diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py index 0fa0b80d4..ec01f8899 100644 --- a/monkey/monkey_island/cc/services/config_schema/basic.py +++ b/monkey/monkey_island/cc/services/config_schema/basic.py @@ -27,7 +27,8 @@ BASIC = { "HadoopExploiter", "VSFTPDExploiter", "MSSQLExploiter", - "DrupalExploiter" + "DrupalExploiter", + "ZerologonExploiter" ] } } diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py index 25158d73a..2cbbca431 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py @@ -148,6 +148,18 @@ EXPLOITER_CLASSES = { "info": "Exploits a remote command execution vulnerability in a Drupal server," "for which certain modules (such as RESTful Web Services) are enabled.", "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/" + }, + { + "type": "string", + "enum": [ + "ZerologonExploiter" + ], + "title": "Zerologon Exploiter (UNSAFE)", + "info": "Unsafe exploiter (changes the password of a Windows server domain controller account and " + "breaks communication with other domain controllers.) " + "Exploits a privilege escalation vulnerability in a Windows server domain controller, " + "using the Netlogon Remote Protocol (MS-NRPC).", + # "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/" } ] } diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index 1e77065d4..8b85f638d 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -44,7 +44,8 @@ class ReportService: 'HadoopExploiter': 'Hadoop/Yarn Exploiter', 'MSSQLExploiter': 'MSSQL Exploiter', 'VSFTPDExploiter': 'VSFTPD Backdoor Exploiter', - 'DrupalExploiter': 'Drupal Server Exploiter' + 'DrupalExploiter': 'Drupal Server Exploiter', + 'ZerologonExploiter': 'Windows Server Zerologon Exploiter' } class ISSUES_DICT(Enum): @@ -63,6 +64,7 @@ class ReportService: MSSQL = 12 VSFTPD = 13 DRUPAL = 14 + ZEROLOGON = 15 class WARNINGS_DICT(Enum): CROSS_SEGMENT = 0 @@ -363,6 +365,12 @@ class ReportService: processed_exploit['type'] = 'drupal' return processed_exploit + @staticmethod + def process_zerologon_exploit(exploit): + processed_exploit = ReportService.process_general_exploit(exploit) + processed_exploit['type'] = 'zerologon' + return processed_exploit + @staticmethod def process_exploit(exploit): exploiter_type = exploit['data']['exploiter'] @@ -379,7 +387,8 @@ class ReportService: 'HadoopExploiter': ReportService.process_hadoop_exploit, 'MSSQLExploiter': ReportService.process_mssql_exploit, 'VSFTPDExploiter': ReportService.process_vsftpd_exploit, - 'DrupalExploiter': ReportService.process_drupal_exploit + 'DrupalExploiter': ReportService.process_drupal_exploit, + 'ZerologonExploiter': ReportService.process_zerologon_exploit } return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit) @@ -678,6 +687,8 @@ class ReportService: issues_byte_array[ReportService.ISSUES_DICT.HADOOP.value] = True elif issue['type'] == 'drupal': issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True + elif issue['type'] == 'zerologon': + issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \ issue['username'] in config_users or issue['type'] == 'ssh': issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True