Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-04 19:28:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PowerHuntShares.psm1

Browse Source 
- Updated console output to "most common" vs "5 most common"
- Updated Get-ADObject to Get-ADObjectMod to avoid tool conflicts.
This commit is contained in:
Scott Sutherland 2024-10-29 13:05:04 -05:00 committed by GitHub
parent 99cfd75256
commit 3da09fe1bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
PowerHuntShares.psm1
View File

@ -4,7 +4,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.184 # Version: v1.185
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares function Invoke-HuntSMBShares
{ {
@ -3532,7 +3532,7 @@ function Invoke-HuntSMBShares
Write-Output " [*][$Time] - $AclWithWriteCount ($PercentAclWriteP) ACLs were found that allowed WRITE access." Write-Output " [*][$Time] - $AclWithWriteCount ($PercentAclWriteP) ACLs were found that allowed WRITE access."
Write-Output " [*][$Time] - $AclHighRiskCount ($PercentAclHighRiskP) ACLs were found that are associated with HIGH RISK share names." Write-Output " [*][$Time] - $AclHighRiskCount ($PercentAclHighRiskP) ACLs were found that are associated with HIGH RISK share names."
Write-Output " [*][$Time] " Write-Output " [*][$Time] "
Write-Output " [*][$Time] - The 5 most common share names are:" Write-Output " [*][$Time] - The most common share names are:"
Write-Output " [*][$Time] - $Top5ShareCountTotal of $AllAccessibleSharesCount ($DupPercent) discovered shares are associated with the top $SampleSum share names." Write-Output " [*][$Time] - $Top5ShareCountTotal of $AllAccessibleSharesCount ($DupPercent) discovered shares are associated with the top $SampleSum share names."
$CommonShareNamesTop5 | $CommonShareNamesTop5 |
foreach { foreach {
@ -16299,7 +16299,7 @@ function Get-PathAcl {
$Names = @() $Names = @()
if ($_.IdentityReference -match '^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+') { if ($_.IdentityReference -match '^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+') {
$Object = Get-ADObject -SID $_.IdentityReference $Object = Get-ADObjectMod -SID $_.IdentityReference
$Names = @() $Names = @()
$SIDs = @($Object.objectsid) $SIDs = @($Object.objectsid)
@ -17582,7 +17582,7 @@ function Add-ObjectAcl {
$ResolvedPrincipalSID = $PrincipalSID $ResolvedPrincipalSID = $PrincipalSID
} }
else { else {
$Principal = Get-ADObject -Domain $Domain -DomainController $DomainController -Name $PrincipalName -SamAccountName $PrincipalSamAccountName -PageSize $PageSize $Principal = Get-ADObjectMod -Domain $Domain -DomainController $DomainController -Name $PrincipalName -SamAccountName $PrincipalSamAccountName -PageSize $PageSize
if(!$Principal) { if(!$Principal) {
throw "Error resolving principal" throw "Error resolving principal"
@ -17906,7 +17906,7 @@ function Get-ThisThingComputer {
} }
} }
function Get-ADObject { function Get-ADObjectMod {
[CmdletBinding()] [CmdletBinding()]
Param ( Param (
[Parameter(ValueFromPipeline=$True)] [Parameter(ValueFromPipeline=$True)]
@ -18043,8 +18043,8 @@ function Set-ADObject {
'PageSize' = $PageSize 'PageSize' = $PageSize
'Credential' = $Credential 'Credential' = $Credential
} }
# splat the appropriate arguments to Get-ADObject # splat the appropriate arguments to Get-ADObjectMod
$RawObject = Get-ADObject -ReturnRaw @Arguments $RawObject = Get-ADObjectMod -ReturnRaw @Arguments
try { try {
# get the modifiable object for this search result # get the modifiable object for this search result
@ -18112,8 +18112,8 @@ function Invoke-DowngradeAccount {
'Credential' = $Credential 'Credential' = $Credential
} }
# splat the appropriate arguments to Get-ADObject # splat the appropriate arguments to Get-ADObjectMod
$UACValues = Get-ADObject @Arguments | select useraccountcontrol | ConvertFrom-UACValue $UACValues = Get-ADObjectMod @Arguments | select useraccountcontrol | ConvertFrom-UACValue
if($Repair) { if($Repair) {
@ -18499,7 +18499,7 @@ function Get-ThisThingGroup {
if ($UserName) { if ($UserName) {
