Update Analyze-HuntSMBShares.ps1

Updated aces page.
2025-05-04 19:28:42 +02:00 · 2024-08-08 10:01:23 -05:00 · 2024-08-08 10:01:23 -05:00 · 995858f49b
commit 995858f49b
parent cd60599a54
1 changed files with 109 additions and 25 deletions
--- a/Scripts/Analyze-HuntSMBShares.ps1
+++ b/Scripts/Analyze-HuntSMBShares.ps1
@ -5,7 +5,7 @@
 #--------------------------------------
 # Author: Scott Sutherland, 2024 NetSPI
 # License: 3-clause BSD
-# Version: v1.68
+# Version: v1.70
 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. 
 function Analyze-HuntSMBShares
 {    
@ -1631,14 +1631,18 @@ function Analyze-HuntSMBShares

            # Files 
            $AceRowFilecount     = $_.FileCount
-            $AceRowFileList      = $_.FileList
+            $AceRowFileList      = $_.FileList -split "`r`n" | ForEach-Object { $ASDF = $_; "$ASDF<br>" } | Out-String 

            $AceRow = @"
                <tr>
-                    <td>$AceRowRiskScore $AceRowRiskLevel</td> <!-- Risk Level  -->
+                    <td style="width: 100px;">$AceRowRiskScore $AceRowRiskLevel</td> <!-- Risk Level  -->
                    <td>$AceRowComputer </td> <!-- Computer    -->
-                    <td>$AceRowShareName</td> <!-- Share Name  -->
-                    <td>$AceRowSharePath</td> <!-- Share Path  -->
+                    <td>
+                        <a href="$AceRowSharePath" style="text-decoration:none;">$AceRowShareName</a>
+                        <div class="content" style="font-size: 10px; width:100px; overflow-wrap: break-word;">
+		                $AceRowSharePath
+		                </div>
+                    </td> <!-- Share Name  -->
                    <td>$AceRowACE      </td> <!-- ACE         -->
                    <td>$AceRowIdentity </td> <!-- Identity    -->
                    <td>$AceRowShareOwner</td> <!-- Share Owner -->
@ -1656,6 +1660,35 @@ function Analyze-HuntSMBShares
            $AceRow             
        }

+        #
+        # Build ACE summary
+        #
+
+        # Get unique filesystemright Names
+        $UniqueFileSystemRights = (($ExcessiveSharePrivsFinal | Select FileSystemRights -Unique -ExpandProperty FileSystemRights | Sort)  -split("/")) -split(",") | select -Unique | sort
+
+        # Create structure for chart categories
+        $UniqueFileSystemRightsNames = ""
+        $UniqueFileSystemRightsCategories = "'" + ($UniqueFileSystemRights -join("','") ) + "'"
+
+        # Get count for each system right
+        $UniqueFileSystemRightsCounts = $UniqueFileSystemRights | 
+        foreach {
+            
+            # Set target right
+            $TargetFileSystemRight = $_
+
+            # Get count for filesystemright
+            $TargetFileSystemRightCount = $ExcessiveSharePrivsFinal | where FileSystemRights -like "*$TargetFileSystemRight*" | measure | select count -ExpandProperty count
+
+            # Append to end of string
+           $TargetFileSystemRightCount + " "
+        }
+
+        # Create structure for chart series data 
+        $UniqueFileSystemRightsSeries = "[" + ($UniqueFileSystemRightsCounts -replace(" ",",")) + "]"
+        $UniqueFileSystemRightsSeries = $UniqueFileSystemRightsSeries -replace(" ",",")
+

        # ----------------------------------------------------------------------
        # Create Computer Insight Summary Information & Table Rows
@ -4970,21 +5003,19 @@ $ComputerCount computers were found in the $TargetDomain Active Directory domain
 Below is a list of the ACE (access control entries) configured with excessive privileges found in the $TargetDomain Active Directory domain. 
 </div>		

-		            <div class="LargeCard" style="width:20%;">	
-						
+		            <div class="LargeCard" style="width:20%;">							
 							<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
-								<strong>Inescure ACEs</strong>
+								<strong>Inescure ACEs Found</strong>
 							</div>												
 							<div class="LargeCardContainer" style="height:215px;text-align:center;">	
                                  <br><br><br>							
-								   <span class="percentagetext" style = "font-size: 50px; color:#f08c41;heigh:100%">                    
+								   <div class="percentagetext" style = "font-size: 50px; color:#f08c41;heigh:100%; margin: 15px;">                         
 									$ExcessiveSharePrivsCount                   
-								   </span><br>								
+								   </div><br>								
 							</div>
                    </div>

