Skip to content

Zerologon password reset warning#998

Merged
mssalvatore merged 27 commits intodevelopfrom
zerologon-password-reset-warning
Mar 2, 2021
Merged

Zerologon password reset warning#998
mssalvatore merged 27 commits intodevelopfrom
zerologon-password-reset-warning

Conversation

@VakarisZ
Copy link
Contributor

@VakarisZ VakarisZ commented Feb 25, 2021
edited by shreyamalviya
Loading

What does this PR do?

Fixes #991 and fixes #989

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the documentation framework updated to reflect the changes?
mssalvatore and others added 13 commits February 24, 2021 13:23
@mssalvatore
cc: add a note about resetting password after failed zerologon attempt
b5b8d28
@mssalvatore
cc: format exploiter_classes.py with black
b6bb6d8
@mssalvatore
agent: add zerologon password restore success/failure to telemetry
36bd983
@mssalvatore
ui: add machine-related recommendation for Zerologon to security report
4fbb0f2
@mssalvatore
cc: add password_restore_success to zerologon report issue
70fd7d7
@mssalvatore
cc,agent: rename password_restore_success -> password_restored
f17c08d
@shreyamalviya
Add Zerologon (and Drupal) information to "Immediate Threats"
3da1de3
@shreyamalviya
Add warning to machine-specific recommendation if password was not reset
6581a5a
@VakarisZ
Added ZeroLogon overview section to the report
8b7e0d0
@VakarisZ
Improved zero logon overview UI and added password restoration warnin…
94ac75e 
…g to overview.
@mssalvatore
report: rename ZEROLOGON_CRED_RESTORE_FAILED -> ZEROLOGON_PASSWORD_RE…
67fd171 
…STORED
@VakarisZ
Improved zero logon exploiter to fail on failed domain controller nam…
e9b84ff 
…e fetch.
@VakarisZ
Improved exception handling of expected exceptions - if they are expe…
ce697b3 
…cted, we don't need to see the error trace.
shreyamalviya
shreyamalviya reviewed Feb 25, 2021
View reviewed changes
@ghost
Copy link

ghost commented Feb 26, 2021
edited by ghost
Loading

DeepCode failed to analyze this pull request

Something went wrong despite trying multiple times, sorry about that.
Please comment this pull request with "Retry DeepCode" to manually retry, or contact us so that a human can look into the issue.
shreyamalviya
shreyamalviya reviewed Feb 28, 2021
View reviewed changes
mssalvatore and others added 2 commits February 28, 2021 18:34
@mssalvatore @shreyamalviya
docs: minor rewording in zerologon docs
5e088e6 
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
@mssalvatore @shreyamalviya
docs: add missing comma on zerologon docs
abc76e0 
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
VakarisZ
VakarisZ commented Mar 1, 2021
View reviewed changes
monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py Outdated
Comment on lines +135 to +139
"account and could prevent the victim domain controller from communicating "
"with other domain controllers. While it attempts to undo "
"its changes and reset the password back to the original after the "
"vulnerability is exploited, this is not successful in all cases. For "
"instructions on how to reset the domain controller's password, see the documentation.",
Copy link
Contributor Author

@VakarisZ VakarisZ Mar 1, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"account and could prevent the victim domain controller from communicating "
"with other domain controllers. While it attempts to undo "
"its changes and reset the password back to the original after the "
"vulnerability is exploited, this is not successful in all cases. For "
"instructions on how to reset the domain controller's password, see the documentation.",
"account and then attempts to restore it. Victim domain controller can't communicate "
"with other domain controllers until the password is restored. If the Infection Monkey fails to "
"restore the password automatically, you'll have to do it manually. For more information see the "
"documentation.",
@codecov
Copy link

codecov bot commented Mar 1, 2021
edited
Loading

Codecov Report

Merging #998 (5f66a99) into develop (bc3283c) will increase coverage by 0.02%.
The diff coverage is n/a.

Impacted file tree graph

@@ Coverage Diff @@ ## develop #998 +/- ## =========================================== + Coverage 26.11% 26.13% +0.02%  =========================================== Files 402 402 Lines 12821 12830 +9 =========================================== + Hits 3348 3353 +5  - Misses 9473 9477 +4
Impacted Files Coverage Δ
monkey/monkey/common/utils/exceptions.py 100.00% <0.00%> (ø)
...nkey/monkey_island/cc/services/reporting/report.py 0.00% <0.00%> (ø)
...onkey/monkey/infection_monkey/exploit/zerologon.py 29.77% <0.00%> (+0.04%) ⬆️
..._monkey/exploit/zerologon_utils/vuln_assessment.py 41.66% <0.00%> (+5.49%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bc3283c...5f66a99. Read the comment docs.
@mssalvatore mssalvatore marked this pull request as ready for review March 1, 2021 15:41
@mssalvatore mssalvatore merged commit 1b73c56 into develop Mar 2, 2021
@VakarisZ VakarisZ deleted the zerologon-password-reset-warning branch March 9, 2021 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@VakarisZ @mssalvatore @shreyamalviya