diff --git a/docs/content/reference/exploiters/PowerShell.md b/docs/content/reference/exploiters/PowerShell.md index ec8d71878..365c5c72f 100644 --- a/docs/content/reference/exploiters/PowerShell.md +++ b/docs/content/reference/exploiters/PowerShell.md @@ -7,23 +7,32 @@ tags: ["exploit", "windows"] ### Description -his exploiter uses brute-force to propagate to a victim through PowerShell Remoting using Windows Remote Management (WinRM). +his exploiter uses brute-force to propagate to a victim through PowerShell +Remoting using Windows Remote Management (WinRM). -More on [PowerShell Remoting Protocol]("https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1") and [Windows Remote Management]("https://docs.microsoft.com/en-us/windows/win32/winrm/portal"). +More on [PowerShell Remoting +Protocol]("https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1") +and [Windows Remote +Management]("https://docs.microsoft.com/en-us/windows/win32/winrm/portal"). ### Implementation -The exploit brute forces the credentials of PSRP with every possible combination of username and password that -the user provides (see ["configuration"]({{< ref "/usage/configuration" >}})). +The exploit brute forces the credentials of PSRP with every possible +combination of username and password that the user provides (see +["configuration"]({{< ref "/usage/configuration" >}})). #### Credentials list -The PowerShell Remoting Client has ability to use the cached username or/and password from the system we are currently -logged in. This means that the exploiter uses the following combination of credentials to propagate to the victim in the order written: +The PowerShell Remoting Client has ability to use the cached username or/and +password from the system we are currently logged in. This means that the +exploiter uses the following combination of credentials to propagate to the +victim in the order written: -1. Cached username and password; meaning that the client we use is going to take the stored credentials -from the system we are using to connect. In order for the user to connect without entering username and password -the victim must have enabled basic authentication, http and no encryption on the victim machine. +1. Cached username and password; meaning that the client we use is going to + take the stored credentials from the system we are using to connect. In + order for the user to connect without entering username and password the + victim must have enabled basic authentication, http and no encryption on the + victim machine. 2. Cached password; brute-force with different usernames and stored password. @@ -32,5 +41,6 @@ the victim must have enabled basic authentication, http and no encryption on the #### Security considerations -The security concerns, recommendations and best practices when using PowerShell Remoting -can be found [here](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1). +The security concerns, recommendations and best practices when using PowerShell +Remoting can be found +[here](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1).