-            
-					<div class="LargeCard" style="width:36%;">	
+					<div class="LargeCard" style="width:23%;">	
 							<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
 								<strong>ACE Count by Risk Level</strong>
 							</div>
@ -4994,10 +5025,23 @@ Below is a list of the ACE (access control entries) configured with excessive pr
 										<div class="chart-controls"></div>
 									</div>								  							
 							</div>
-					</div>	
-					<div class="LargeCard" style="width:36%;">	
+					</div>
+            
+					<div class="LargeCard" style="width:23%;">	
 							<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
-								<strong>Exposed File Count by Category</strong>
+								<strong>ACE Type Count</strong>
+							</div>
+							<div class="LargeCardContainer" align="center" >											
+									<div class="chart-container">
+									<div id="ChartAceType"></div>
+										<div class="chart-controls"></div>
+									</div>								  							
+							</div>
+					</div>	
+
+					<div class="LargeCard" style="width:23%;">	
+							<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
+								<strong>Interesting File Count</strong>
 							</div>
 							<div class="LargeCardContainer" align="center" >											
 									<div class="chart-container">
@ -5022,7 +5066,7 @@ Below is a list of the ACE (access control entries) configured with excessive pr
 </div>		
 <div style="display: flex; margin-left:10px; font-size:11; text-align:left;" >		
        <div id="acefilterCounter" style="margin-top:5px;">Loading...</div>      
-        <a style="font-size:11; margin-top: 5px; margin-left: 5px;" href="#" onclick="extractAndDownloadCSV('aceTable', 4)">Export</a>
+        <a style="font-size:11; margin-top: 5px; margin-left: 5px;" href="#" onclick="extractAndDownloadCSV('aceTable', 2)">Export</a>
 </div>
 <table id="aceTable" class="table table-striped table-hover tabledrop" style="width: 95%;">
  <thead>
@ -5030,14 +5074,13 @@ Below is a list of the ACE (access control entries) configured with excessive pr
    
    <th class="NamesTh" onclick="sortTable('aceTable',0,'number')" style="vertical-align: middle;text-align: left;">Risk Level</th>
    <th class="NamesTh" onclick="sortTable('aceTable',1,'alpha')" style="vertical-align: middle;text-align: left;">Computer</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',2,'alpha')" style="vertical-align: middle;text-align: left;">Share Name</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',3,'alpha')" style="vertical-align: middle;text-align: left;">Share Path</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',4,'alpha')" style="vertical-align: middle;text-align: left;">ACE</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',5,'alpha')" style="vertical-align: middle;text-align: left;">ACE Identity</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',6,'alpha')" style="vertical-align: middle;text-align: left;">Share Owner</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',7,'number')" style="vertical-align: middle;text-align: left;">Creation Date</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',8,'number')" style="vertical-align: middle;text-align: left;">Modified Date</th>        
-    <th class="NamesTh" onclick="sortTable('aceTable',9,'number')" style="vertical-align: middle;text-align: left;">Files</th>                
+    <th class="NamesTh" onclick="sortTable('aceTable',2,'alpha')" style="vertical-align: middle;text-align: left;">Share Name</th>                
+    <th class="NamesTh" onclick="sortTable('aceTable',3,'alpha')" style="vertical-align: middle;text-align: left;">FileSystemRight</th>        
+    <th class="NamesTh" onclick="sortTable('aceTable',4,'alpha')" style="vertical-align: middle;text-align: left;">Identity</th>        
+    <th class="NamesTh" onclick="sortTable('aceTable',5,'alpha')" style="vertical-align: middle;text-align: left;">Share Owner</th>        
+    <th class="NamesTh" onclick="sortTable('aceTable',6,'number')" style="vertical-align: middle;text-align: left;">Creation Date</th>        
+    <th class="NamesTh" onclick="sortTable('aceTable',7,'number')" style="vertical-align: middle;text-align: left;">Last Modified</th>        
+    <th class="NamesTh" onclick="sortTable('aceTable',8,'number')" style="vertical-align: middle;text-align: left;">Files</th>                
                          
    </tr>
    </thead>
@ -5744,7 +5787,7 @@ Folder groups are SMB shares that contain the exact same file listing. Each file
      <th onclick="sortTable('foldergrouptable',1,'number')" align="left" style="cursor: pointer;">Share Count</th> 
      <th onclick="sortTable('foldergrouptable',2,'number')" align="left" style="cursor: pointer;">File Count</th>
      <th onclick="sortTable('foldergrouptable',3,'number')" align="left" style="cursor: pointer;">Risk Level</th>            
-      <th onclick="sortTable('foldergrouptable',4,'alpha')"  align="left" style="cursor: pointer;">File Group</th>      	 	 
+      <th onclick="sortTable('foldergrouptable',4,'alpha')"  align="left" style="cursor: pointer;">Folder Group</th>      	 	 
    </tr>
  </thead>
  <tbody>
@ -6219,7 +6262,48 @@ Invoke-HuntSMBShares -Threads 20 -RunSpaceTimeOut 10 -OutputDirectory c:\folder\
            }
        }

+// --------------------------
+// ACE Page: Type chart
+// --------------------------

+// Initialize ApexCharts
+const ChartAceTypeOptions = {
+  series: [{
+    data: $UniqueFileSystemRightsSeries
+  }],
+  chart: {
+    type: 'bar',
+    height: 200
+  },
+  plotOptions: {
+    bar: {		 
+      borderRadius: 0,
+      borderRadiusApplication: 'end',
+      horizontal: true,
+      colors: {
+        backgroundBarColors: ['#e0e0e0'],
+        backgroundBarOpacity: 1,
+        ranges: [{
+          from: 0,
+          to: 1000,
+          color: '#f08c41'
+        }]
+      }
+    }
+  },
+  dataLabels: {
+    enabled: false
+  },
+  grid: {
+    show: false
+  },
+  xaxis: {
+    categories: [$UniqueFileSystemRightsCategories]
+  }
+};
+
+const ChartAceType = new ApexCharts(document.querySelector("#ChartAceType"), ChartAceTypeOptions);
+ChartAceType.render();

 // --------------------------
 // ACE Page: Risk Level chart