Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-11-03 21:14:52 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PowerHuntShares.psm1

Browse Source 
Added recovered secrets html page.
This commit is contained in:
Scott Sutherland
2024-09-26 14:16:56 -05:00
committed by GitHub
parent 447b2b30be
commit 90734023aa
1 changed files with 135 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
PowerHuntShares.psm1
View File

@@ -4,7 +4,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.129 # Version: v1.130
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares function Invoke-HuntSMBShares
{ {
@@ -1548,7 +1548,7 @@ function Invoke-HuntSMBShares
$FileNamePatternsAll.Rows.Add("SAM","","None.","Secret","Get-PrivateKeyFilePath") | Out-Null $FileNamePatternsAll.Rows.Add("SAM","","None.","Secret","Get-PrivateKeyFilePath") | Out-Null
$FileNamePatternsAll.Rows.Add("SAM-*","","None.","Secret","Get-PrivateKeyFilePath") | Out-Null $FileNamePatternsAll.Rows.Add("SAM-*","","None.","Secret","Get-PrivateKeyFilePath") | Out-Null
$FileNamePatternsAll.Rows.Add("SAM_*","","None.","Secret","Get-PrivateKeyFilePath") | Out-Null $FileNamePatternsAll.Rows.Add("SAM_*","","None.","Secret","Get-PrivateKeyFilePath") | Out-Null
$FileNamePatternsAll.Rows.Add("SYSTEM","","None.","Secret","Get-PrivateKeyFilePath") | Out-Null $FileNamePatternsAll.Rows.Add("SYSTEM","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("server.xml*","","None.","Secret","Get-PwServerXml") | Out-Null $FileNamePatternsAll.Rows.Add("server.xml*","","None.","Secret","Get-PwServerXml") | Out-Null
$FileNamePatternsAll.Rows.Add("shadow*","","None.","Secret","Get-PwShadow") | Out-Null $FileNamePatternsAll.Rows.Add("shadow*","","None.","Secret","Get-PwShadow") | Out-Null
$FileNamePatternsAll.Rows.Add("standalone.xml*","","None.","Secret","Get-PwStandalone") | Out-Null $FileNamePatternsAll.Rows.Add("standalone.xml*","","None.","Secret","Get-PwStandalone") | Out-Null
@@ -1852,7 +1852,7 @@ function Invoke-HuntSMBShares
#> #>
# Download the Files # Download the Files
$MySecretsTbl = $MySecrets | $MySecretsTbl = $MySecrets | where ComputerName -notlike "" |
Foreach { Foreach {
# "ComputerName","ShareName","SharePath","UncPath","FileName","Category" # "ComputerName","ShareName","SharePath","UncPath","FileName","Category"
@@ -1874,7 +1874,7 @@ function Invoke-HuntSMBShares
if($MySecretsFile -like "$MySecretKeywordCheck"){ if($MySecretsFile -like "$MySecretKeywordCheck"){
# Call function to prase file # Call function to prase file
# write-output "Parsing $MySecretsFile with $MySecretKeywordFunction" write-verbose "Parsing $MySecretsFile with $MySecretKeywordFunction"
$FunctionToCall = Get-Command $MySecretKeywordFunction $FunctionToCall = Get-Command $MySecretKeywordFunction
& $FunctionToCall -ComputerName $MySecretsComputer -ShareName $MySecretsShare -FileName $MySecretsFile -UncFilePath $MySecretsFilePath -FilePath $MySecretsFileLocalPath & $FunctionToCall -ComputerName $MySecretsComputer -ShareName $MySecretsShare -FileName $MySecretsFile -UncFilePath $MySecretsFilePath -FilePath $MySecretsFileLocalPath
} }
@@ -1886,9 +1886,61 @@ function Invoke-HuntSMBShares
$MySecretsTbl | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Shares-Recovered-Passwords.csv" $MySecretsTbl | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Shares-Recovered-Passwords.csv"
