diff --git a/PowerHuntShares.psm1 b/PowerHuntShares.psm1 index 108a5f0..cf1d750 100644 --- a/PowerHuntShares.psm1 +++ b/PowerHuntShares.psm1 @@ -4,7 +4,7 @@ #-------------------------------------- # Author: Scott Sutherland, 2024 NetSPI # License: 3-clause BSD -# Version: v1.90 +# Version: v1.91 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. function Invoke-HuntSMBShares { @@ -2228,7 +2228,7 @@ function Invoke-HuntSMBShares $ThisFileShareNameList = $ExcessiveSharePrivs | where FileListGroup -eq $FileGroupName | select ShareName -unique -expandproperty sharename | foreach { "$_
"} $ThisFileShareNameListUniqueCount = $ThisFileShareNameList | measure | select count -ExpandProperty count $ThisRow = @" - +
@@ -2245,23 +2245,15 @@ function Invoke-HuntSMBShares -
-
+
$ThisFileList
-
- - - $ComputerBarF - - - $ShareBarF - + $AclBarF -"@ +"@ $ThisRow } @@ -2323,12 +2315,11 @@ function Invoke-HuntSMBShares $MyFdListBr = $MyFdList -replace "`n", "
" $ThisFileDirList = @" - $fdcount - -
-
+ + +
+ $MyFdListBr -
"@ $ThisFileDirList @@ -3313,6 +3304,13 @@ function Invoke-HuntSMBShares If($ShareNameRiskScore -lt .80){ $RiskLevel = "$ShareNameRiskScoreP Medium"} If($ShareNameRiskScore -lt .50){ $RiskLevel = "$ShareNameRiskScoreP Low"} #> + + # ---------------------------------------------------------------------- + # Build UNC Path Lists + # ---------------------------------------------------------------------- + $GetRowUncPathsRaw = $ExcessiveSharePrivs | where ShareName -EQ "$ShareName" | Select SharePath -Unique + $GetRowUncPathsCount = $GetRowUncPathsRaw | measure | select count -ExpandProperty count + $GetRowUncPaths = $GetRowUncPathsRaw | ForEach-Object { $ASDF = $_.SharePath; "$ASDF
" } | Out-String # ---------------------------------------------------------------------- # Build Share Name Summary Page Rows @@ -3320,8 +3318,13 @@ function Invoke-HuntSMBShares # Build Rows $ThisRow = @" - - $ShareCount + + +
+ $GetRowUncPaths +
-
+
Risk Summary
@@ -3407,10 +3410,10 @@ function Invoke-HuntSMBShares - + @@ -3510,10 +3513,10 @@ function Invoke-HuntSMBShares

Experimental Metrics
-
+
- + @@ -3427,68 +3430,68 @@ function Invoke-HuntSMBShares File Name Metrics
Final Weighted Score: : $FinalSimilarityScorePFinal Score: : $FinalSimilarityScoreP
File Name Coverage: $SimularityFileCoverageScoreP
- + - + - + - + - + - + - + - + - + - +
1 File FG Coverage  10%: $SimularityFileCoverage10FG Coverage  10%: $SimularityFileCoverage10
1 File FG Coverage  20%: $SimularityFileCoverage20FG Coverage  20%: $SimularityFileCoverage20
1 File FG Coverage  30%: $SimularityFileCoverage30FG Coverage  30%: $SimularityFileCoverage30
1 File FG Coverage  40%: $SimularityFileCoverage40FG Coverage  40%: $SimularityFileCoverage40
1 File FG Coverage  51%: $SimularityFileCoverage50FG Coverage  51%: $SimularityFileCoverage50
1 File FG Coverage  60%: $SimularityFileCoverage60FG Coverage  60%: $SimularityFileCoverage60
1 File FG Coverage  70%: $SimularityFileCoverage70FG Coverage  70%: $SimularityFileCoverage70
1 File FG Coverage  80%: $SimularityFileCoverage80FG Coverage  80%: $SimularityFileCoverage80
1 File FG Coverage  90%: $SimularityFileCoverage90FG Coverage  90%: $SimularityFileCoverage90
1 File FG Coverage 100%: $SimularityFileCoverage100FG Coverage 100%: $SimularityFileCoverage100


Folder Group Metrics
- + - + - + - + - + - + - + - + - + - +
1 FG Covers  10% of shares: $SimularityFolderGroupCoverage101 FG  10%/shares: $SimularityFolderGroupCoverage10
1 FG Covers  20% of shares: $SimularityFolderGroupCoverage201 FG  20%/shares: $SimularityFolderGroupCoverage20
1 FG Covers  30% of shares: $SimularityFolderGroupCoverage301 FG  30%/shares: $SimularityFolderGroupCoverage30
1 FG Covers  40% of shares: $SimularityFolderGroupCoverage401 FG  40%/shares: $SimularityFolderGroupCoverage40
1 FG Covers  51% of shares: $SimularityFolderGroupCoverage501 FG  51%/shares: $SimularityFolderGroupCoverage50
1 FG Covers  60% of shares: $SimularityFolderGroupCoverage601 FG  60%/shares: $SimularityFolderGroupCoverage60
1 FG Covers  70% of shares: $SimularityFolderGroupCoverage701 FG  70%/shares: $SimularityFolderGroupCoverage70
1 FG Covers  80% of shares: $SimularityFolderGroupCoverage801 FG  80%/shares: $SimularityFolderGroupCoverage80
1 FG Covers  90% of shares: $SimularityFolderGroupCoverage901 FG  90%/shares: $SimularityFolderGroupCoverage90
1 FG Covers 100% of shares: $SimularityFolderGroupCoverage1001 FG 100%/shares: $SimularityFolderGroupCoverage100
@@ -3498,7 +3501,7 @@ function Invoke-HuntSMBShares
Same Share Name: 1
Folder Group/Owner Ratio Average: $SimularitySharePropFGOwnerAvgTfolder Group/Owner Ratio Average: $SimularitySharePropFGOwnerAvgT
Creation Date/Share Ratio: $SimularitySharePropCreateDateRatioT
- + - + @@ -3523,51 +3526,41 @@ function Invoke-HuntSMBShares + -"@ +"@ $ThisRow } @@ -3716,8 +3709,10 @@ $NewHtmlReport = @" .content { max-height: 0; + --max-width: 0; overflow: hidden; transition: max-height 0.2s ease-out; + transition: max-width 0.2s ease-out; } .tabs{ @@ -4304,7 +4299,7 @@ $NewHtmlReport = @" margin-top: 5px; margin-right: 5px; margin-bottom: 5px; - width: 90% + --width: 90% } .tablecolinfo { @@ -4844,7 +4839,7 @@ input[type="checkbox"]:checked::before { - + @@ -4879,19 +4874,17 @@ input[type="checkbox"]:checked::before {
- -
- -
+ Interesting File Names Found +


