forked from p34709852/monkey
Basic config and report stuff
This commit is contained in:
parent
978927c329
commit
900bb7636d
|
@ -27,7 +27,8 @@ BASIC = {
|
|||
"HadoopExploiter",
|
||||
"VSFTPDExploiter",
|
||||
"MSSQLExploiter",
|
||||
"DrupalExploiter"
|
||||
"DrupalExploiter",
|
||||
"ZerologonExploiter"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -148,6 +148,18 @@ EXPLOITER_CLASSES = {
|
|||
"info": "Exploits a remote command execution vulnerability in a Drupal server,"
|
||||
"for which certain modules (such as RESTful Web Services) are enabled.",
|
||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/"
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"ZerologonExploiter"
|
||||
],
|
||||
"title": "Zerologon Exploiter (UNSAFE)",
|
||||
"info": "Unsafe exploiter (changes the password of a Windows server domain controller account and "
|
||||
"breaks communication with other domain controllers.) "
|
||||
"Exploits a privilege escalation vulnerability in a Windows server domain controller, "
|
||||
"using the Netlogon Remote Protocol (MS-NRPC).",
|
||||
# "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -44,7 +44,8 @@ class ReportService:
|
|||
'HadoopExploiter': 'Hadoop/Yarn Exploiter',
|
||||
'MSSQLExploiter': 'MSSQL Exploiter',
|
||||
'VSFTPDExploiter': 'VSFTPD Backdoor Exploiter',
|
||||
'DrupalExploiter': 'Drupal Server Exploiter'
|
||||
'DrupalExploiter': 'Drupal Server Exploiter',
|
||||
'ZerologonExploiter': 'Windows Server Zerologon Exploiter'
|
||||
}
|
||||
|
||||
class ISSUES_DICT(Enum):
|
||||
|
@ -63,6 +64,7 @@ class ReportService:
|
|||
MSSQL = 12
|
||||
VSFTPD = 13
|
||||
DRUPAL = 14
|
||||
ZEROLOGON = 15
|
||||
|
||||
class WARNINGS_DICT(Enum):
|
||||
CROSS_SEGMENT = 0
|
||||
|
@ -363,6 +365,12 @@ class ReportService:
|
|||
processed_exploit['type'] = 'drupal'
|
||||
return processed_exploit
|
||||
|
||||
@staticmethod
|
||||
def process_zerologon_exploit(exploit):
|
||||
processed_exploit = ReportService.process_general_exploit(exploit)
|
||||
processed_exploit['type'] = 'zerologon'
|
||||
return processed_exploit
|
||||
|
||||
@staticmethod
|
||||
def process_exploit(exploit):
|
||||
exploiter_type = exploit['data']['exploiter']
|
||||
|
@ -379,7 +387,8 @@ class ReportService:
|
|||
'HadoopExploiter': ReportService.process_hadoop_exploit,
|
||||
'MSSQLExploiter': ReportService.process_mssql_exploit,
|
||||
'VSFTPDExploiter': ReportService.process_vsftpd_exploit,
|
||||
'DrupalExploiter': ReportService.process_drupal_exploit
|
||||
'DrupalExploiter': ReportService.process_drupal_exploit,
|
||||
'ZerologonExploiter': ReportService.process_zerologon_exploit
|
||||
}
|
||||
|
||||
return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit)
|
||||
|
@ -678,6 +687,8 @@ class ReportService:
|
|||
issues_byte_array[ReportService.ISSUES_DICT.HADOOP.value] = True
|
||||
elif issue['type'] == 'drupal':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
|
||||
elif issue['type'] == 'zerologon':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
|
||||
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
|
||||
issue['username'] in config_users or issue['type'] == 'ssh':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True
|
||||
|
|
Loading…
Reference in New Issue