# get the raw user object # get the raw user object
$User = Get-ADObject -SamAccountName $UserName -Domain $Domain -DomainController $DomainController -Credential $Credential -ReturnRaw -PageSize $PageSize | Select-Object -First 1 $User = Get-ADObjectMod -SamAccountName $UserName -Domain $Domain -DomainController $DomainController -Credential $Credential -ReturnRaw -PageSize $PageSize | Select-Object -First 1
if($User) { if($User) {
# convert the user to a directory entry # convert the user to a directory entry
@ -18515,7 +18515,7 @@ function Get-ThisThingGroup {
# ignore the built in groups # ignore the built in groups
if($GroupSid -notmatch '^S-1-5-32-.*') { if($GroupSid -notmatch '^S-1-5-32-.*') {
if($FullData) { if($FullData) {
$Group = Get-ADObject -SID $GroupSid -PageSize $PageSize -Domain $Domain -DomainController $DomainController -Credential $Credential $Group = Get-ADObjectMod -SID $GroupSid -PageSize $PageSize -Domain $Domain -DomainController $DomainController -Credential $Credential
$Group.PSObject.TypeNames.Add('PowerView.Group') $Group.PSObject.TypeNames.Add('PowerView.Group')
$Group $Group
} }
@ -19975,7 +19975,7 @@ function Find-GPOLocation {
if($OUComputers -isnot [System.Array]) {$OUComputers = @($OUComputers)} if($OUComputers -isnot [System.Array]) {$OUComputers = @($OUComputers)}
ForEach ($TargetSid in $TargetObjectSIDs) { ForEach ($TargetSid in $TargetObjectSIDs) {
$Object = Get-ADObject -SID $TargetSid -Domain $Domain -DomainController $DomainController -Credential $Credential -PageSize $PageSize $Object = Get-ADObjectMod -SID $TargetSid -Domain $Domain -DomainController $DomainController -Credential $Credential -PageSize $PageSize
$IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype $IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype
@ -20001,7 +20001,7 @@ function Find-GPOLocation {
Get-ThisThingSite -Domain $Domain -DomainController $DomainController -GUID $GPOguid -PageSize $PageSize -FullData | ForEach-Object { Get-ThisThingSite -Domain $Domain -DomainController $DomainController -GUID $GPOguid -PageSize $PageSize -FullData | ForEach-Object {
ForEach ($TargetSid in $TargetObjectSIDs) { ForEach ($TargetSid in $TargetObjectSIDs) {
$Object = Get-ADObject -SID $TargetSid -Domain $Domain -DomainController $DomainController -Credential $Credential -PageSize $PageSize $Object = Get-ADObjectMod -SID $TargetSid -Domain $Domain -DomainController $DomainController -Credential $Credential -PageSize $PageSize
$IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype $IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype
@ -20157,7 +20157,7 @@ function Find-GPOComputerAdmin {
$GPOMembers | ForEach-Object { $GPOMembers | ForEach-Object {
# resolve this SID to a domain object # resolve this SID to a domain object
$Object = Get-ADObject -Domain $Domain -DomainController $DomainController -PageSize $PageSize -SID $_ $Object = Get-ADObjectMod -Domain $Domain -DomainController $DomainController -PageSize $PageSize -SID $_
$IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype $IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype
@ -21990,7 +21990,7 @@ function Find-ManagedSecurityGroups {
Get-ThisThingGroup -FullData -Filter '(managedBy=*)' | Select-Object -Unique distinguishedName,managedBy,cn | ForEach-Object { Get-ThisThingGroup -FullData -Filter '(managedBy=*)' | Select-Object -Unique distinguishedName,managedBy,cn | ForEach-Object {
# Retrieve the object that the managedBy DN refers to # Retrieve the object that the managedBy DN refers to
$group_manager = Get-ADObject -ADSPath $_.managedBy | Select-Object cn,distinguishedname,name,samaccounttype,samaccountname $group_manager = Get-ADObjectMod -ADSPath $_.managedBy | Select-Object cn,distinguishedname,name,samaccounttype,samaccountname
# Create a results object to store our findings # Create a results object to store our findings
$results_object = New-Object -TypeName PSObject -Property @{ $results_object = New-Object -TypeName PSObject -Property @{