This page provides a summary of the share scan results, observations, risks, and prioritized recommendations.
@@ -6257,8 +6255,7 @@ $CardLastModifiedTimeLine
-
-
Computers
+
Computers
This section provides information for computers hosting shares configured with excessive privileges. $ComputerCount computers were found in the $TargetDomain Active Directory domain, $ComputerPingableCount responded to ping requests, $Computers445OpenCount had port 445 open, and $ComputerWithExcessive were found hosting shares configured with excessive privileges.
@@ -6376,8 +6373,7 @@ This section provides information for computers hosting shares configured with e
-
-
Identities
+
Identities
The section provides the affected identities.$IdentityCombinedListCount identities were discovered across shares in the $TargetDomain Active Directory domain. $IdentityOwnerListCount were owners and $IdentityReferenceListCount were assigned privileges.
@@ -6465,14 +6461,13 @@ Note: Within the context of this report, all read and write access the "Everyone
-
-
Insecure ACEs
+
Insecure ACEs
This section provides the ACE (access control entries) configured with excessive privileges found in the $TargetDomain Active Directory domain.
@@ -7011,8 +7006,7 @@ Below is a summary of the exposure associated with each of those groups.
-
-
Share Names
+
Share Names
This section provide a summary and list of the affected shares grouped by name. $AllSMBSharesCount shares were discovered across $ComputerPingableCount live computers in the $TargetDomain Active Directory domain. $ExcessiveSharesCount of those shares were found configured with excessive privileges across $ComputerWithExcessive computers.
@@ -7133,8 +7127,7 @@ This section provide a summary and list of the affected shares grouped by name.
-
-
Networks
+
Networks
This section provides an overview of the affected networks. $SubnetsCount networks/subnets were found associated with computers that host shares that are configured with excessive privileges.
@@ -7178,8 +7171,7 @@ This section lists the most common share owners.
-
-
Folder Groups
+
Folder Groups
Folder groups are SMB shares that contain the exact same file listing. Each folder group has been hashed so they can be quickly correlated. In some cases, shares with the exact same file listing may be related to a single application or process. This information can help identify the root cause associated with the excessive privileges and expedite remediation.
@@ -7248,8 +7240,7 @@ Folder groups are SMB shares that contain the exact same file listing. Each fold
-
-
Extracted Secrets
+
Extracted Secrets
This section includes a list of the credentials that were recovered during data collection. $SecretsRecoveredCount credentials were recovered from $SecretsRecoveredFileCount of the discovered $InterestingFilesAllObjectsSecretCount secrets files.
@@ -7306,8 +7297,7 @@ This section includes a list of the credentials that were recovered during data
-
-
ShareGraph
+
ShareGraph
@@ -9719,8 +9709,7 @@ document.querySelector('#nodemenu a:nth-child(2)').addEventListener('click', fun
-
-
Exploit
+
Exploit
This section provides some tips for exploiting share access.
@@ -9782,8 +9771,7 @@ This section provides some tips for exploiting share access.
-
-
Detect
+
Detect
This section provides some tips for detecting potentially malicious share scanning events.
@@ -9848,8 +9836,7 @@ Guest access to the system should also be revoked and ensure that adequate acces
-
-
Remediate
+
Remediate
This section provides some tips for prioritizing the remediation of shares configured with excessive privileges.
@@ -9914,8 +9901,7 @@ This section provides some tips for prioritizing the remediation of shares confi
-
-
Scan Information
+
Scan Information
The PowerHuntShares audit script was run against the $TargetDomain Active Directory domain to collect SMB Share data, generate this HTML summary report, and generate the associated csv files that detail potentially excessive share configurations. Below is a the scan summary and an overview of how to use this report.