Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-05 03:38:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update Analyze-HuntSMBShares.ps1

Browse Source 
Updated aces page.
This commit is contained in:
Scott Sutherland 2024-08-08 10:01:23 -05:00 committed by GitHub
parent cd60599a54
commit 995858f49b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 109 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
Scripts/Analyze-HuntSMBShares.ps1
View File

@ -5,7 +5,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.68 # Version: v1.70
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Analyze-HuntSMBShares function Analyze-HuntSMBShares
{ {
@ -1631,14 +1631,18 @@ function Analyze-HuntSMBShares
# Files # Files
$AceRowFilecount = $_.FileCount $AceRowFilecount = $_.FileCount
$AceRowFileList = $_.FileList $AceRowFileList = $_.FileList -split "`r`n" | ForEach-Object { $ASDF = $_; "$ASDF<br>" } | Out-String
$AceRow = @" $AceRow = @"
<tr> <tr>
<td>$AceRowRiskScore $AceRowRiskLevel</td> <!-- Risk Level --> <td style="width: 100px;">$AceRowRiskScore $AceRowRiskLevel</td> <!-- Risk Level -->
<td>$AceRowComputer </td> <!-- Computer --> <td>$AceRowComputer </td> <!-- Computer -->
<td>$AceRowShareName</td> <!-- Share Name --> <td>
<td>$AceRowSharePath</td> <!-- Share Path --> <a href="$AceRowSharePath" style="text-decoration:none;">$AceRowShareName</a>
<div class="content" style="font-size: 10px; width:100px; overflow-wrap: break-word;">
$AceRowSharePath
</div>
</td> <!-- Share Name -->
<td>$AceRowACE </td> <!-- ACE --> <td>$AceRowACE </td> <!-- ACE -->
<td>$AceRowIdentity </td> <!-- Identity --> <td>$AceRowIdentity </td> <!-- Identity -->
<td>$AceRowShareOwner</td> <!-- Share Owner --> <td>$AceRowShareOwner</td> <!-- Share Owner -->
@ -1656,6 +1660,35 @@ function Analyze-HuntSMBShares
$AceRow $AceRow
} }
#
# Build ACE summary
#
# Get unique filesystemright Names
$UniqueFileSystemRights = (($ExcessiveSharePrivsFinal | Select FileSystemRights -Unique -ExpandProperty FileSystemRights | Sort) -split("/")) -split(",") | select -Unique | sort
# Create structure for chart categories
$UniqueFileSystemRightsNames = ""
$UniqueFileSystemRightsCategories = "'" + ($UniqueFileSystemRights -join("','") ) + "'"
# Get count for each system right
$UniqueFileSystemRightsCounts = $UniqueFileSystemRights |
foreach {
# Set target right
$TargetFileSystemRight = $_
# Get count for filesystemright
$TargetFileSystemRightCount = $ExcessiveSharePrivsFinal | where FileSystemRights -like "*$TargetFileSystemRight*" | measure | select count -ExpandProperty count
# Append to end of string
$TargetFileSystemRightCount + " "
}
# Create structure for chart series data
$UniqueFileSystemRightsSeries = "[" + ($UniqueFileSystemRightsCounts -replace(" ",",")) + "]"
$UniqueFileSystemRightsSeries = $UniqueFileSystemRightsSeries -replace(" ",",")
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Create Computer Insight Summary Information & Table Rows # Create Computer Insight Summary Information & Table Rows
@ -4971,20 +5004,18 @@ Below is a list of the ACE (access control entries) configured with excessive pr
</div> </div>
<div class="LargeCard" style="width:20%;"> <div class="LargeCard" style="width:20%;">
<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A"> <div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
<strong>Inescure ACEs</strong> <strong>Inescure ACEs Found</strong>
</div> </div>
<div class="LargeCardContainer" style="height:215px;text-align:center;"> <div class="LargeCardContainer" style="height:215px;text-align:center;">
<br><br><br> <br><br><br>
<span class="percentagetext" style = "font-size: 50px; color:#f08c41;heigh:100%"> <div class="percentagetext" style = "font-size: 50px; color:#f08c41;heigh:100%; margin: 15px;">
$ExcessiveSharePrivsCount $ExcessiveSharePrivsCount
</span><br> </div><br>
</div> </div>
</div> </div>
<div class="LargeCard" style="width:23%;">
<div class="LargeCard" style="width:36%;">
<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A"> <div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
<strong>ACE Count by Risk Level</strong> <strong>ACE Count by Risk Level</strong>
</div> </div>
@ -4995,9 +5026,22 @@ Below is a list of the ACE (access control entries) configured with excessive pr
</div> </div>
</div> </div>
</div> </div>
<div class="LargeCard" style="width:36%;">
<div class="LargeCard" style="width:23%;">
<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A"> <div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
<strong>Exposed File Count by Category</strong> <strong>ACE Type Count</strong>
</div>
<div class="LargeCardContainer" align="center" >
<div class="chart-container">
<div id="ChartAceType"></div>
<div class="chart-controls"></div>
</div>
</div>
</div>
<div class="LargeCard" style="width:23%;">
<div class="LargeCardTitle" style = "font-size: 15px; background-color: #07142A">
<strong>Interesting File Count</strong>
</div> </div>
<div class="LargeCardContainer" align="center" > <div class="LargeCardContainer" align="center" >
<div class="chart-container"> <div class="chart-container">
@ -5022,7 +5066,7 @@ Below is a list of the ACE (access control entries) configured with excessive pr
</div> </div>