# Generate counts for dashabord summary and for "Recovered Secrets" Page # Generate counts for dashabord summary and for "Recovered Secrets" Page
$SecretsRecoveredCount = $MySecretsTbl | Select-Object ComputerName, ShareName, UncFilePath, FileName, Section, ObjectName, TargetURL, TargetServer, TargetPort, Database, Domain, Username, Password, PasswordEnc, KeyFilePath -Unique | measure | select count -ExpandProperty count
# Generate table content for "Recovered Secrets" Page # Generate table content for "Recovered Secrets" Page
$SecretsRecoveredString = $MySecretsTbl | Select-Object ComputerName, ShareName, UncFilePath, FileName, Section, ObjectName, TargetURL, TargetServer, TargetPort, Database, Domain, Username, Password, PasswordEnc, KeyFilePath -Unique | where ComputerName -NotLike "" |
Foreach {
# Retrieve values for each column using the $_.<ColumnName> format
$MySecretsTblComputerName = $_.ComputerName
$MySecretsTblShareName = $_.ShareName
$MySecretsTblUncFilePath = $_.UncFilePath
$MySecretsTblFileName = $_.FileName
$MySecretsTblSection = $_.Section
$MySecretsTblObjectName = $_.ObjectName
$MySecretsTblTargetURL = $_.TargetURL
$MySecretsTblTargetServer = $_.TargetServer
$MySecretsTblTargetPort = $_.TargetPort
$MySecretsTblDatabase = $_.Database
$MySecretsTblDomain = $_.Domain
$MySecretsTblUsername = $_.Username
$MySecretsTblPassword = $_.Password
$MySecretsTblPasswordEnc = $_.PasswordEnc
$MySecretsTblKeyFilePath = $_.KeyFilePath
# Generate the HTML table row
$MySecretsTbl = @"
<tr>
<td>$MySecretsTblComputerName</td>
<td>$MySecretsTblShareName</td>
<td>$MySecretsTblFileName</td>
<td >$MySecretsTblUncFilePath</td>
<td>$MySecretsTblUsername</td>
<td>$MySecretsTblPassword</td>
<td>$MySecretsTblPasswordEnc</td>
<td>$MySecretsTblKeyFilePath</td>
<td style = "font-size: 10px;">
<button class="collapsible">Details</button>
<div class="content" style="font-size:11px;width:100px;">
Section: $MySecretsTblSection <Br>
Object Name: $MySecretsTblObjectName <Br>
Target URL: $MySecretsTblTargetURL <Br>
Target Server: $MySecretsTblTargetServer <Br>
Target Port: $MySecretsTblTargetPort <Br>
Database: $MySecretsTblDatabase <Br>
Domain: $MySecretsTblDomain <Br>
</div>
</td>
</tr>
"@
# Output or append the generated HTML table row
$MySecretsTbl
}
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Calculate risk score per acl - ace insights # Calculate risk score per acl - ace insights
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
@@ -4292,6 +4344,19 @@ $NewHtmlReport = @"
<script src="https://cdn.jsdelivr.net/npm/apexsankey"></script> <script src="https://cdn.jsdelivr.net/npm/apexsankey"></script>
<title>Report</title> <title>Report</title>
<style> <style>
#recoveredsecretstable th, #recoveredsecretstable td {
max-width: 100px;
overflow-wrap: break-word;
white-space: normal;
}
#aceTable th, #aceTable td {
max-width: 100px;
overflow-wrap: break-word;
white-space: normal;
}
.modern-input { .modern-input {
width: 150px; width: 150px;
padding: 8px 12px; padding: 8px 12px;
@@ -5750,6 +5815,7 @@ input[type="checkbox"]:checked::before {
<label id="btnidentities" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('IdentityInsights');radiobtn.checked = true;updateLabelColors('tabs', 'btnidentities');">Identities</label> <label id="btnidentities" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('IdentityInsights');radiobtn.checked = true;updateLabelColors('tabs', 'btnidentities');">Identities</label>
