Skip to content

Zerologon password reset warning#998

Merged
mssalvatore merged 27 commits into
developfrom
zerologon-password-reset-warning
Mar 2, 2021
Merged

Zerologon password reset warning#998
mssalvatore merged 27 commits into
developfrom
zerologon-password-reset-warning

Conversation

@VakarisZ

@VakarisZ VakarisZ commented Feb 25, 2021

Copy link
Copy Markdown
Contributor

What does this PR do?

Fixes #991 and fixes #989

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the documentation framework updated to reflect the changes?

Comment thread monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py Outdated
Comment thread monkey/common/utils/exceptions.py Outdated
Comment thread monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js Outdated
Comment thread monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js Outdated
Comment thread monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py
Comment thread monkey/monkey_island/cc/ui/src/styles/pages/report/ReportPage.scss
@ghost

ghost commented Feb 26, 2021

Copy link
Copy Markdown

DeepCode failed to analyze this pull request

Something went wrong despite trying multiple times, sorry about that.
Please comment this pull request with "Retry DeepCode" to manually retry, or contact us so that a human can look into the issue.

Comment thread docs/content/reference/exploiters/Zerologon.md Outdated
Comment thread docs/content/reference/exploiters/Zerologon.md Outdated
mssalvatore and others added 2 commits February 28, 2021 18:34
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
Comment on lines +135 to +139
"account and could prevent the victim domain controller from communicating "
"with other domain controllers. While it attempts to undo "
"its changes and reset the password back to the original after the "
"vulnerability is exploited, this is not successful in all cases. For "
"instructions on how to reset the domain controller's password, see the documentation.",

@VakarisZ VakarisZ Mar 1, 2021

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"account and could prevent the victim domain controller from communicating "
"with other domain controllers. While it attempts to undo "
"its changes and reset the password back to the original after the "
"vulnerability is exploited, this is not successful in all cases. For "
"instructions on how to reset the domain controller's password, see the documentation.",
"account and then attempts to restore it. Victim domain controller can't communicate "
"with other domain controllers until the password is restored. If the Infection Monkey fails to "
"restore the password automatically, you'll have to do it manually. For more information see the "
"documentation.",

@codecov

codecov Bot commented Mar 1, 2021

Copy link
Copy Markdown

Codecov Report

Merging #998 (5f66a99) into develop (bc3283c) will increase coverage by 0.02%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #998      +/-   ##
===========================================
+ Coverage    26.11%   26.13%   +0.02%     
===========================================
  Files          402      402              
  Lines        12821    12830       +9     
===========================================
+ Hits          3348     3353       +5     
- Misses        9473     9477       +4     
Impacted Files Coverage Δ
monkey/monkey/common/utils/exceptions.py 100.00% <0.00%> (ø)
...nkey/monkey_island/cc/services/reporting/report.py 0.00% <0.00%> (ø)
...onkey/monkey/infection_monkey/exploit/zerologon.py 29.77% <0.00%> (+0.04%) ⬆️
..._monkey/exploit/zerologon_utils/vuln_assessment.py 41.66% <0.00%> (+5.49%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bc3283c...5f66a99. Read the comment docs.

@mssalvatore mssalvatore marked this pull request as ready for review March 1, 2021 15:41
@mssalvatore mssalvatore merged commit 1b73c56 into develop Mar 2, 2021
@VakarisZ VakarisZ deleted the zerologon-password-reset-warning branch March 9, 2021 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Zerologon restore password: mention failure in report Zerologon restore password: add details in configuration

3 participants