From 265aef3dcab5b6b2a561a9fc0e05be4c58dfa968 Mon Sep 17 00:00:00 2001 From: Scott Sutherland Date: Thu, 8 Aug 2024 10:01:50 -0500 Subject: [PATCH] Update PowerHuntShares.psm1 Updated aces page. --- PowerHuntShares.psm1 | 133 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 109 insertions(+), 24 deletions(-) diff --git a/PowerHuntShares.psm1 b/PowerHuntShares.psm1 index d7ad9a5..ce6fea6 100644 --- a/PowerHuntShares.psm1 +++ b/PowerHuntShares.psm1 @@ -4,7 +4,7 @@ #-------------------------------------- # Author: Scott Sutherland, 2024 NetSPI # License: 3-clause BSD -# Version: v1.102 +# Version: v1.103 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. function Invoke-HuntSMBShares { @@ -1789,7 +1789,7 @@ function Invoke-HuntSMBShares } # ---------------------------------------------------------------------- - # Calculate risk score per acl + # Calculate risk score per acl - ace insights # ---------------------------------------------------------------------- # add interesting file flags # add risk score @@ -2057,14 +2057,18 @@ function Invoke-HuntSMBShares # Files $AceRowFilecount = $_.FileCount - $AceRowFileList = $_.FileList + $AceRowFileList = $_.FileList -split "`r`n" | ForEach-Object { $ASDF = $_; "$ASDF
" } | Out-String $AceRow = @" - $AceRowRiskScore $AceRowRiskLevel + $AceRowRiskScore $AceRowRiskLevel $AceRowComputer - $AceRowShareName - $AceRowSharePath + + $AceRowShareName +
+ $AceRowSharePath +
+ $AceRowACE $AceRowIdentity $AceRowShareOwner @@ -2080,7 +2084,36 @@ function Invoke-HuntSMBShares "@ # Return row $AceRow - } + } + + # + # Build ACE summary + # + + # Get unique filesystemright Names + $UniqueFileSystemRights = (($ExcessiveSharePrivsFinal | Select FileSystemRights -Unique -ExpandProperty FileSystemRights | Sort) -split("/")) -split(",") | select -Unique | sort + + # Create structure for chart categories + $UniqueFileSystemRightsNames = "" + $UniqueFileSystemRightsCategories = "'" + ($UniqueFileSystemRights -join("','") ) + "'" + + # Get count for each system right + $UniqueFileSystemRightsCounts = $UniqueFileSystemRights | + foreach { + + # Set target right + $TargetFileSystemRight = $_ + + # Get count for filesystemright + $TargetFileSystemRightCount = $ExcessiveSharePrivsFinal | where FileSystemRights -like "*$TargetFileSystemRight*" | measure | select count -ExpandProperty count + + # Append to end of string + $TargetFileSystemRightCount + " " + } + + # Create structure for chart series data + $UniqueFileSystemRightsSeries = "[" + ($UniqueFileSystemRightsCounts -replace(" ",",")) + "]" + $UniqueFileSystemRightsSeries = $UniqueFileSystemRightsSeries -replace(" ",",") # ---------------------------------------------------------------------- # Create Computer Insight Summary Information @@ -5401,21 +5434,19 @@ $ComputerCount computers were found in the $TargetDomain Active Directory domain Below is a list of the ACE (access control entries) configured with excessive privileges found in the $TargetDomain Active Directory domain. -
- +
- Inescure ACEs + Inescure ACEs Found



- +
$ExcessiveSharePrivsCount -
+

- -
+
ACE Count by Risk Level
@@ -5425,10 +5456,23 @@ Below is a list of the ACE (access control entries) configured with excessive pr
-
-
+
+ +
- Exposed File Count by Category + ACE Type Count +
+
+
+
+
+
+
+
+ +
+
+ Interesting File Count
@@ -5453,7 +5497,7 @@ Below is a list of the ACE (access control entries) configured with excessive pr
Loading...
- Export + Export
@@ -5461,13 +5505,12 @@ Below is a list of the ACE (access control entries) configured with excessive pr - - - - + + + - + @@ -6290,7 +6333,7 @@ Folder groups are SMB shares that contain the exact same file listing. Each file - + @@ -6766,6 +6809,48 @@ The left menu can be used to find summary data, the scan summary is in the table } +// -------------------------- +// ACE Page: Type chart +// -------------------------- + +// Initialize ApexCharts +const ChartAceTypeOptions = { + series: [{ + data: $UniqueFileSystemRightsSeries + }], + chart: { + type: 'bar', + height: 200 + }, + plotOptions: { + bar: { + borderRadius: 0, + borderRadiusApplication: 'end', + horizontal: true, + colors: { + backgroundBarColors: ['#e0e0e0'], + backgroundBarOpacity: 1, + ranges: [{ + from: 0, + to: 1000, + color: '#f08c41' + }] + } + } + }, + dataLabels: { + enabled: false + }, + grid: { + show: false + }, + xaxis: { + categories: [$UniqueFileSystemRightsCategories] + } +}; + +const ChartAceType = new ApexCharts(document.querySelector("#ChartAceType"), ChartAceTypeOptions); +ChartAceType.render(); // -------------------------- // ACE Page: Risk Level chart
Risk Level ComputerShare NameShare PathACEACE IdentityShare NameFileSystemRightIdentity Share Owner Creation DateModified DateLast Modified Files
Share Count File Count Risk LevelFile GroupFolder Group