Basic config and report stuff

monkey/monkey_island/cc/services/config_schema/basic.py

@@ -27,7 +27,8 @@ BASIC = {
                         "HadoopExploiter",
                         "VSFTPDExploiter",
                         "MSSQLExploiter",
-                        "DrupalExploiter"
+                        "DrupalExploiter",
+                        "ZerologonExploiter"
                     ]
                 }
             }

monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py

@@ -148,6 +148,18 @@ EXPLOITER_CLASSES = {
             "info": "Exploits a remote command execution vulnerability in a Drupal server,"
                     "for which certain modules (such as RESTful Web Services) are enabled.",
             "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/"
+        },
+        {
+            "type": "string",
+            "enum": [
+                "ZerologonExploiter"
+            ],
+            "title": "Zerologon Exploiter (UNSAFE)",
+            "info": "Unsafe exploiter (changes the password of a Windows server domain controller account and "
+                    "breaks communication with other domain controllers.) "
+                    "Exploits a privilege escalation vulnerability in a Windows server domain controller, "
+                    "using the Netlogon Remote Protocol (MS-NRPC).",
+            # "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
         }
     ]
 }

monkey/monkey_island/cc/services/reporting/report.py

@@ -44,7 +44,8 @@ class ReportService:
             'HadoopExploiter': 'Hadoop/Yarn Exploiter',
             'MSSQLExploiter': 'MSSQL Exploiter',
             'VSFTPDExploiter': 'VSFTPD Backdoor Exploiter',
-            'DrupalExploiter': 'Drupal Server Exploiter'
+            'DrupalExploiter': 'Drupal Server Exploiter',
+            'ZerologonExploiter': 'Windows Server Zerologon Exploiter'
         }
 
     class ISSUES_DICT(Enum):
@@ -63,6 +64,7 @@ class ReportService:
         MSSQL = 12
         VSFTPD = 13
         DRUPAL = 14
+        ZEROLOGON = 15
 
     class WARNINGS_DICT(Enum):
         CROSS_SEGMENT = 0
@@ -363,6 +365,12 @@ class ReportService:
         processed_exploit['type'] = 'drupal'
         return processed_exploit
 
+    @staticmethod
+    def process_zerologon_exploit(exploit):
+        processed_exploit = ReportService.process_general_exploit(exploit)
+        processed_exploit['type'] = 'zerologon'
+        return processed_exploit
+
     @staticmethod
     def process_exploit(exploit):
         exploiter_type = exploit['data']['exploiter']
@@ -379,7 +387,8 @@ class ReportService:
             'HadoopExploiter': ReportService.process_hadoop_exploit,
             'MSSQLExploiter': ReportService.process_mssql_exploit,
             'VSFTPDExploiter': ReportService.process_vsftpd_exploit,
-            'DrupalExploiter': ReportService.process_drupal_exploit
+            'DrupalExploiter': ReportService.process_drupal_exploit,
+            'ZerologonExploiter': ReportService.process_zerologon_exploit
         }
 
         return EXPLOIT_PROCESS_FUNCTION_DICT[exploiter_type](exploit)
@@ -678,6 +687,8 @@ class ReportService:
                     issues_byte_array[ReportService.ISSUES_DICT.HADOOP.value] = True
                 elif issue['type'] == 'drupal':
                     issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
+                elif issue['type'] == 'zerologon':
+                    issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
                 elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
                         issue['username'] in config_users or issue['type'] == 'ssh':
                     issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD.value] = True