From b6c3623e74a4bd38d8407a2f1d765bed85c6f323 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 24 Aug 2021 13:15:47 +0530 Subject: [PATCH] agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting') --- monkey/infection_monkey/exploit/powershell.py | 4 ++-- .../monkey_island/cc/services/config_schema/basic.py | 2 +- .../config_schema/definitions/exploiter_classes.py | 10 +++++++--- .../exploit_processing/exploiter_descriptor_enum.py | 2 +- .../src/components/report-components/SecurityReport.js | 2 +- .../security/issues/PowershellIssue.js | 6 +++--- vulture_allowlist.py | 2 +- 7 files changed, 16 insertions(+), 12 deletions(-) diff --git a/monkey/infection_monkey/exploit/powershell.py b/monkey/infection_monkey/exploit/powershell.py index 5ba03b5b7..91ba9df71 100644 --- a/monkey/infection_monkey/exploit/powershell.py +++ b/monkey/infection_monkey/exploit/powershell.py @@ -22,13 +22,13 @@ LOG = logging.getLogger(__name__) TEMP_MONKEY_BINARY_FILEPATH = "./monkey_temp_bin" -class PowershellExploiter(HostExploiter): +class PowerShellExploiter(HostExploiter): _TARGET_OS_TYPE = ["windows"] EXPLOIT_TYPE = ExploitType.BRUTE_FORCE _EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)" def __init__(self, host: VictimHost): - PowershellExploiter._set_sensitive_packages_log_level_to_error() + PowerShellExploiter._set_sensitive_packages_log_level_to_error() super().__init__(host) self.client = None diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py index 33704eab6..6608cac2c 100644 --- a/monkey/monkey_island/cc/services/config_schema/basic.py +++ b/monkey/monkey_island/cc/services/config_schema/basic.py @@ -26,7 +26,7 @@ BASIC = { "VSFTPDExploiter", "MSSQLExploiter", "DrupalExploiter", - "PowershellExploiter", + "PowerShellExploiter", ], } }, diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py index 6a50df509..5ac348b5b 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py @@ -156,10 +156,14 @@ EXPLOITER_CLASSES = { }, { "type": "string", - "enum": ["PowershellExploiter"], - "title": "Powershell Exploiter", - "info": "Exploits powershell remote execution setups.", + "enum": ["PowerShellExploiter"], + "title": "PowerShell Remoting Exploiter", + "info": "Exploits PowerShell remote execution setups. PowerShell Remoting uses Windows " + "Remote Management (WinRM) to allow users to run PowerShell commands on remote " + "computers.", "safe": True, + "link": "https://www.guardicore.com/infectionmonkey" + "/docs/reference/exploiters/" # TODO: Change link once documentation is updated }, ], } diff --git a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py index 006a13c7c..15e1bfef4 100644 --- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py +++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py @@ -50,7 +50,7 @@ class ExploiterDescriptorEnum(Enum): "ZerologonExploiter", "Zerologon Exploiter", ZerologonExploitProcessor ) POWERSHELL = ExploiterDescriptor( - "PowershellExploiter", "Powershell remoting exploiter", ExploitProcessor + "PowerShellExploiter", "PowerShell Remoting Exploiter", ExploitProcessor ) @staticmethod diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js index 491921093..3dcf94615 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js @@ -143,7 +143,7 @@ class ReportPageComponent extends AuthComponent { [this.issueContentTypes.REPORT]: shellShockIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, - 'PowershellExploiter': { + 'PowerShellExploiter': { [this.issueContentTypes.OVERVIEW]: powershellIssueOverview, [this.issueContentTypes.REPORT]: powershellIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PowershellIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PowershellIssue.js index af4066443..012f8cabd 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PowershellIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PowershellIssue.js @@ -8,16 +8,16 @@ export function powershellIssueOverview() { export function powershellIssueReport(issue) { return ( <> - Restrict powershell remote command execution and/or + Restrict PowerShell remote command execution and/or harden the credentials of relevant users. The machine {issue.machine} ({issue.ip_address}) was exploited via Powershell remoting. + className="badge badge-danger">PowerShell Remoting.
The attack was made possible because the target machine had - Powershell remoting enabled and Monkey + PowerShell Remoting enabled and Monkey had access to correct credentials.
diff --git a/vulture_allowlist.py b/vulture_allowlist.py index 0919c7bca..6e5564d07 100644 --- a/vulture_allowlist.py +++ b/vulture_allowlist.py @@ -87,7 +87,7 @@ _.do_HEAD # unused method (monkey/infection_monkey/transport/http.py:61) _.do_GET # unused method (monkey/infection_monkey/transport/http.py:38) _.do_POST # unused method (monkey/infection_monkey/transport/http.py:34) _.do_GET # unused method (monkey/infection_monkey/exploit/weblogic.py:237) -PowershellExploiter # (monkey\infection_monkey\exploit\powershell.py:27) +PowerShellExploiter # (monkey\infection_monkey\exploit\powershell.py:27) ElasticFinger # unused class (monkey/infection_monkey/network/elasticfinger.py:18) HTTPFinger # unused class (monkey/infection_monkey/network/httpfinger.py:9) MySQLFinger # unused class (monkey/infection_monkey/network/mysqlfinger.py:13)