Added ZeroLogon overview section to the report

2021-02-25 14:28:16 +02:00 · 2021-02-25 14:28:16 +02:00 · 8b7e0d0fa0
parent 6581a5ab0c
commit 8b7e0d0fa0
3 changed files with 50 additions and 11 deletions
--- a/monkey/monkey_island/cc/services/reporting/report.py
+++ b/monkey/monkey_island/cc/services/reporting/report.py
@ -65,6 +65,7 @@ class ReportService:
        VSFTPD = 13
        DRUPAL = 14
        ZEROLOGON = 15
+        ZEROLOGON_CRED_RESTORE_FAILED = 16

    class WARNINGS_DICT(Enum):
        CROSS_SEGMENT = 0
@ -714,6 +715,9 @@ class ReportService:
                elif issue['type'] == 'drupal':
                    issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
                elif issue['type'] == 'zerologon':
+                    # TODO fix to propperly set restoration flag
+                    if issue['info']['zero_logon_restore_failed']:
+                        issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON_CRED_RESTORE_FAILED.value] = True
                    issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
                elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
                        issue['username'] in config_users or issue['type'] == 'ssh':
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@ -14,6 +14,7 @@ import ReportLoader from './common/ReportLoader';
 import SecurityIssuesGlance from './common/SecurityIssuesGlance';
 import PrintReportButton from './common/PrintReportButton';
 import WarningIcon from '../ui-components/WarningIcon';
+import {Button} from 'react-bootstrap';

 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
 import { faMinus } from '@fortawesome/free-solid-svg-icons/faMinus';
@ -42,7 +43,8 @@ class ReportPageComponent extends AuthComponent {
      MSSQL: 12,
      VSFTPD: 13,
      DRUPAL: 14,
-      ZEROLOGON: 15
+      ZEROLOGON: 15,
+      ZEROLOGON_CRED_RESTORE_FAILED: 16
    };

  Warning =
@ -308,6 +310,7 @@ class ReportPageComponent extends AuthComponent {
                    <li>Machines are vulnerable to 'Zerologon'
                      (<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
                      CVE-2020-1472</a>).</li> : null}
+                  {this.generateZeroLogonOverview()}
                </ul>
              </div>
              :
@ -365,6 +368,29 @@ class ReportPageComponent extends AuthComponent {
    );
  }

+  generateZeroLogonOverview() {
+    let zeroLogonOverview = [];
+
+    // TODO finish this by linking to the documentation
+    if(this.state.report.overview.issues[this.Issue.ZEROLOGON_CRED_RESTORE_FAILED]) {
+      zeroLogonOverview.push(<span>
+        <WarningIcon/> Automatic password restoration on a domain controller failed!
+        <Button variant={"link"} href={"#"} className={'security-report-link'}>
+        Restore your domain controller's password manually.</Button>
+        </span>)
+    }
+    if(this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
+      zeroLogonOverview.push(<>
+          Some domain controllers are vulnerable to ZeroLogon exploiter(
+        <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
+                      CVE-2020-1472</a>)!
+        </>)
+    } else {
+      return none;
+    }
+    return (<li>{zeroLogonOverview}</li>)
+  }
+
  generateReportRecommendationsSection() {
    return (
      <div id="recommendations">
--- a/monkey/monkey_island/cc/ui/src/styles/pages/report/ReportPage.scss
+++ b/monkey/monkey_island/cc/ui/src/styles/pages/report/ReportPage.scss
@ -7,15 +7,15 @@
  font-size: large;
 }

-.report-nav > li > a{
+.report-nav > li > a {
  height: 50px !important;
 }

-.report-nav .nav-item > a{
+.report-nav .nav-item > a {
  color: $black;
 }

-.report-nav .nav-item > a.active{
+.report-nav .nav-item > a.active {
  font-weight: bold;
  color: $black;
 }
@ -72,16 +72,25 @@ div.report-wrapper {
  padding-bottom: 20px;
 }

-div.report-wrapper .nav-tabs > .nav-item > a:hover:not(.active),  .nav-tabs > .nav-item > a:focus:not(.active){
-    text-decoration: none;
-    background-color: $light-gray;
+div.report-wrapper .nav-tabs > .nav-item > a:hover:not(.active), .nav-tabs > .nav-item > a:focus:not(.active) {
+  text-decoration: none;
+  background-color: $light-gray;
 }

 ul.cross-segment-issues {
-    list-style-type: none;
-    padding: 0px;
-    margin: 0px;
+  list-style-type: none;
+  padding: 0px;
+  margin: 0px;
 }
+
 span.cross-segment-service {
-    text-transform: uppercase;
+  text-transform: uppercase;
+}
+
+.report-page li a.btn,.security-report-link {
+  position: relative;
+  font-size: 1em;
+  padding: 0 5px;
+  line-height: 1em;
+  top: -3px;
 }