Agent: Publish PasswordRestorationEvent in zerologon

monkey/infection_monkey/exploit/zerologon.py

@@ -15,7 +15,7 @@ import impacket
 from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
 from impacket.dcerpc.v5.dtypes import NULL
 
-from common.agent_events import CredentialsStolenEvent
+from common.agent_events import CredentialsStolenEvent, PasswordRestorationEvent
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
 from common.credentials import Credentials, LMHash, NTHash, Username
 from common.tags import (
@@ -46,6 +46,8 @@ CREDENTIALS_STOLEN_EVENT_TAGS = frozenset(
     }
 )
 
+PASSWORD_RESTORATION_EVENT_TAGS = frozenset(ZEROLOGON_EXPLOITER_TAG)
+
 
 class ZerologonExploiter(HostExploiter):
     _EXPLOITED_SERVICE = "Netlogon"
@@ -105,6 +107,8 @@ class ZerologonExploiter(HostExploiter):
                 self.exploit_info["password_restored"] = False
                 logger.info("System exploited but couldn't restore password!")
 
+            self._publish_password_restoration_event(success=self.exploit_info["password_restored"])
+
             self.store_extracted_creds_for_exploitation()
         else:
             logger.info("System was not exploited.")
@@ -313,6 +317,15 @@ class ZerologonExploiter(HostExploiter):
                     "nt_hash": nthash,
                 }
 
+    def _publish_password_restoration_event(self, success: bool):
+        password_restoration_event = PasswordRestorationEvent(
+            source=get_agent_id(),
+            target=self.host.ip_addr,
+            tags=PASSWORD_RESTORATION_EVENT_TAGS,
+            success=success,
+        )
+        self.agent_event_queue.publish(password_restoration_event)
+
     def store_extracted_creds_for_exploitation(self) -> None:
         for user in self._extracted_creds.keys():
             self.send_extracted_creds_as_credential_telemetry(