<label id="noactionmenubar2" href="#" class="stuff" style="background-color: transparent;border-bottom: 0.25px dashed gray; opacity: 0.25; width:85%; margin-bottom: 6px; margin-top:-1px;border-radius: 0px;outline: none;"></label> <label id="noactionmenubar2" href="#" class="stuff" style="background-color: transparent;border-bottom: 0.25px dashed gray; opacity: 0.25; width:85%; margin-bottom: 6px; margin-top:-1px;border-radius: 0px;outline: none;"></label>
<label id="btnif" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('InterestingFiles');radiobtn.checked = true;applyFiltersAndSort('InterestingFileTable', 'filterInputIF', 'filterCounterIF', 'paginationIF');updateLabelColors('tabs', 'btnif');">Interesting Files</label> <label id="btnif" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('InterestingFiles');radiobtn.checked = true;applyFiltersAndSort('InterestingFileTable', 'filterInputIF', 'filterCounterIF', 'paginationIF');updateLabelColors('tabs', 'btnif');">Interesting Files</label>
<label id="btnSecretsPage" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('SecretsPage');radiobtn.checked = true;updateLabelColors('tabs', 'btnSecretsPage');">Recovered Secrets</label>
<label id="btnShareGraph" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('ShareGraph');radiobtn.checked = true;updateLabelColors('tabs', 'btnShareGraph');">ShareGraph</label> <label id="btnShareGraph" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('ShareGraph');radiobtn.checked = true;updateLabelColors('tabs', 'btnShareGraph');">ShareGraph</label>
<label id="noactionmenuheader3"class="tabLabel" style="background-color: transparent;width:100%;color:#F56A00;padding-top:5px;padding-bottom:5px;margin-top:1px;margin-bottom:2px;font-weight:bolder;"><strong>Recommendations</strong></label> <label id="noactionmenuheader3"class="tabLabel" style="background-color: transparent;width:100%;color:#F56A00;padding-top:5px;padding-bottom:5px;margin-top:1px;margin-bottom:2px;font-weight:bolder;"><strong>Recommendations</strong></label>
<label id="btnexploit" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('Attacks');radiobtn.checked = true;updateLabelColors('tabs', 'btnexploit');">Exploiting Access</label> <label id="btnexploit" href="#" class="stuff" style="width:100%;" onClick="radiobtn = document.getElementById('Attacks');radiobtn.checked = true;updateLabelColors('tabs', 'btnexploit');">Exploiting Access</label>
@@ -6935,6 +7001,61 @@ Folder groups are SMB shares that contain the exact same file listing. Each fold
<div id="paginationfg" style="margin:10px;"></div> <div id="paginationfg" style="margin:10px;"></div>
</div> </div>
<!--
|||||||||| PAGE: Secrets
-->
<input class="tabInput" name="tabs" type="radio" id="SecretsPage"/>
<label class="tabLabel" onClick="updateTab('SecretsPage',false)" for="SecretsPage"></label>
<div id="tabPanel" class="tabPanel">
<h2 style="margin-top: 6px;margin-left:10px;margin-bottom: 17px;">Recovered Secrets</h2>
<div style="border-bottom: 1px solid #DEDFE1 ;margin-left:-200px;background-color:#f0f3f5; height:5px; width:120%; margin-bottom:10px;"></div>
<div style="margin-left:10px;margin-top:3px;width:95%;">
This page includes a list of the credentials that were recovered during data collection.
