Mike Salvatore b6bb6d8221 cc: format exploiter_classes.py with black 2021-02-24 13:40:49 -05:00
Mike Salvatore b5b8d289ca cc: add a note about resetting password after failed zerologon attempt 2021-02-24 13:23:46 -05:00
Shreya Malviya bc3283c4a5
Merge pull request #911 from shreyamalviya/zerologon-exploiter
Zerologon Exploiter
2021-02-24 17:58:45 +05:30
Shreya Malviya 43cac3568b
Reword exploiter description
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-02-24 16:18:58 +05:30
Shreya 28edf7d2b7 Encrypt credentials before logging 2021-02-24 16:08:36 +05:30
VakarisZ fdeb54d541 Added jwt_required decorator to the "local_run" endpoint, in order to avoid malicious actors running the monkey 2021-02-23 10:47:37 -05:00
Shreya db52f0966f Modify `PaginatedTable`: let `ReactTable` handle the case where no data is available 2021-02-23 10:00:56 -05:00
Mike Salvatore 4aa9a14f13 ci: remove `swimm verify` for now
There is a bug in swimm that is causing `swimm verify` to fail in the CI
pipeline, eventhough it succeeds locally. Disabling for now while the
swimm team works to rectify the issue.
2021-02-23 07:51:56 -05:00
Shreya 353e9844dc Modify unit tests 2021-02-23 12:57:50 +05:30
dependabot[bot] 8b60625d81 build(deps): bump marked in /monkey/monkey_island/cc/ui
Bumps [marked](https://github.com/markedjs/marked) from 1.1.1 to 2.0.0.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js)
- [Commits](https://github.com/markedjs/marked/compare/v1.1.1...v2.0.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-22 12:50:28 -05:00
Shreya a2c11759a4 Add unit tests 2021-02-22 22:35:46 +05:30
Shreya defc94dd59 Add zerologon_utils/vuln_assessment.py 2021-02-22 18:44:06 +05:30
Shreya 4e281d9826 CR changes: type hints and comment 2021-02-22 17:47:27 +05:30
Shreya cc6e3f687b Add SecureAuth Corporation acknowledgement to LICENSE.md 2021-02-22 17:44:15 +05:30