-
Notifications
You must be signed in to change notification settings - Fork 780
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add brute-force exploiters' explanation pages #4269
base: develop
Are you sure you want to change the base?
Add brute-force exploiters' explanation pages #4269
Conversation
66bc088
to
6d037d5
Compare
6d037d5
to
77697ea
Compare
Machines with MSSQL that have `xp_cmdshell` enabled may be accessible to | ||
attackers if they come across the correct credentials. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe:
Machines with MSSQL that have `xp_cmdshell` enabled may be accessible to | |
attackers if they come across the correct credentials. | |
Machines with MSSQL that have `xp_cmdshell` enabled may be accessible to | |
attackers if they are able to successfully authenticate with the service. |
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about this?
Machines with MSSQL that have `xp_cmdshell` enabled may be accessible to | |
attackers if they come across the correct credentials. | |
Machines with MSSQL that have `xp_cmdshell` enabled may be accessible to | |
attackers if they find a way to authenticate with the service. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It makes it sound so haphazard. We could just say "if they are able to authenticate with the service."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"if they are able to authenticate with the service" suggests they have the right credentials + xp_cmdshell
was enabled, it feels wrong to say "may be accessible" with that. I'm having trouble thinking of a better sentence.
Machines with MSSQL that have `xp_cmdshell` enabled may be accessible to | ||
attackers if they come across the correct credentials. | ||
|
||
Infection Monkey's MSSQL exploiter uses brute-force to propagate to a victim | ||
by taking advantage of insecure MSSQL configuration. It leverages the | ||
`xp_cmdshell` feature to execute commands on the server. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like these two paragraphs are basically building up to say the same thing. Maybe they can be combined.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer keeping them separate. This is how it is in all the exploiter pages. The first paragraph says something about the service's vulnerability and the second explains how it works in Infection Monkey.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe, but most of them aren't paragraphs, they're standalone sentences.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Combining them in all pages
Machines with PowerShell Remoting enabled may be accessible to attackers if | ||
they come across the correct credentials. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, I'm not sure I like the language, "if they come across the correct credentials." We should maybe come up with something that's a bit more explanatory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Machines with PowerShell Remoting enabled may be accessible to attackers if | ||
they come across the correct credentials. | ||
|
||
Infection Monkey's PowerShell exploiter uses brute-force to attempt to | ||
propagate to a victim through PowerShell Remoting. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, I think these two sentences are closely related enough to be one paragraph.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this PR do?
Fixes parts of #4213
PR Checklist
Testing Checklist