Add brute-force exploiters' explanation pages

docs/content/features/exploiters/mssql.md

@@ -0,0 +1,51 @@
+---
+title: "MSSQL Exploiter"
+draft: false
+description: "Exploits MSSQL by taking advantage of insecure configuration"
+tags: ["exploiter", "mssql", "brute force"]
+pre: "<i class='fa fa-database'></i> "
+---
+
+## MSSQL
+
+[MSSQL (Microsoft SQL Server)](
+https://learn.microsoft.com/en-us/sql/sql-server/what-is-sql-server) is a
+relational database management system (RDBMS) developed by Microsoft whose
+functions include managing, storing, retrieving, manipulating, and analyzing
+data efficiently.
+
+[`xp_cmdshell`](
+https://learn.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql)
+is a procedure in MSSQL that allows users to execute Windows shell commands
+from within the SQL Server environment.
+
+## Exploitation
+
+Machines with MSSQL that have `xp_cmdshell` enabled may be accessible to
+attackers if they come across the correct credentials.
+
+Infection Monkey's MSSQL exploiter uses brute-force to propagate to a victim
+by taking advantage of insecure MSSQL configuration. It leverages the
+`xp_cmdshell` feature to execute commands on the server.
+
+![MSSQL Configuration](
+/images/island/configuration-page/mssql-exploiter-configuration.png
+"MSSQL Configuration")
+
+### Credentials used
+
+The MSSQL exploiter will use [user-configured credentials](
+/usage/configuration/credentials) as well as credentials collected from other
+victims for brute-forcing. All possible combinations of usernames and passwords
+are used, prioritizing pairs provided by the user in the configuration.
+
+## Mitigation
+
+1. Disable the `xp_cmdshell` option.
+
+To learn more about how to disable this feature, read [Microsoft's
+documentation](
+https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017).
+
+## See also
+- [MSSQL exploiter reference documentation](/reference/exploiters/mssql)

docs/content/features/exploiters/powershell.md

@@ -0,0 +1,81 @@
+---
+title: "PowerShell Exploiter"
+draft: false
+description: "Exploits PowerShell Remoting"
+tags: ["exploiter", "powershell", "brute force"]
+pre: "<i class='fa fa-terminal'></i> "
+---
+
+## PowerShell Remoting
+
+[PowerShell Remoting](
+https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity)
+is a PowerShell feature that enables connecting to Windows machines remotely in
+order to run arbitrary commands. It is commonly used by administrators to
+manage multiple systems in a network.
+
+## Exploitation
+
+Machines with PowerShell Remoting enabled may be accessible to attackers if
+they come across the correct credentials.
+
+Infection Monkey's PowerShell exploiter uses brute-force to attempt to
+propagate to a victim through PowerShell Remoting.
+
+![PowerShell Configuration](
+/images/island/configuration-page/powershell-exploiter-configuration.png
+"PowerShell Configuration")
+
+### Credentials used
+
+The PowerShell exploiter can be run from both Linux and Windows attackers. On
+Windows attackers, the exploiter has the ability to use the cached username
+and/or password from the current user. On both Linux and Windows attackers, the
+exploiter uses all combinations of the [user-configured usernames and
+passwords](/usage/configuration/credentials), as well as LM or NT hashes that
+have been collected. Different combinations of
+credentials are attempted in the following order:
+
+1. **Cached username and password (Windows attacker only)** - The exploiter
+   will use the stored credentials of the current user to attempt to log into
+   the victim machine.
+
+1. **Brute force usernames with blank passwords** - Windows allows you to
+   configure a user with a blank/empty password. The exploiter will attempt to
+   log into the victim machine using each username set in the
+   [configuration](/usage/configuration/credentials) with a
+   blank password.
+
+   In order for the attacker to connect with a blank password, the victim must
+   have enabled basic authentication, http and no encryption.
+
+1. **Brute force usernames with cached password (Windows attacker only)** - The
+   exploiter will attempt to log into the victim machine using each username
+   set in the [configuration](/usage/configuration/credentials) and the current
+   user's cached password.
+
+1. **Brute force usernames and passwords** - The exploiter will attempt to use
+   all combinations of usernames and passwords that were set in the
+   [configuration.](/usage/configuration/credentials)
+
+1. **Brute force usernames and LM hashes** - The exploiter will attempt to use
+   all combinations of usernames that were set in the
+   [configuration](/usage/configuration/credentials) and LM hashes that were
+   collected from any other victims.
+
+1. **Brute force usernames and NT hashes** - The exploiter will attempt to use
+   all combinations of usernames that were set in the
+   [configuration](/usage/configuration/credentials) and NT hashes that were
+   collected from any other victims.
+
+## Mitigation
+
+1. Restrict PowerShell remote command execution and/or harden the credentials
+of relevant users.
+
+More information about how to remediate security concerns related to PowerShell
+Remoting can be found [here](
+https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity).
+
+## See also
+- [PowerShell exploiter reference documentation](/reference/exploiters/powershell)

