Update PowerHuntShares.psm1

Fixed bugs.
2025-05-04 11:24:53 +02:00 · 2024-10-14 16:04:53 -05:00 · 2024-10-14 16:04:53 -05:00 · 4b0b133d43
commit 4b0b133d43
parent 17b11196cb
1 changed files with 10 additions and 5 deletions
--- a/PowerHuntShares.psm1
+++ b/PowerHuntShares.psm1
@ -4,7 +4,7 @@
 #--------------------------------------
 # Author: Scott Sutherland, 2024 NetSPI
 # License: 3-clause BSD
-# Version: v1.175
+# Version: v1.176
 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. 
 function Invoke-HuntSMBShares
 {    
@ -2206,7 +2206,7 @@ function Invoke-HuntSMBShares
            # Check for potential read based RCE conditions
            if(($_.ShareName -like 'c$') -or ($_.ShareName -like 'admin$') -or ($_.ShareName -like "*wwwroot*") -or ($_.ShareName -like "*inetpub*") -or ($_.ShareName -like 'c') -or ($_.ShareName -like 'c_share'))
            {
-                $ShareRowHasHighRisk = 1
+                $ShareRowHasHighRisk = 1 
            }else{
                $ShareRowHasHighRisk = 0
            }
@ -2279,12 +2279,12 @@ function Invoke-HuntSMBShares
            
            # Set wieghts
            $RiskWeightRCE             = 2
-            $RiskWeightHR              = 9 # Potential RCE - no write access
+            $RiskWeightHR              = 16 # Known high risk Potential RCE - no write access - consider reverting to 9.
            $RiskWeightData            = 8
            $RiskWeightDataVolume      = 1
            $RiskWeightSecrets         = 2
            $RiskWeightSecretsVolume   = 1
-            $RiskWeightWrite           = 4
+            $RiskWeightWrite           = 5 # consider reverting to 4
            $RiskWeightRead            = 3    
            $RiskWeightEmpty           = -1
            $RiskWeightStale           = -1
@ -2292,7 +2292,7 @@ function Invoke-HuntSMBShares
            # Calculate Risk Score
            $ShareNameRiskValue = 0
            if($ShareRowHasRCE                          -eq  1){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightRCE           } # RCE
-            if($ShareRowHasHighRisk                     -eq  1){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightHR            } # Potential RCE
+            if($ShareRowHasHighRisk                     -eq  1){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightHR            } # Known high risk
            if($ShareRowCountInterestingData            -eq  1){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightData          } # Potential Sensitive Data 
            if($MySensitiveCount                        -gt 10){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightDataVolume    } # Potential Sensitive Data Volume            
            if($ShareRowCountInterestingSecrets         -eq  1){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightSecrets       } # Potential Password Access 
@ -2302,6 +2302,11 @@ function Invoke-HuntSMBShares
            if($ShareRowHasEmpty                        -eq  1){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightEmpty         } # Empty Folders
            if($ShareRowHasStale                        -eq  1){ $ShareNameRiskValue =  $ShareNameRiskValue + $RiskWeightStale         } # Stake Folders           

+            # Adjust for sub 0 if (shouldnt happen)
+            if($ShareNameRiskValue -lt 0){
+                $ShareNameRiskValue = 1
+            }
+
            # Check risk level - Highest wins
            If($ShareNameRiskValue  -le 4                                    ) { $RiskLevel = "Low"}  
            If($ShareNameRiskValue  -gt 4  -and $ShareNameRiskValue -lt 11   ) { $RiskLevel = "Medium"}