From 900bb7636df34cd42c694dffaf5b085462c05d3b Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Wed, 23 Dec 2020 14:36:42 +0530
Subject: [PATCH] Basic config and report stuff

---
 .../cc/services/config_schema/basic.py            |  3 ++-
 .../definitions/exploiter_classes.py              | 12 ++++++++++++
 .../monkey_island/cc/services/reporting/report.py | 15 +++++++++++++--
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py
index 0fa0b80d4..ec01f8899 100644
--- a/monkey/monkey_island/cc/services/config_schema/basic.py
+++ b/monkey/monkey_island/cc/services/config_schema/basic.py
@@ -27,7 +27,8 @@ BASIC = {
                         "HadoopExploiter",
                         "VSFTPDExploiter",
                         "MSSQLExploiter",
-                        "DrupalExploiter"
+                        "DrupalExploiter",
+                        "ZerologonExploiter"
                     ]
                 }
             }
diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
index 25158d73a..2cbbca431 100644
--- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
@@ -148,6 +148,18 @@ EXPLOITER_CLASSES = {
             "info": "Exploits a remote command execution vulnerability in a Drupal server,"
                     "for which certain modules (such as RESTful Web Services) are enabled.",
             "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/"
+        },
+        {
+            "type": "string",
+            "enum": [
+                "ZerologonExploiter"
+            ],
+            "title": "Zerologon Exploiter (UNSAFE)",
+            "info": "Unsafe exploiter (changes the password of a Windows server domain controller account and "
+                    "breaks communication with other domain controllers.) "
+                    "Exploits a privilege escalation vulnerability in a Windows server domain controller, "
+                    "using the Netlogon Remote Protocol (MS-NRPC).",
+            # "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
         }
     ]
 }
diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py
index 1e77065d4..8b85f638d 100644
--- a/monkey/monkey_island/cc/services/reporting/report.py
+++ b/monkey/monkey_island/cc/services/reporting/report.py
@@ -44,7 +44,8 @@ class ReportService:
             'HadoopExploiter': 'Hadoop/Yarn Exploiter',
             'MSSQLExploiter': 'MSSQL Exploiter',
             'VSFTPDExploiter': 'VSFTPD Backdoor Exploiter',
-            'DrupalExploiter': 'Drupal Server Exploiter'
+            'DrupalExploiter': 'Drupal Server Exploiter',
+            'ZerologonExploiter': 'Windows Server Zerologon Exploiter'
         }
 
     class ISSUES_DICT(Enum):
@@ -63,6 +64,7 @@ class ReportService:
         MSSQL = 12
         VSFTPD = 13
         DRUPAL = 14
+        ZEROLOGON = 15
 
     class WARNINGS_DICT(Enum):
         CROSS_SEGMENT = 0
@@ -363,6 +365,12 @@ class ReportService:
         processed_exploit['type'] = 'drupal'
         return processed_exploit
 
+    @staticmethod
+    def process_zerologon_exploit(exploit):
+        processed_exploit = ReportService.process_general_exploit(exploit)
+        processed_exploit['type'] = 'zerologon'
+        return processed_exploit
+
     @staticmethod
     def process_exploit(exploit):
         exploiter_type = exploit['data']['exploiter']
@@ -379,7 +387,8 @@ class ReportService:
             'HadoopExploiter': ReportService.process_hadoop_exploit,
             'MSSQLExploiter': ReportService.process_mssql_exploit,
             'VSFTPDExploiter': ReportService.process_vsftpd_exploit,
-            'DrupalExploiter': ReportService.process_drupal_exploit
+            'DrupalExploiter': ReportService.process_drupal_exploit,
+            'ZerologonExploiter': ReportService.process_zerologon_exploit
         }
 
         return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit)
@@ -678,6 +687,8 @@ class ReportService:
                     issues_byte_array[ReportService.ISSUES_DICT.HADOOP.value] = True
                 elif issue['type'] == 'drupal':
                     issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
+                elif issue['type'] == 'zerologon':
+                    issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
                 elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
                         issue['username'] in config_users or issue['type'] == 'ssh':
                     issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True