docs/content/features/exploiters/rdp.md

@@ -0,0 +1,60 @@
+---
+title: "RDP Exploiter"
+draft: false
+description: "Exploits RDP"
+tags: ["exploiter", "rdp", "brute force"]
+pre: "<i class='fa fa-desktop'></i> "
+---
+
+## RDP
+
+[RDP (Remote Desktop Protocol)](
+https://learn.microsoft.com/en-us/windows/win32/termserv/remote-desktop-protocol)
+is a network communication protocol by Microsoft which enables users to connect
+to another computer over a network, providing a remote display and input
+capabilities to the user. It is commonly used for remote administration, remote
+technical support, and remote work access.
+
+## Exploitation
+
+Machines with RDP enabled may be accessible to attackers if
+they come across the correct credentials.
+
+Infection Monkey's RDP exploiter uses brute-force to attempt to
+propagate to a victim via RDP.
+
+![RDP Configuration](
+/images/island/configuration-page/rdp-exploiter-configuration.png
+"RDP Configuration")
+
+### Credentials used
+
+The RDP exploiter will use [user-configured credentials](
+/usage/configuration/credentials) as well as LM or NT hashes collected from
+other victims. Different combinations of credentials are attempted in the
+following order:
+
+1. **Brute force usernames and passwords** - The exploiter will attempt to use
+   all combinations of usernames and passwords that were set in the
+   [configuration](/usage/configuration/credentials) or collected from other
+   victims.
+
+1. **Brute force usernames and NT hashes** - The exploiter will attempt to use
+   all combinations of usernames and NT Hashes that were set in the
+   [configuration](/usage/configuration/credentials) or collected from other
+   victims.
+
+   This only works on Windows 8.1 and Windows Server 2012 R2. You can read more
+   [here](https://www.kali.org/blog/passing-hash-remote-desktop/).
+
+## Mitigation
+
+1. Change user passwords to complex passwords that are not shared with other
+computers on the network.
+
+For information about remediating RDP-related security risks, see
+[Microsoft's
+guidance](https://www.microsoft.com/en-us/security/blog/2020/04/16/security-guidance-remote-desktop-adoption/)
+
+## See also
+- [RDP exploiter reference documentation](/reference/exploiters/rdp)

docs/content/features/exploiters/smb.md

@@ -0,0 +1,42 @@
+---
+title: "SMB Exploiter"
+draft: false
+description: "Exploits SMB"
+tags: ["exploiter", "smb", "brute force"]
+pre: "<i class='fa fa-folder-open'></i> "
+---
+
+## SMB
+
+[SMB (Server Message Block)](https://en.wikipedia.org/wiki/Server_Message_Block)
+is a network protocol primarily used in Windows for inter-process communication,
+and providing shared access to files, printers, and serial ports between nodes
+on a network.
+
+## Exploitation
+
+Machines with SMB enabled may be accessible to attackers if
+they come across the correct credentials.
+
+Infection Monkey's SMB exploiter uses brute-force to attempt to
+propagate to a victim via SMB.
+
+![SMB Configuration](
+/images/island/configuration-page/smb-exploiter-configuration.png
+"SMB Configuration")
+
+### Credentials used
+
+The SMB exploiter will use [user-configured credentials](
+/usage/configuration/credentials) as well as credentials collected from other
+victims for brute-forcing. All possible combinations of usernames, passwords,
+LM hashes, and NT hashes are used, prioritizing pairs provided by the user in
+the configuration.
+
+## Mitigation
+
+1. Change user passwords to complex passwords that are not shared with other
+computers on the network.
+
+## See also
+- [SMB exploiter reference documentation](/reference/exploiters/smb)

docs/content/features/exploiters/ssh.md

@@ -0,0 +1,43 @@
+---
+title: "SSH Exploiter"
+draft: false
+description: "Exploits SSH"
+tags: ["exploiter", "ssh", "brute force"]
+pre: "<i class='fa fa-terminal'></i> "
+---
+
+## SSH
+
+[SSH (Secure Shell)](https://en.wikipedia.org/wiki/Secure_Shell) is a network
+protocol designed for Unix-like operating systems that provides a secure way to
+access a remote computer over an unsecured network.
+
+## Exploitation
+
+Machines with SSH enabled may be accessible to attackers if
+they come across the correct credentials.
+
+Infection Monkey's SSH exploiter uses brute-force to attempt to
+propagate to a victim via SSH.
+
+![SSH Configuration](
+/images/island/configuration-page/ssh-exploiter-configuration.png
+"SSH Configuration")
+
+### Credentials used
+
+The SSH exploiter will use [user-configured credentials](
+/usage/configuration/credentials) as well as credentials collected from other
+victims for brute-forcing. All possible combinations of usernames, passwords,
+and SSH keypairs are used, prioritizing pairs provided by the user in the
+configuration.
+
+## Mitigation
+
+1. Change user passwords to complex passwords that are not shared with other
+computers on the network.
+
+1. Protect private keys with a pass phrase.
+
+## See also
+- [SSH exploiter reference documentation](/reference/exploiters/ssh)

docs/content/features/exploiters/wmi.md

@@ -0,0 +1,44 @@
+---
+title: "WMI Exploiter"
+draft: false
+description: "Exploits WMI"
+tags: ["exploiter", "wmi", "brute force"]
+pre: "<i class='fa fa-toolbox'></i> "
+---
+
+## WMI
+
+[WMI (Windows Management Instrumentation)](
+https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page) is a set
+of tools and extensions in Windows for managing and querying system information,
+configurations, and operations. Administrators use WMI to manage local and
+remote environments by monitoring system health, automating administrative
+functions, managing network resources, etc.
+
+## Exploitation
+
+Machines with WMI enabled may be accessible to attackers if
+they come across the correct credentials.
+
+Infection Monkey's WMI exploiter uses brute-force to attempt to
+propagate to a victim via WMI.
+
+![WMI Configuration](
+/images/island/configuration-page/wmi-exploiter-configuration.png
+"WMI Configuration")
+
+### Credentials used
+
+The WMI exploiter will use [user-configured credentials](
+/usage/configuration/credentials) as well as credentials collected from other
+victims for brute-forcing. All possible combinations of usernames, passwords,
+LM hashes, and NT hashes are used, prioritizing pairs provided by the user in
+the configuration.
+
+## Mitigation
+
+1. Change user passwords to complex passwords that are not shared with other
+computers on the network.
+
+## See also
+- [WMI exploiter reference documentation](/reference/exploiters/wmi)