agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')

2021-08-24 13:15:47 +05:30 · 2021-08-24 13:15:47 +05:30 · b6c3623e74
parent 72e0378335
commit b6c3623e74
7 changed files with 16 additions and 12 deletions
--- a/monkey/infection_monkey/exploit/powershell.py
+++ b/monkey/infection_monkey/exploit/powershell.py
@ -22,13 +22,13 @@ LOG = logging.getLogger(__name__)
 TEMP_MONKEY_BINARY_FILEPATH = "./monkey_temp_bin"


-class PowershellExploiter(HostExploiter):
+class PowerShellExploiter(HostExploiter):
    _TARGET_OS_TYPE = ["windows"]
    EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
    _EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)"

    def __init__(self, host: VictimHost):
-        PowershellExploiter._set_sensitive_packages_log_level_to_error()
+        PowerShellExploiter._set_sensitive_packages_log_level_to_error()

        super().__init__(host)
        self.client = None
--- a/monkey/monkey_island/cc/services/config_schema/basic.py
+++ b/monkey/monkey_island/cc/services/config_schema/basic.py
@ -26,7 +26,7 @@ BASIC = {
                        "VSFTPDExploiter",
                        "MSSQLExploiter",
                        "DrupalExploiter",
-                        "PowershellExploiter",
+                        "PowerShellExploiter",
                    ],
                }
            },
--- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
@ -156,10 +156,14 @@ EXPLOITER_CLASSES = {
        },
        {
            "type": "string",
-            "enum": ["PowershellExploiter"],
-            "title": "Powershell Exploiter",
-            "info": "Exploits powershell remote execution setups.",
+            "enum": ["PowerShellExploiter"],
+            "title": "PowerShell Remoting Exploiter",
+            "info": "Exploits PowerShell remote execution setups. PowerShell Remoting uses Windows "
+            "Remote Management (WinRM) to allow users to run PowerShell commands on remote "
+            "computers.",
            "safe": True,
+            "link": "https://www.guardicore.com/infectionmonkey"
+            "/docs/reference/exploiters/"  # TODO: Change link once documentation is updated
        },
    ],
 }
--- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
+++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
@ -50,7 +50,7 @@ class ExploiterDescriptorEnum(Enum):
        "ZerologonExploiter", "Zerologon Exploiter", ZerologonExploitProcessor
    )
    POWERSHELL = ExploiterDescriptor(
-        "PowershellExploiter", "Powershell remoting exploiter", ExploitProcessor
+        "PowerShellExploiter", "PowerShell Remoting Exploiter", ExploitProcessor
    )

    @staticmethod
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@ -143,7 +143,7 @@ class ReportPageComponent extends AuthComponent {
        [this.issueContentTypes.REPORT]: shellShockIssueReport,
        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
      },
-      'PowershellExploiter': {
+      'PowerShellExploiter': {
        [this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
        [this.issueContentTypes.REPORT]: powershellIssueReport,
        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PowershellIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PowershellIssue.js
@ -8,16 +8,16 @@ export function powershellIssueOverview() {
 export function powershellIssueReport(issue) {
    return (
      <>
-        Restrict powershell remote command execution and/or
+        Restrict PowerShell remote command execution and/or
        harden the credentials of relevant users.
        <CollapsibleWellComponent>
          The machine <span className="badge badge-primary">{issue.machine}</span> (<span
          className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) was
          exploited via <span
-          className="badge badge-danger">Powershell remoting</span>.
+          className="badge badge-danger">PowerShell Remoting</span>.
          <br/>
          The attack was made possible because the target machine had
-          Powershell remoting enabled and Monkey
+          PowerShell Remoting enabled and Monkey
          had access to correct credentials.
        </CollapsibleWellComponent>
      </>
--- a/vulture_allowlist.py
+++ b/vulture_allowlist.py
@ -87,7 +87,7 @@ _.do_HEAD  # unused method (monkey/infection_monkey/transport/http.py:61)
 _.do_GET  # unused method (monkey/infection_monkey/transport/http.py:38)
 _.do_POST  # unused method (monkey/infection_monkey/transport/http.py:34)
 _.do_GET  # unused method (monkey/infection_monkey/exploit/weblogic.py:237)
-PowershellExploiter  # (monkey\infection_monkey\exploit\powershell.py:27)
+PowerShellExploiter  # (monkey\infection_monkey\exploit\powershell.py:27)
 ElasticFinger  # unused class (monkey/infection_monkey/network/elasticfinger.py:18)
 HTTPFinger  # unused class (monkey/infection_monkey/network/httpfinger.py:9)
 MySQLFinger  # unused class (monkey/infection_monkey/network/mysqlfinger.py:13)