+ This page provides a summary of the share scan results, observations, risks, and prioritized recommendations.
+
+
-
Risk & Data Exposure
+ Risk & Data Exposure
In total, $RiskLevelCountCritical critical, $RiskLevelCountHigh high, $RiskLevelCountMedium medium, and $RiskLevelCountLow low risk ACE (Access Control Entry) configurations were discovered across $ExcessiveSharesCount shares, hosted by $ComputerWithExcessive computers in the $TargetDomain Active Directory domain. The affected shares were found hosting $InterestingFilesAllObjectsSecretCount files that may contain passwords and $InterestingFilesAllObjectsSensitiveCount files that may contain sensitive data. $SecretsRecoveredCount credentials were recovered from $SecretsRecoveredFileCount of the discovered $InterestingFilesAllObjectsSecretCount secrets files. Overall, $InterestingFilesAllFilesCount interesting files were found accessible to all domain users that could potentially lead to unauthorized data access or remote code execution.
+ Affected Assets
$ExcessiveSharePrivsCount ACL entries, on $ExcessiveSharesCount shares, hosted by $ComputerWithExcessive computers were found configured with excessive privileges on the $TargetDomain domain. Overall, $IdentityReferenceListCount identities/groups had excessive privileges assigned to them.
The chart below illustrates the relationship between networks, computers, shares, and the ACEs configured with excessive privileges. Each network contains computers with assigned IP addresses. Each computer may host multiple shares and each share is configured with ACEs that allow remote access. As a result, ACEs represent the individual points of remediation that will need to be addressed to reduce exposure and risk.
- Peer Comparison
+ Peer Comparison
Below is a comaprison between the percent of affected assets in this environment and the average percent of affected assets observed in other environments.
The percentage is calculated based on the total number of assets discovered for each asset type.
Below is a time series chart to help provide a sense of when shares were created and at what point critical and high risk shares were introduced into the environment.
By reading the chart left to right, you can see that shares were created in this environment between $ShareFirstDate and $ShareLastDate. You can zoom into any section of the chart by clicking or using the chart controls in the upper right hand corner of the chart.
@@ -6187,7 +6190,8 @@ input[type="checkbox"]:checked::before {
|||||||||| CARD: Remediation Recommendations
-->
-
Remediation & Prioritization Recommendations
+ Remediation & Prioritization Recommendations
+
Consider remediating share ACEs by risk level, starting with critical and high risks. Consider reviewing the share creation timeline and data details from the other sections for additional context. Next, prioritize remediating groups of shares to speed up the process. Prioritize by folder group (shares containing exactly the same files) or by share names that have a high similarity score.
Prioritizing those groups may help reduce remediation actions by as much as $RemediationSavings percent for this environment. Below is a summary of the potential task reduction for each approach.
@@ -6246,7 +6250,7 @@ $ComputerCount computers were found in the $TargetDomain Active Directory domain
Affected Computers
-
+
$ComputerWithExcessive
@@ -6370,7 +6374,7 @@ $IdentityCombinedListCount identities were discovered across shares in the $Targ
Affected Identities
-
+
$IdentityCombinedListCount
@@ -6384,7 +6388,7 @@ $IdentityCombinedListCount identities were discovered across shares in the $Targ
Identities Assigned Ownership
-
+
$IdentityOwnerListCount
@@ -6398,7 +6402,7 @@ $IdentityCombinedListCount identities were discovered across shares in the $Targ
Identities Assigned Privileges
-
+
$IdentityReferenceListCount
@@ -6471,7 +6475,7 @@ Below is a list of the ACE (access control entries) configured with excessive pr
Affected ACEs
-
+
$ExcessiveSharePrivsCount
@@ -7016,7 +7020,7 @@ $AllSMBSharesCount shares were discovered across $ComputerPingableCount live com
Affected Shares Names
-
+
$ExcessiveSharesCount
@@ -7175,7 +7179,7 @@ Folder groups are SMB shares that contain the exact same file listing. Each fold
Affected Folder Groups
-
+
$FolderGroupChartCount
@@ -7248,7 +7252,7 @@ This page includes a list of the credentials that were recovered during data col
Extracted Secrets Found
-
+
$SecretsRecoveredCount
@@ -7321,7 +7325,7 @@ This page includes a list of the credentials that were recovered during data col
Graph ToolBar
@@ -7550,7 +7554,7 @@ This page includes a list of the credentials that were recovered during data col
// Update button text
button.innerHTML = ``
``;
} else {
// Expand the toolbar back to its original height
@@ -7598,7 +7602,7 @@ This page includes a list of the credentials that were recovered during data col
button.innerHTML = ``
``;
}
}
@@ -9826,13 +9830,13 @@ Guest access to the system should also be revoked and ensure that adequate acces
-
Prioritizing Remediation
+
Remediate
Below are some tips for getting started on prioritizing the remediation of shares configured with excessive privileges.
@@ -9898,7 +9902,6 @@ Below are some tips for getting started on prioritizing the remediation of share
Scan Information
-
The PowerHuntShares audit script was run against the $TargetDomain Active Directory domain to collect SMB Share data, generate this HTML summary report, and generate the associated csv files that detail potentially excessive share configurations. Below is a the scan summary and an overview of how to use this report.