- + $InterestingFilesAllFilesCount
($InterestingFilesAllFilesCountU unique file names)
-
+ @@ -4899,19 +4892,15 @@ input[type="checkbox"]:checked::before {
- + File Name Category Distribution
-
-
@@ -5155,42 +5144,34 @@ input[type="checkbox"]:checked::before {

Exposure Summary

Below is a summary of number of share ACLs by risk level and a summary of file name counts that may contain passwords, sensitive data, or result in remote code execution. Click the titles for more detail.

-
- +
+
- + Share ACL Count by Risk Level
-
-
- +
- + Exposed File Count by Category
-
-
@@ -5697,7 +5678,8 @@ This section contains a list of the most common SMB share names. In some cases, -
Loading...
+
Loading...
+

Share/Owner Ratio: $SimularityCalcShareOwnerShare Owner Ratio: $SimularityCalcShareOwner
Folder Group/Name Ratio: $SimularityCalcShareFgFile Group/Name Ratio: $SimularityCalcShareFg
All Descriptions Match: $SimularityCalcShareDesc - -
-
+ +
$ShareFolderGroupList -
-
-
- +
+
$SimularityFileCommonListTop
-
-
-
- +
-
-
- +
+
$ShareRowInterestingFileListSecrets
-
+
-
-
- +
+
$ShareRowInterestingFileListData
-
-
-
@@ -5828,16 +5810,14 @@ Folder groups are SMB shares that contain the exact same file listing. Each file
Loading...

-
+
- + - - - + @@ -6411,10 +6391,18 @@ for (i = 0; i < coll.length; i++) { this.classList.toggle("active"); var content = this.nextElementSibling; if (content.style.maxHeight){ + content.style.maxHeight = null; + + // Adjust width + content.style.width = 0; + } else { content.style.Height = content.scrollHeight + "px"; content.style.maxHeight = "100%"; + + // Adjust width + content.style.width = "auto"; } }); } @@ -6422,9 +6410,10 @@ for (i = 0; i < coll.length; i++) { function toggleDiv(TargetObjectId) { var content = document.getElementById(TargetObjectId); if (content.style.display === "none") { - content.style.display = "block"; + content.style.display = "block"; } else { - content.style.display = "none"; + content.style.display = "none"; + content.style.width = 0; } } @@ -6504,7 +6493,7 @@ const chartOptions = { }, plotOptions: { bar: { - borderRadius: 4, + borderRadius: 0, horizontal: false, colors: { ranges: [{ @@ -6768,24 +6757,38 @@ applyFiltersAndSort('InterestingFileTable', 'filterInputIF', 'filterCounterIF', // CSV export function function extractAndDownloadCSV(tableId, columnIndex) { - const regex = /\\\\[^\s\\]+\\[^\s\\]+\\[^\s\\]+/g; // UNC path regex + // Regex to match \\server\share, \\server\share folder, and \\server\share\file.ext formats, allowing spaces + const regex = /\\\\[^\\\s]+\\[^\\]+(?:\\[^\\]*)*/g; const uncPaths = []; - // Loop through each filtered row - currentFilteredRows.forEach(row => { + // Get the table element by ID + const table = document.getElementById(tableId); + + // Determine rows to process: filtered rows or all rows if no filter is applied + const rowsToProcess = currentFilteredRows.length > 0 ? currentFilteredRows : Array.from(table.rows); + + // Loop through each row to process + rowsToProcess.forEach(row => { const cells = row.getElementsByTagName('td'); if (cells[columnIndex]) { - const cellValue = cells[columnIndex].innerText; - const matches = cellValue.match(regex); - if (matches) { - uncPaths.push(...matches); + // Get the div with class 'content' inside the cell + const contentDiv = cells[columnIndex].querySelector('.content'); + if (contentDiv) { + const cellValue = contentDiv.innerText; + const matches = cellValue.match(regex); + if (matches) { + uncPaths.push(...matches); + } } } }); + // Remove empty or whitespace-only entries + const cleanUncPaths = uncPaths.map(path => path.trim()).filter(path => path.length > 0); + // Generate CSV content let csvContent = 'data:text/csv;charset=utf-8,'; - csvContent += uncPaths.join('\n'); + csvContent += cleanUncPaths.join('\n'); // Create a link to download the CSV file const encodedUri = encodeURI(csvContent);
Unique Share Name CountUnique Share Names Affected Share Count File Group File CountAffected ComputersAffected SharesAffected ACLsAffected ACLs