Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-05 03:38:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PowerHuntShares.psm1

Browse Source 
Added risk level to folder group page.
This commit is contained in:
Scott Sutherland 2024-08-07 13:17:56 -05:00 committed by GitHub
parent 5be7eb3615
commit cbf4251510
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
PowerHuntShares.psm1
View File

@ -4,7 +4,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.99 # Version: v1.100
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares function Invoke-HuntSMBShares
{ {
@ -2326,49 +2326,64 @@ function Invoke-HuntSMBShares
$SourceIps = (Get-NetIPAddress | where AddressState -like "*Pref*" | where AddressFamily -like "ipv4" | where ipaddress -notlike "127.0.0.1" | select IpAddress).ipaddress -join ("<br>") $SourceIps = (Get-NetIPAddress | where AddressState -like "*Pref*" | where AddressFamily -like "ipv4" | where ipaddress -notlike "127.0.0.1" | select IpAddress).ipaddress -join ("<br>")
$SourceHost = (hostname) $SourceHost = (hostname)
# Get share list string list # Get file group string list
$CommonShareFileGroupTopString = $CommonShareFileGroupTop5 | $CommonShareFileGroupTopString = $CommonShareFileGroupTop5 |
foreach { foreach {
$FileGroupName = $_.name $FileGroupName = $_.name
$ThisFileBars = Get-GroupFileBar -DataTable $ExcessiveSharePrivs -Name $FileGroupName -AllComputerCount $ComputerCount -AllShareCount $AllSMBSharesCount -AllAclCount $ShareACLsCount $ThisFileBars = Get-GroupFileBar -DataTable $ExcessiveSharePrivs -Name $FileGroupName -AllComputerCount $ComputerCount -AllShareCount $AllSMBSharesCount -AllAclCount $ShareACLsCount
$ComputerBarF = $ThisFileBars.ComputerBar $ComputerBarF = $ThisFileBars.ComputerBar
$ShareBarF = $ThisFileBars.ShareBar $ShareBarF = $ThisFileBars.ShareBar
$AclBarF = $ThisFileBars.AclBar $AclBarF = $ThisFileBars.AclBar
$ThisFileListPrep = $ThisFileBars.FileList $ThisFileListPrep = $ThisFileBars.FileList
$ThisFileList = $ThisFileListPrep -replace "`n", "<br>" $ThisFileList = $ThisFileListPrep -replace "`n", "<br>"
$ThisFileCount = $ThisFileBars.FileCount $ThisFileCount = $ThisFileBars.FileCount
$ThisFileShareCount = $ThisFileBars.Sharecount $ThisFileShareCount = $ThisFileBars.Sharecount
$ThisFileShareNameList = $ExcessiveSharePrivs | where FileListGroup -eq $FileGroupName | select ShareName -unique -expandproperty sharename | foreach { "$_ <br>"} $ThisFileShareNameList = $ExcessiveSharePrivs | where FileListGroup -eq $FileGroupName | select ShareName -unique -expandproperty sharename | foreach { "$_ <br>"}
$ThisFileShareNameListUniqueCount = $ThisFileShareNameList | measure | select count -ExpandProperty count $ThisFileShareNameListUniqueCount = $ThisFileShareNameList | measure | select count -ExpandProperty count
$ShareFileShareUnc = $ExcessiveSharePrivs | where FileListGroup -eq $FileGroupName | select SharePath -unique -expandproperty SharePath | foreach { "$_ <br>"} $ShareFileShareUnc = $ExcessiveSharePrivs | where FileListGroup -eq $FileGroupName | select SharePath -unique -expandproperty SharePath | foreach { "$_ <br>"}
# Grab the risk level for the highest risk acl for the foldergroup
$FolderGroupsTopACLRiskScoreRow = $ExcessiveSharePrivsFinal | where FileListGroup -eq $FileGroupName | select RiskScore | sort RiskScore -Descending | select -First 1 | select RiskScore -ExpandProperty RiskScore
# Check risk level - Highest wins
If($FolderGroupsTopACLRiskScoreRow -le 4 ) { $RiskLevelFolderGroupResultRow = "Low"}