</div>
<div class="card" style="width: 20%">
<div class="cardtitle" style="color:gray;font-size: 16px; font-weight: bold;">
Credentials Recovered
</div>
<br><br>
<span class="percentagetext" style = "color:#f08c41;">
$SecretsRecoveredCount &nbsp;
</span>
<Br>
</div>
<div class="searchbar" style="margin-top:10px; text-align:left; display: flex;" >
<input type="text" id="secretsInputTwo" placeholder=" Search..." style="margin-top: 8px; height: 25px; font-size: 14px; padding-left:3px;margin-left: 10px;border-radius: 3px;border: 1px solid #BDBDBD;outline: none;color:#07142A;">
<div style="font-size:12;text-align: left;cursor: pointer;color:gray; margin-top: 13px; margin-left: 5px;" onmouseover="this.style.color='white';" onmouseout="this.style.textDecoration='';this.style.fontWeight='normal';this.style.color='gray';" onclick="document.getElementById('secretsInputTwo').value = '';applyFiltersAndSort('recoveredsecretstable', 'secretsInputTwo', 'secretsCounterTwo', 'paginationsecrets');">Clear</div>
<br><br>
</div>
<div style="display: flex; margin-left:10px; font-size:11; text-align:left;" >
<div id="secretsCounterTwo" style="margin-top:5px;">Loading...</div>
<a style="font-size:11; margin-top: 5px; margin-left: 5px;" href="#" onclick="extractAndDownloadCSV('recoveredsecretstable', 1)">Export</a>
</div>
<table class="table table-striped table-hover tabledrop" id="recoveredsecretstable" style="width:95%;">
<thead>
<tr>
<th onclick="sortTable('recoveredsecretstable',0,'alpha')" align="left" style="cursor: pointer;">ComputerName</th>
<th onclick="sortTable('recoveredsecretstable',1,'alpha')" align="left" style="cursor: pointer;">ShareName</th>
<th onclick="sortTable('recoveredsecretstable',2,'alpha')" align="left" style="cursor: pointer;">FileName</th>
<th onclick="sortTable('recoveredsecretstable',3,'alpha')" align="left" style="cursor: pointer; width:50px;">FilePath</th>
<th onclick="sortTable('recoveredsecretstable',4,'alpha')" align="left" style="cursor: pointer; ">Username</th>
<th onclick="sortTable('recoveredsecretstable',5,'alpha')" align="left" style="cursor: pointer;">Password</th>
<th onclick="sortTable('recoveredsecretstable',6,'alpha')" align="left" style="cursor: pointer;">PasswordEnc</th>
<th onclick="sortTable('recoveredsecretstable',7,'alpha')" align="left" style="cursor: pointer; width:50px;">KeyfilePath</th>
<th onclick="sortTable('recoveredsecretstable',8,'alpha')" align="left" style="cursor: pointer;">Details</th>
</tr>
</thead>
<tbody>
$SecretsRecoveredString
</tbody>
</table>
<div id="paginationsecrets" style="margin:10px;"></div>
</div>
<!-- <!--
|||||||||| PAGE: ShareGraph |||||||||| PAGE: ShareGraph
--> -->
@@ -11171,6 +11292,10 @@ applyFiltersAndSort('sharenametable', 'filterInput', 'filterCounter', 'paginatio
document.getElementById('filterInputTwo').addEventListener("keyup", () => applyFiltersAndSort('foldergrouptable', 'filterInputTwo', 'filterCounterTwo', 'paginationfg')); document.getElementById('filterInputTwo').addEventListener("keyup", () => applyFiltersAndSort('foldergrouptable', 'filterInputTwo', 'filterCounterTwo', 'paginationfg'));
applyFiltersAndSort('foldergrouptable', 'filterInputTwo', 'filterCounterTwo', 'paginationfg'); applyFiltersAndSort('foldergrouptable', 'filterInputTwo', 'filterCounterTwo', 'paginationfg');
// Initialize secrets name table
document.getElementById('secretsInputTwo').addEventListener("keyup", () => applyFiltersAndSort('recoveredsecretstable', 'secretsInputTwo', 'secretsCounterTwo', 'paginationsecrets'));
applyFiltersAndSort('recoveredsecretstable', 'secretsInputTwo', 'secretsCounterTwo', 'paginationsecrets');
// Initialize interesting files table // Initialize interesting files table
document.getElementById('filterInputIF').addEventListener("keyup", () => applyFiltersAndSort('InterestingFileTable', 'filterInputIF', 'filterCounterIF', 'paginationIF')); document.getElementById('filterInputIF').addEventListener("keyup", () => applyFiltersAndSort('InterestingFileTable', 'filterInputIF', 'filterCounterIF', 'paginationIF'));
applyFiltersAndSort('InterestingFileTable', 'filterInputIF', 'filterCounterIF', 'paginationIF'); applyFiltersAndSort('InterestingFileTable', 'filterInputIF', 'filterCounterIF', 'paginationIF');
@@ -24309,7 +24434,7 @@ function Get-PwMySQLConfig {
} }
return $credentials return $credentials
} else { } else {
Write-Warning "Username or password not found in the file." # Write-Warning "Username or password not found in the file."
return $null return $null
} }
} }
@@ -25849,5 +25974,3 @@ function Get-PrivateKeyFilePath {
return $result return $result
} }