@@ -10050,6 +10053,28 @@ Invoke-HuntSMBShares -Threads 20 -RunSpaceTimeOut 10 -OutputDirectory c:\folder\
// Dashboard Page: Timeline Creation Chart
// --------------------------
+// Define an SVG pattern for stripes
+var pattern = ``
+
+``;
+
+// Append the pattern to the body
+document.body.insertAdjacentHTML('beforeend', pattern);
+
var allData = $DataSeriesShares // ACEs data
function calculateMean(data) {
@@ -10080,19 +10105,19 @@ var TimelineCreationOptions = {
name: 'Shares',
type: 'column',
data: $DataSeriesShares,
- color: '#515a69'
+ color: '#f29650'
},
{
name: 'All High',
type: 'area',
data: $DataSeriesHigh,
- color: '#f08c41'
+ color: 'url(#striped-pattern)' // or #772400 or striped-pattern
},
{
name: 'All Critical',
type: 'area',
data: $DataSeriesCritical,
- color: '#EE092D'
+ color: '#410f7A'
}
],
annotations: {
@@ -10175,8 +10200,9 @@ var TimelineCreationOptions = {
title: {
text: 'Count',
style: {
+ fontSize: '12px',
fontWeight: 'normal',
- color: '#808080' // Set "Percentage" text to gray
+ color: '#71808d' // Set "Percentage" text to gray
}
}
},
@@ -10197,9 +10223,9 @@ var TimelineCreationOptions = {
align: 'center',
margin: 10,
style: {
- fontSize: '18px',
- fontWeight: 'normal',
- color: '#808080'
+ fontSize: '14px',
+ fontWeight: 'bold',
+ color: '#71808d'
}
}
};
@@ -10228,7 +10254,7 @@ TimelineCreationChartVar.render();
{
id: 'Shares ($ExcessiveSharesCount)',
title: 'Shares ($ExcessiveSharesCount)',
- color: '#c2994A',
+ color: '#f29650',
},
{
id: 'ACEs ($ExcessiveSharePrivsCount)',
@@ -10340,7 +10366,7 @@ const ChartAceTypeOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10393,7 +10419,7 @@ const ChartAceRiskOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10448,7 +10474,7 @@ const ChartAcesIFOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10501,7 +10527,7 @@ const ChartComputersDiscoOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10569,7 +10595,7 @@ const ChartComputersOSOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10666,7 +10692,7 @@ const ChartComputersRiskOptionsa = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10721,7 +10747,7 @@ const ChartFGPageIFOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10777,7 +10803,7 @@ const ChartFGRiskOptionsa = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10835,7 +10861,7 @@ const ChartSharePageIFOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10890,7 +10916,7 @@ const ChartShareNameRiskOptionsa = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -10960,7 +10986,7 @@ const ChartDashboardIFOptions = {
enabled: true,
style: {
fontSize: '12px',
- colors: ['#345367', '#c2994a']
+ colors: ['#345367', '#f29650']
},
},
grid: {
@@ -10969,7 +10995,7 @@ const ChartDashboardIFOptions = {
xaxis: {
categories: categories,
},
- colors: ['#c2994a','#345367'], // Orange for discovered, Blue for verified
+ colors: ['#f29650','#345367'], // Orange for discovered, Blue for verified
title: {
text: 'Interesting File Exposure',
align: 'center', // Aligns the title, can be 'left', 'center', or 'right'
@@ -11038,12 +11064,12 @@ const ChartDashboardRiskOptions = {
// barSpacing: 0.0 // Adds space between the groups (risk levels)
}
},
- colors: ['#7D825E', '#c2994a', '#345367'], // Colors for the bars
+ colors: ['#7D825E', '#f29650', '#345367'], // Colors for the bars
dataLabels: {
enabled: true,
style: {
fontSize: '12px',
- colors: ['#345367', '#345367', '#c2994a'] // colors for the lables #FF9965
+ colors: ['#345367', '#345367', '#f29650'] // colors for the lables #FF9965
},
offsetX: 0
},
@@ -11104,12 +11130,12 @@ ChartDashboardRisk.render();
endingShape: 'rounded'
},
},
- colors: ['#345367', '#c2994a'], // Reversed colors for Average and Actual bars
+ colors: ['#345367', '#f29650'], // Reversed colors for Average and Actual bars
dataLabels: {
enabled: true, // Enable data labels
style: {
fontSize: '12px',
- colors: ['#c2994a', '#345367'], // Colors for labels
+ colors: ['#f29650', '#345367'], // Colors for labels
},
formatter: function (val, opts) {
return val; // Display values with percentage sign
@@ -11209,12 +11235,12 @@ ChartDashboardRisk.render();
endingShape: 'rounded'
},
},
- colors: ['#345367', '#c2994a'], // Reversed colors for Average and Actual bars
+ colors: ['#345367', '#f29650'], // Reversed colors for Average and Actual bars
dataLabels: {
enabled: true, // Enable data labels
style: {
fontSize: '12px',
- colors: ['#c2994a', '#345367'], // Colors for labels
+ colors: ['#f29650', '#345367'], // Colors for labels
},
formatter: function (val, opts) {
return val + '%'; // Display values with percentage sign
@@ -11373,7 +11399,7 @@ const chartOptions = {
style: {
// fontSize: '18px',
// fontWeight: 'bold',
- // colors: '#c2994a'
+ // colors: '#f29650'
}
}
},
@@ -11393,7 +11419,7 @@ const chartOptions = {
ranges: [{
from: 0,
to: 1000,
- color: '#c2994a'
+ color: '#f29650'
}]
}
}
@@ -23152,7 +23178,7 @@ function Copy-FileWithStructure {
}
# Step 3: Create "secrets" subdirectory if it doesn't exist
- $secretsDir = Join-Path $OutputDirectory "secrets"
+ $secretsDir = Join-Path $OutputDirectory "Secrets"
if (-Not (Test-Path $secretsDir)) {
$null = New-Item -Path $secretsDir -ItemType Directory -Force
}