If($FolderGroupsTopACLRiskScoreRow -gt 4 -and $FolderGroupsTopACLRiskScoreRow -lt 11 ) { $RiskLevelFolderGroupResultRow = "Medium"}
If($FolderGroupsTopACLRiskScoreRow -ge 11 -and $FolderGroupsTopACLRiskScoreRow -lt 20 ) { $RiskLevelFolderGroupResultRow = "High"}
If($FolderGroupsTopACLRiskScoreRow -ge 20 ) { $RiskLevelFolderGroupResultRow = "Critical"}
# Set risk level for row
$FileGroupNameRiskLevelRow = "$FolderGroupsTopACLRiskScoreRow $RiskLevelFolderGroupResultRow"
$ThisRow = @" $ThisRow = @"
<tr> <tr>
<td> <td>
<!-- Unique Share Count -->
<button class="collapsible">$ThisFileShareNameListUniqueCount</button> <button class="collapsible">$ThisFileShareNameListUniqueCount</button>
<div class="content" style="font-size:11px;width:100px;"> <div class="content" style="font-size:11px;width:100px;">
$ThisFileShareNameList $ThisFileShareNameList
</div> </div>
</td> </td>
<td> <td>
<!-- Total Share Count -->
<button class="collapsible">$ThisFileShareCount</button> <button class="collapsible">$ThisFileShareCount</button>
<div class="content" style="font-size:11px;width:100px;"> <div class="content" style="font-size:11px;width:100px;">
$ShareFileShareUnc $ShareFileShareUnc
</div> </div>
</td> </td>
<td> <td> <!-- File Count -->
$FileGroupName
</td>
<td>
<button class="collapsible"><span style="color:#CE112D;"></span>$ThisFileCount Files</button> <button class="collapsible"><span style="color:#CE112D;"></span>$ThisFileCount Files</button>
<div class="content" style="font-size:11px;width:100px;"> <div class="content" style="font-size:11px;width:100px;">
$ThisFileList $ThisFileList
</div> </div>
</td> </td>
<td> <td> <!-- Risk Level -->
$AclBarF $FileGroupNameRiskLevelRow
</td> </td>
<td> <!-- Folder Group Name -->
$FileGroupName
</td>
</tr> </tr>
"@ "@
$ThisRow $ThisRow
} }
@ -6096,11 +6111,11 @@ Folder groups are SMB shares that contain the exact same file listing. Each file
<table class="table table-striped table-hover tabledrop" id="foldergrouptable" style="width:95%"> <table class="table table-striped table-hover tabledrop" id="foldergrouptable" style="width:95%">
<thead> <thead>
<tr> <tr>
<th onclick="sortTable('foldergrouptable',0,'number')" align="left">Unique Share Names</th> <th onclick="sortTable('foldergrouptable',0,'number')" align="left" style="cursor: pointer;">Unique Share Names</th>
<th onclick="sortTable('foldergrouptable',1,'number')" align="left">Share Count</th> <th onclick="sortTable('foldergrouptable',1,'number')" align="left" style="cursor: pointer;">Share Count</th>
<th onclick="sortTable('foldergrouptable',2,'alpha')" align="left">File Group</th> <th onclick="sortTable('foldergrouptable',2,'number')" align="left" style="cursor: pointer;">File Count</th>
<th onclick="sortTable('foldergrouptable',3,'number')" align="left">File Count</th> <th onclick="sortTable('foldergrouptable',3,'number')" align="left" style="cursor: pointer;">Risk Level</th>
<th onclick="sortTable('foldergrouptable',4,'number')" align="left">Affected ACLs</th> <th onclick="sortTable('foldergrouptable',4,'alpha')" align="left" style="cursor: pointer;">File Group</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -6110,6 +6125,7 @@ Folder groups are SMB shares that contain the exact same file listing. Each file
<div id="paginationfg" style="margin:10px;"></div> <div id="paginationfg" style="margin:10px;"></div>
</div> </div>
<!-- <!--
|||||||||| PAGE: Exploit Shares |||||||||| PAGE: Exploit Shares
--> -->