forked from p34709852/monkey
agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')
This commit is contained in:
parent
72e0378335
commit
b6c3623e74
|
@ -22,13 +22,13 @@ LOG = logging.getLogger(__name__)
|
||||||
TEMP_MONKEY_BINARY_FILEPATH = "./monkey_temp_bin"
|
TEMP_MONKEY_BINARY_FILEPATH = "./monkey_temp_bin"
|
||||||
|
|
||||||
|
|
||||||
class PowershellExploiter(HostExploiter):
|
class PowerShellExploiter(HostExploiter):
|
||||||
_TARGET_OS_TYPE = ["windows"]
|
_TARGET_OS_TYPE = ["windows"]
|
||||||
EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
|
EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
|
||||||
_EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)"
|
_EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)"
|
||||||
|
|
||||||
def __init__(self, host: VictimHost):
|
def __init__(self, host: VictimHost):
|
||||||
PowershellExploiter._set_sensitive_packages_log_level_to_error()
|
PowerShellExploiter._set_sensitive_packages_log_level_to_error()
|
||||||
|
|
||||||
super().__init__(host)
|
super().__init__(host)
|
||||||
self.client = None
|
self.client = None
|
||||||
|
|
|
@ -26,7 +26,7 @@ BASIC = {
|
||||||
"VSFTPDExploiter",
|
"VSFTPDExploiter",
|
||||||
"MSSQLExploiter",
|
"MSSQLExploiter",
|
||||||
"DrupalExploiter",
|
"DrupalExploiter",
|
||||||
"PowershellExploiter",
|
"PowerShellExploiter",
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -156,10 +156,14 @@ EXPLOITER_CLASSES = {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"enum": ["PowershellExploiter"],
|
"enum": ["PowerShellExploiter"],
|
||||||
"title": "Powershell Exploiter",
|
"title": "PowerShell Remoting Exploiter",
|
||||||
"info": "Exploits powershell remote execution setups.",
|
"info": "Exploits PowerShell remote execution setups. PowerShell Remoting uses Windows "
|
||||||
|
"Remote Management (WinRM) to allow users to run PowerShell commands on remote "
|
||||||
|
"computers.",
|
||||||
"safe": True,
|
"safe": True,
|
||||||
|
"link": "https://www.guardicore.com/infectionmonkey"
|
||||||
|
"/docs/reference/exploiters/" # TODO: Change link once documentation is updated
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,7 +50,7 @@ class ExploiterDescriptorEnum(Enum):
|
||||||
"ZerologonExploiter", "Zerologon Exploiter", ZerologonExploitProcessor
|
"ZerologonExploiter", "Zerologon Exploiter", ZerologonExploitProcessor
|
||||||
)
|
)
|
||||||
POWERSHELL = ExploiterDescriptor(
|
POWERSHELL = ExploiterDescriptor(
|
||||||
"PowershellExploiter", "Powershell remoting exploiter", ExploitProcessor
|
"PowerShellExploiter", "PowerShell Remoting Exploiter", ExploitProcessor
|
||||||
)
|
)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
|
@ -143,7 +143,7 @@ class ReportPageComponent extends AuthComponent {
|
||||||
[this.issueContentTypes.REPORT]: shellShockIssueReport,
|
[this.issueContentTypes.REPORT]: shellShockIssueReport,
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||||
},
|
},
|
||||||
'PowershellExploiter': {
|
'PowerShellExploiter': {
|
||||||
[this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
|
[this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
|
||||||
[this.issueContentTypes.REPORT]: powershellIssueReport,
|
[this.issueContentTypes.REPORT]: powershellIssueReport,
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||||
|
|
|
@ -8,16 +8,16 @@ export function powershellIssueOverview() {
|
||||||
export function powershellIssueReport(issue) {
|
export function powershellIssueReport(issue) {
|
||||||
return (
|
return (
|
||||||
<>
|
<>
|
||||||
Restrict powershell remote command execution and/or
|
Restrict PowerShell remote command execution and/or
|
||||||
harden the credentials of relevant users.
|
harden the credentials of relevant users.
|
||||||
<CollapsibleWellComponent>
|
<CollapsibleWellComponent>
|
||||||
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) was
|
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) was
|
||||||
exploited via <span
|
exploited via <span
|
||||||
className="badge badge-danger">Powershell remoting</span>.
|
className="badge badge-danger">PowerShell Remoting</span>.
|
||||||
<br/>
|
<br/>
|
||||||
The attack was made possible because the target machine had
|
The attack was made possible because the target machine had
|
||||||
Powershell remoting enabled and Monkey
|
PowerShell Remoting enabled and Monkey
|
||||||
had access to correct credentials.
|
had access to correct credentials.
|
||||||
</CollapsibleWellComponent>
|
</CollapsibleWellComponent>
|
||||||
</>
|
</>
|
||||||
|
|
|
@ -87,7 +87,7 @@ _.do_HEAD # unused method (monkey/infection_monkey/transport/http.py:61)
|
||||||
_.do_GET # unused method (monkey/infection_monkey/transport/http.py:38)
|
_.do_GET # unused method (monkey/infection_monkey/transport/http.py:38)
|
||||||
_.do_POST # unused method (monkey/infection_monkey/transport/http.py:34)
|
_.do_POST # unused method (monkey/infection_monkey/transport/http.py:34)
|
||||||
_.do_GET # unused method (monkey/infection_monkey/exploit/weblogic.py:237)
|
_.do_GET # unused method (monkey/infection_monkey/exploit/weblogic.py:237)
|
||||||
PowershellExploiter # (monkey\infection_monkey\exploit\powershell.py:27)
|
PowerShellExploiter # (monkey\infection_monkey\exploit\powershell.py:27)
|
||||||
ElasticFinger # unused class (monkey/infection_monkey/network/elasticfinger.py:18)
|
ElasticFinger # unused class (monkey/infection_monkey/network/elasticfinger.py:18)
|
||||||
HTTPFinger # unused class (monkey/infection_monkey/network/httpfinger.py:9)
|
HTTPFinger # unused class (monkey/infection_monkey/network/httpfinger.py:9)
|
||||||
MySQLFinger # unused class (monkey/infection_monkey/network/mysqlfinger.py:13)
|
MySQLFinger # unused class (monkey/infection_monkey/network/mysqlfinger.py:13)
|
||||||
|
|
Loading…
Reference in New Issue