From 24e339f69748e3f927cf0f31686e882e098f0ff2 Mon Sep 17 00:00:00 2001 From: Scott Sutherland Date: Thu, 8 Aug 2024 10:45:25 -0500 Subject: [PATCH] Update PowerHuntShares.psm1 Interesting files update. --- PowerHuntShares.psm1 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/PowerHuntShares.psm1 b/PowerHuntShares.psm1 index ce6fea6..ab845f1 100644 --- a/PowerHuntShares.psm1 +++ b/PowerHuntShares.psm1 @@ -4,7 +4,7 @@ #-------------------------------------- # Author: Scott Sutherland, 2024 NetSPI # License: 3-clause BSD -# Version: v1.103 +# Version: v1.104 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. function Invoke-HuntSMBShares { @@ -1506,7 +1506,7 @@ function Invoke-HuntSMBShares # Add rows to data table - Files containing passwords $FileNamePatternsAll.Rows.Add("Bootstrap.ini*","Used for Windows Deployment services (WDS) PXE installation and may contain credentials.","None.","Secret","") | Out-Null - $FileNamePatternsAll.Rows.Add(".bcd*","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.bcd","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("context.xml*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("db2cli.ini*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("ftpd.*","","None.","Secret","") | Out-Null @@ -1564,6 +1564,13 @@ function Invoke-HuntSMBShares $FileNamePatternsAll.Rows.Add("*Drives.xml*","Group policy file that may contain passwords.","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("*unattend*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("*sysprep*","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.key","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.private","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.pem","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.p12","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.pfx","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.crt","","None.","Secret","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.ppk","","None.","Secret","") | Out-Null # Add rows to data table - System/VM Images $FileNamePatternsAll.Rows.Add("*.img*","","None.","SystemImage","") | Out-Null @@ -1617,6 +1624,8 @@ function Invoke-HuntSMBShares $FileNamePatternsAll.Rows.Add("*.dll","","None.","Binaries","") | Out-Null $FileNamePatternsAll.Rows.Add("*.exe","","None.","Binaries","") | Out-Null $FileNamePatternsAll.Rows.Add("*.msi","","None.","Binaries","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.jar","","None.","Binaries","") | Out-Null + $FileNamePatternsAll.Rows.Add("*.war","","None.","Binaries","") | Out-Null $FileNamePatternsAll.Rows.Add("*Program Files*","This is an application directory.","None.","Binaries","") | Out-Null # Use keyword from define file instead