forked from p15670423/monkey
Docs: Fix formatting of PowerShell exploit markdown
This commit is contained in:
Mike Salvatore
parent
e435894187
commit
b96a0e74d9
|
|
@ -7,23 +7,32 @@ tags: ["exploit", "windows"]
|
|||
|
||||
### Description
|
||||
|
||||
his exploiter uses brute-force to propagate to a victim through PowerShell Remoting using Windows Remote Management (WinRM).
|
||||
his exploiter uses brute-force to propagate to a victim through PowerShell
|
||||
Remoting using Windows Remote Management (WinRM).
|
||||
|
||||
More on [PowerShell Remoting Protocol]("https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1") and [Windows Remote Management]("https://docs.microsoft.com/en-us/windows/win32/winrm/portal").
|
||||
More on [PowerShell Remoting
|
||||
Protocol]("https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1")
|
||||
and [Windows Remote
|
||||
Management]("https://docs.microsoft.com/en-us/windows/win32/winrm/portal").
|
||||
|
||||
### Implementation
|
||||
|
||||
The exploit brute forces the credentials of PSRP with every possible combination of username and password that
|
||||
the user provides (see ["configuration"]({{< ref "/usage/configuration" >}})).
|
||||
The exploit brute forces the credentials of PSRP with every possible
|
||||
combination of username and password that the user provides (see
|
||||
["configuration"]({{< ref "/usage/configuration" >}})).
|
||||
|
||||
#### Credentials list
|
||||
|
||||
The PowerShell Remoting Client has ability to use the cached username or/and password from the system we are currently
|
||||
logged in. This means that the exploiter uses the following combination of credentials to propagate to the victim in the order written:
|
||||
The PowerShell Remoting Client has ability to use the cached username or/and
|
||||
password from the system we are currently logged in. This means that the
|
||||
exploiter uses the following combination of credentials to propagate to the
|
||||
victim in the order written:
|
||||
|
||||
1. Cached username and password; meaning that the client we use is going to take the stored credentials
|
||||
from the system we are using to connect. In order for the user to connect without entering username and password
|
||||
the victim must have enabled basic authentication, http and no encryption on the victim machine.
|
||||
1. Cached username and password; meaning that the client we use is going to
|
||||
take the stored credentials from the system we are using to connect. In
|
||||
order for the user to connect without entering username and password the
|
||||
victim must have enabled basic authentication, http and no encryption on the
|
||||
victim machine.
|
||||
|
||||
2. Cached password; brute-force with different usernames and stored password.
|
||||
|
||||
|
|
@ -32,5 +41,6 @@ the victim must have enabled basic authentication, http and no encryption on the
|
|||
|
||||
#### Security considerations
|
||||
|
||||
The security concerns, recommendations and best practices when using PowerShell Remoting
|
||||
can be found [here](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1).
|
||||
The security concerns, recommendations and best practices when using PowerShell
|
||||
Remoting can be found
|
||||
[here](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1).
|
||||
|
|
|
|||
Loading…
Reference in New Issue