Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zerologon password reset warning #998

Merged
merged 27 commits into from
Mar 2, 2021
Merged

Zerologon password reset warning #998

merged 27 commits into from
Mar 2, 2021

Conversation

VakarisZ
Copy link
Contributor

@VakarisZ VakarisZ commented Feb 25, 2021
edited by shreyamalviya
Loading

What does this PR do?

Fixes #991 and fixes #989

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the documentation framework updated to reflect the changes?

mssalvatore and others added 13 commits February 24, 2021 13:23
@mssalvatore
cc: add a note about resetting password after failed zerologon attempt
b5b8d28
@mssalvatore
cc: format exploiter_classes.py with black
b6bb6d8
@mssalvatore
agent: add zerologon password restore success/failure to telemetry
36bd983
@mssalvatore
ui: add machine-related recommendation for Zerologon to security report
4fbb0f2
@mssalvatore
cc: add password_restore_success to zerologon report issue
70fd7d7
@mssalvatore
cc,agent: rename password_restore_success -> password_restored
f17c08d
@shreyamalviya
Add Zerologon (and Drupal) information to "Immediate Threats"
3da1de3
@shreyamalviya
Add warning to machine-specific recommendation if password was not reset
6581a5a
@VakarisZ
Added ZeroLogon overview section to the report
8b7e0d0
@VakarisZ
Improved zero logon overview UI and added password restoration warnin…
94ac75e 
…g to overview.
@mssalvatore
report: rename ZEROLOGON_CRED_RESTORE_FAILED -> ZEROLOGON_PASSWORD_RE…
67fd171 
…STORED
@VakarisZ
Improved zero logon exploiter to fail on failed domain controller nam…
e9b84ff 
…e fetch.
@VakarisZ
Improved exception handling of expected exceptions - if they are expe…
ce697b3 
…cted, we don't need to see the error trace.
@ghost
Copy link

ghost commented Feb 26, 2021
edited by ghost
Loading

DeepCode failed to analyze this pull request

Something went wrong despite trying multiple times, sorry about that.
Please comment this pull request with "Retry DeepCode" to manually retry, or contact us so that a human can look into the issue.

VakarisZ
VakarisZ commented Mar 1, 2021
View reviewed changes
monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py Outdated
Comment on lines 135 to 139
"account and could prevent the victim domain controller from communicating "
"with other domain controllers. While it attempts to undo "
"its changes and reset the password back to the original after the "
"vulnerability is exploited, this is not successful in all cases. For "
"instructions on how to reset the domain controller's password, see the documentation.",
Copy link
Contributor Author

@VakarisZ VakarisZ Mar 1, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"account and could prevent the victim domain controller from communicating "
"with other domain controllers. While it attempts to undo "
"its changes and reset the password back to the original after the "
"vulnerability is exploited, this is not successful in all cases. For "
"instructions on how to reset the domain controller's password, see the documentation.",
"account and then attempts to restore it. Victim domain controller can't communicate "
"with other domain controllers until the password is restored. If the Infection Monkey fails to "
"restore the password automatically, you'll have to do it manually. For more information see the "
"documentation.",

@codecov
Copy link

codecov bot commented Mar 1, 2021
edited
Loading

Codecov Report

Merging #998 (5f66a99) into develop (bc3283c) will increase coverage by 0.02%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #998      +/-   ##
===========================================
+ Coverage    26.11%   26.13%   +0.02%     
===========================================
  Files          402      402              
  Lines        12821    12830       +9     
===========================================
+ Hits          3348     3353       +5     
- Misses        9473     9477       +4
Impacted Files Coverage Δ
monkey/monkey/common/utils/exceptions.py 100.00% <0.00%> (ø)
...nkey/monkey_island/cc/services/reporting/report.py 0.00% <0.00%> (ø)
...onkey/monkey/infection_monkey/exploit/zerologon.py 29.77% <0.00%> (+0.04%) ⬆️
..._monkey/exploit/zerologon_utils/vuln_assessment.py 41.66% <0.00%> (+5.49%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bc3283c...5f66a99. Read the comment docs.

@mssalvatore mssalvatore marked this pull request as ready for review March 1, 2021 15:41
@mssalvatore mssalvatore merged commit 1b73c56 into develop Mar 2, 2021
@VakarisZ VakarisZ deleted the zerologon-password-reset-warning branch March 9, 2021 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

@shreyamalviya shreyamalviya shreyamalviya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@VakarisZ @mssalvatore @shreyamalviya