Docs: Documentation for PowerShell. Update zoo docs

2021-08-24 13:13:19 +02:00 · 2021-08-24 13:13:19 +02:00 · 73a3f2057a
parent d203b28a38
commit 73a3f2057a
2 changed files with 100 additions and 77 deletions
--- a/docs/content/reference/exploiters/powershell.md
+++ b/docs/content/reference/exploiters/powershell.md
@ -0,0 +1,10 @@
+---
+title: "PowerShell"
+date: 2021-08-24T12:19:21+03:00
+draft: false
+tags: ["exploit", "windows"]
+---
+### Description
+
+PowerShell Remoting exploit brute forces machines via WinRM service using credentials provided by the user
+(see ["configuration"]({{< ref "/usage/configuration" >}}) for instructions) .
--- a/envs/monkey_zoo/docs/fullDocs.md
+++ b/envs/monkey_zoo/docs/fullDocs.md
@ -30,8 +30,11 @@ This document describes Infection Monkey’s test network, how to deploy and use
 [Nr. 22 Scan](#_Toc526517197)<br>
 [Nr. 23 Struts2](#_Toc536021476)<br>
 [Nr. 24 Struts2](#_Toc536021477)<br>
-[Nr. 250 MonkeyIsland](#_Toc536021478)<br>
-[Nr. 251 MonkeyIsland](#_Toc536021479)<br>
+[Nr. 25 Zerologon](#_Toc536021478)<br>
+[Nr. 3-45 Powershell](#_Toc536021479)<br>
+[Nr. 3-46 Powershell](#_Toc536021480)<br>
+[Nr. 250 MonkeyIsland](#_Toc536021481)<br>
+[Nr. 251 MonkeyIsland](#_Toc536021482)<br>
 [Network topography](#network-topography)<br>

 # Warning\!
@ -156,8 +159,8 @@ To update repository:<br>
 3\. `git pull` (updates develop branch)<br>

 Update all requirements using deployment script:<br>
-1. `cd C:\infection_monkey\deployment_scripts`<br>
-2. `./run_script.bat "C:\infection_monkey" "develop"`
+1\. `cd C:\infection_monkey\deployment_scripts`<br>
+2\. `./run_script.bat "C:\infection_monkey" "develop"`<br>

 # Running tests:

@ -276,10 +279,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td><a href="https://www.elastic.co/guide/en/elasticsearch/reference/1.4/_index_and_query_a_document.html">Quick</a> tutorial on how to add entries (was useful when setting up).</td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -357,10 +356,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -433,10 +428,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Vulnerable app is under /cgi-bin/test.cgi</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -613,10 +604,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -653,10 +640,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Don’t add this machine’s credentials to exploit configuration.</td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -695,10 +678,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -765,10 +744,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>If you change this machine’s IP it won’t get exploited.</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -839,10 +814,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -985,10 +956,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Used to scan a machine that has no vulnerabilities (to evaluate scanning speed for e.g.)</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

@ -1093,17 +1060,13 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

 <table>
 <thead>
 <tr class="header">
-<th><p>Nr. <strong>25</strong> ZeroLogon</p>
+<th><p><span id="_Toc536021478" class="anchor"></span>Nr. <strong>25</strong> ZeroLogon </p>
 <p>(10.2.2.25)</p></th>
 <th>(Vulnerable)</th>
 </tr>
@ -1123,7 +1086,63 @@ fullTest.conf is a good config to start, because it covers all machines.
 <table>
 <thead>
 <tr class="header">
-<th><p><span id="_Toc536021478" class="anchor"></span>Nr. <strong>250 MonkeyIsland</strong></p>
+<th><p><span id="_Toc536021479" class="anchor"></span>Nr. <strong>3-45 Powershell</strong></p>
+<p>(10.2.3.45)</p></th>
+<th>(Vulnerable)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>OS:</td>
+<td><strong>Windows Server 2016 x64</strong></td>
+</tr>
+<tr class="even">
+<td>Software:</td>
+<td>WinRM service</td>
+</tr>
+<tr class="odd">
+<td>Default server’s port:</td>
+<td>-</td>
+</tr>
+<tr class="even">
+<td>Notes:</td>
+<td>User: m0nk3y, Password: Passw0rd!<br>User: m0nk3y-user, No Password.</td>
+</tr>
+</tbody>
+</table>
+
+<table>
+<thead>
+<tr class="header">
+<th><p><span id="_Toc536021480" class="anchor"></span>Nr. <strong>3-46 Powershell</strong></p>
+<p>(10.2.3.46)</p></th>
+<th>(Vulnerable)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>OS:</td>
+<td><strong>Windows Server 2016 x64</strong></td>
+</tr>
+<tr class="even">
+<td>Software:</td>
+<td>WinRM service</td>
+</tr>
+<tr class="odd">
+<td>Default server’s port:</td>
+<td>-</td>
+</tr>
+<tr class="even">
+<td>Notes:</td>
+<td>User: m0nk3y, Password: Passw0rd!</td>
+</tr>
+</tbody>
+</table>
+
+<table>
+<thead>
+<tr class="header">
+<th><p><span id="_Toc536021481" class="anchor"></span>Nr. <strong>250 MonkeyIsland</strong></p>
 <p>(10.2.2.250)</p></th>
 <th></th>
 </tr>
@ -1149,20 +1168,18 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Only accessible trough GCP</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
+</tbody>
 </table>

 <table>
 <thead>
 <tr class="header">
-<th><p><span id="_Toc536021478" class="anchor"></span>Nr. <strong>251 MonkeyIsland</strong></p>
+<th><p><span id="_Toc536021482" class="anchor"></span>Nr. <strong>251 MonkeyIsland</strong></p>
 <p>(10.2.2.251)</p></th>
 <th></th>
 </tr>
 </thead>
+<tbody>
 <tr class="odd">
 <td>OS:</td>
 <td><strong>Windows Server 2016 x64</strong></td>
@ -1183,13 +1200,9 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Only accessible trough GCP</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>

 # Network topography:

-<img src="/envs/monkey_zoo/docs/images/networkTopography.jpeg" >
+<img src="/envs/monkey_zoo/docs/images/networkTopography.jpg" >