Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-04 19:28:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PowerHuntShares.psm1

Browse Source 
Added experimental LLM output note.
Updated static application fingerprint output logic.
This commit is contained in:
Scott Sutherland 2024-11-06 07:20:11 -06:00 committed by GitHub
parent e25347f643
commit 9976d6e8c0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
PowerHuntShares.psm1
View File

@ -4,7 +4,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.191 # Version: v1.192
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares function Invoke-HuntSMBShares
{ {
@ -2252,7 +2252,8 @@ function Invoke-HuntSMBShares
$myComputerOs = $DomainComputers | where ComputerName -eq $myComputerName | select OperatingSystem -ExpandProperty OperatingSystem $myComputerOs = $DomainComputers | where ComputerName -eq $myComputerName | select OperatingSystem -ExpandProperty OperatingSystem
# Get share name guess # Get share name guess
$myShareAppGuess = "None" $myShareAppGuess = "Unknown"
$myShareAppDesc = "Unknown"
$ListShareLocalPath = "" $ListShareLocalPath = ""
$ShareNameList | $ShareNameList |
foreach { foreach {
@ -2267,8 +2268,9 @@ function Invoke-HuntSMBShares
$ListShareApp = $_.Application $ListShareApp = $_.Application
if($ListShareName -eq $myShareName){ if($ListShareName -eq $myShareName){
# Set description # Set description & app guesses from static library
$myShareAppGuess = "The $ListShareName may be associated with $ListShareApp. $ListShareDesc $ShareShareJust" $myShareAppGuess = $ListShareApp
$myShareAppDesc = "The $ListShareName may be associated with $ListShareApp. $ListShareDesc $ShareShareJust"
} }
} }
@ -2281,6 +2283,7 @@ function Invoke-HuntSMBShares
SharePath = $mySharePath SharePath = $mySharePath
ShareType = $myShareType ShareType = $myShareType
ShareDescription = $myShareDescription ShareDescription = $myShareDescription
ShareDescriptionGuess = $myShareAppDesc
ShareGuessStatic = $myShareAppGuess ShareGuessStatic = $myShareAppGuess
ShareGuessLLM = "" ShareGuessLLM = ""
ShareGuessApp = "" ShareGuessApp = ""
@ -3063,8 +3066,13 @@ function Invoke-HuntSMBShares
# Issue LLM query to summarize applications # Issue LLM query to summarize applications
$LLMCleanAppSummary = Invoke-LLMRequest -MaxTokens 4096 -SimpleOutput -apikey $ApiKey -endpoint $Endpoint -text "$LLMCleanPrompt2" $LLMCleanAppSummary = Invoke-LLMRequest -MaxTokens 4096 -SimpleOutput -apikey $ApiKey -endpoint $Endpoint -text "$LLMCleanPrompt2"
# LLM Warning
$LLMOutputWarning = "Note: Application fingerprints were generated using an experimental version of the LLM-based application fingerprinting function. As a result, some application classifications may not be accurate."
}else{ }else{
$LLMCleanAppSummary = "" $LLMCleanAppSummary = ""
$LLMOutputWarning = ""
} }
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
@ -6901,6 +6909,7 @@ input[type="checkbox"]:checked::before {
</div> </div>
</div> </div>
</div> </div>
<div style="margin-left:10px;">$LLMOutputWarning</div>
</div> </div>
</div> </div>
</div> </div>
@ -7998,7 +8007,7 @@ This section lists the most common share owners.
<div id="tabPanel" class="tabPanel"> <div id="tabPanel" class="tabPanel">
<h2 style="margin-top: 65px;margin-left:10px;margin-bottom: 17px;">Folder Groups</h2> <h2 style="margin-top: 65px;margin-left:10px;margin-bottom: 17px;">Folder Groups</h2>
<div style="margin-left:10px;margin-top:3px;width:95%;"> <div style="margin-left:10px;margin-top:3px;width:95%;">
Folder groups are SMB shares that contain the exact same file listing. Each folder group has been hashed so they can be quickly correlated. In some cases, shares with the exact same file listing may be related to a single application or process. This information can help identify the root cause associated with the excessive privileges and expedite remediation. Folder groups are SMB shares that contain the exact same file listing. Each folder group has been hashed so they can be quickly correlated. In some cases, shares with the exact same file listing may be related to a single application or process. This information can help identify the root cause associated with the excessive privileges and expedite remediation. $LLMOutputWarning
<br><br> <br><br>
</div> </div>