<div style="display: flex; margin-left:10px; font-size:11; text-align:left;" > <div style="display: flex; margin-left:10px; font-size:11; text-align:left;" >
<div id="acefilterCounter" style="margin-top:5px;">Loading...</div> <div id="acefilterCounter" style="margin-top:5px;">Loading...</div>
<a style="font-size:11; margin-top: 5px; margin-left: 5px;" href="#" onclick="extractAndDownloadCSV('aceTable', 4)">Export</a> <a style="font-size:11; margin-top: 5px; margin-left: 5px;" href="#" onclick="extractAndDownloadCSV('aceTable', 2)">Export</a>
</div> </div>
<table id="aceTable" class="table table-striped table-hover tabledrop" style="width: 95%;"> <table id="aceTable" class="table table-striped table-hover tabledrop" style="width: 95%;">
<thead> <thead>
@ -5031,13 +5075,12 @@ Below is a list of the ACE (access control entries) configured with excessive pr
<th class="NamesTh" onclick="sortTable('aceTable',0,'number')" style="vertical-align: middle;text-align: left;">Risk Level</th> <th class="NamesTh" onclick="sortTable('aceTable',0,'number')" style="vertical-align: middle;text-align: left;">Risk Level</th>
<th class="NamesTh" onclick="sortTable('aceTable',1,'alpha')" style="vertical-align: middle;text-align: left;">Computer</th> <th class="NamesTh" onclick="sortTable('aceTable',1,'alpha')" style="vertical-align: middle;text-align: left;">Computer</th>
<th class="NamesTh" onclick="sortTable('aceTable',2,'alpha')" style="vertical-align: middle;text-align: left;">Share Name</th> <th class="NamesTh" onclick="sortTable('aceTable',2,'alpha')" style="vertical-align: middle;text-align: left;">Share Name</th>
<th class="NamesTh" onclick="sortTable('aceTable',3,'alpha')" style="vertical-align: middle;text-align: left;">Share Path</th> <th class="NamesTh" onclick="sortTable('aceTable',3,'alpha')" style="vertical-align: middle;text-align: left;">FileSystemRight</th>
<th class="NamesTh" onclick="sortTable('aceTable',4,'alpha')" style="vertical-align: middle;text-align: left;">ACE</th> <th class="NamesTh" onclick="sortTable('aceTable',4,'alpha')" style="vertical-align: middle;text-align: left;">Identity</th>
<th class="NamesTh" onclick="sortTable('aceTable',5,'alpha')" style="vertical-align: middle;text-align: left;">ACE Identity</th> <th class="NamesTh" onclick="sortTable('aceTable',5,'alpha')" style="vertical-align: middle;text-align: left;">Share Owner</th>
<th class="NamesTh" onclick="sortTable('aceTable',6,'alpha')" style="vertical-align: middle;text-align: left;">Share Owner</th> <th class="NamesTh" onclick="sortTable('aceTable',6,'number')" style="vertical-align: middle;text-align: left;">Creation Date</th>
<th class="NamesTh" onclick="sortTable('aceTable',7,'number')" style="vertical-align: middle;text-align: left;">Creation Date</th> <th class="NamesTh" onclick="sortTable('aceTable',7,'number')" style="vertical-align: middle;text-align: left;">Last Modified</th>
<th class="NamesTh" onclick="sortTable('aceTable',8,'number')" style="vertical-align: middle;text-align: left;">Modified Date</th> <th class="NamesTh" onclick="sortTable('aceTable',8,'number')" style="vertical-align: middle;text-align: left;">Files</th>
<th class="NamesTh" onclick="sortTable('aceTable',9,'number')" style="vertical-align: middle;text-align: left;">Files</th>
</tr> </tr>
</thead> </thead>
@ -5744,7 +5787,7 @@ Folder groups are SMB shares that contain the exact same file listing. Each file
<th onclick="sortTable('foldergrouptable',1,'number')" align="left" style="cursor: pointer;">Share Count</th> <th onclick="sortTable('foldergrouptable',1,'number')" align="left" style="cursor: pointer;">Share Count</th>
<th onclick="sortTable('foldergrouptable',2,'number')" align="left" style="cursor: pointer;">File Count</th> <th onclick="sortTable('foldergrouptable',2,'number')" align="left" style="cursor: pointer;">File Count</th>
<th onclick="sortTable('foldergrouptable',3,'number')" align="left" style="cursor: pointer;">Risk Level</th> <th onclick="sortTable('foldergrouptable',3,'number')" align="left" style="cursor: pointer;">Risk Level</th>
<th onclick="sortTable('foldergrouptable',4,'alpha')" align="left" style="cursor: pointer;">File Group</th> <th onclick="sortTable('foldergrouptable',4,'alpha')" align="left" style="cursor: pointer;">Folder Group</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -6219,7 +6262,48 @@ Invoke-HuntSMBShares -Threads 20 -RunSpaceTimeOut 10 -OutputDirectory c:\folder\
} }
} }
// --------------------------
// ACE Page: Type chart
// --------------------------
// Initialize ApexCharts
const ChartAceTypeOptions = {
series: [{
data: $UniqueFileSystemRightsSeries
}],
chart: {
type: 'bar',
height: 200
},
plotOptions: {
bar: {
borderRadius: 0,
borderRadiusApplication: 'end',
horizontal: true,
colors: {
backgroundBarColors: ['#e0e0e0'],
backgroundBarOpacity: 1,
ranges: [{
from: 0,
to: 1000,
color: '#f08c41'
}]
}
}
},
dataLabels: {
enabled: false
},
grid: {
show: false
},
xaxis: {
categories: [$UniqueFileSystemRightsCategories]
}
};
const ChartAceType = new ApexCharts(document.querySelector("#ChartAceType"), ChartAceTypeOptions);
ChartAceType.render();
// -------------------------- // --------------------------
// ACE Page: Risk Level chart // ACE Page: Risk Level chart