Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-04 19:28:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update Analyze-HuntSMBShares.ps1

Browse Source 
Interesting files update.
This commit is contained in:
Scott Sutherland 2024-08-08 10:44:55 -05:00 committed by GitHub
parent 265aef3dca
commit d7aec773e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Scripts/Analyze-HuntSMBShares.ps1
View File

@ -5,7 +5,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.70 # Version: v1.71
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Analyze-HuntSMBShares function Analyze-HuntSMBShares
{ {
@ -749,11 +749,12 @@ function Analyze-HuntSMBShares
ForEach-Object { ForEach-Object {
# Create a value contain row data # Create a value contain row data
# Read = yellow, write = orange, highrisk = red (if value >0)
$CurrentRow = $_ $CurrentRow = $_
$PrintRow = "" $PrintRow = ""
$MyCsvColumns | $MyCsvColumns |
ForEach-Object{ ForEach-Object{
try{ try{
$GetValue = $CurrentRow | Select-Object $_ -ExpandProperty $_ -ErrorAction SilentlyContinue $GetValue = $CurrentRow | Select-Object $_ -ExpandProperty $_ -ErrorAction SilentlyContinue
if($PrintRow -eq ""){ if($PrintRow -eq ""){
@ -1080,7 +1081,7 @@ function Analyze-HuntSMBShares
# Add rows to data table - Files containing passwords # Add rows to data table - Files containing passwords
$FileNamePatternsAll.Rows.Add("Bootstrap.ini*","Used for Windows Deployment services (WDS) PXE installation and may contain credentials.","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("Bootstrap.ini*","Used for Windows Deployment services (WDS) PXE installation and may contain credentials.","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add(".bcd*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("*.bcd","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("context.xml*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("context.xml*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("db2cli.ini*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("db2cli.ini*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("ftpd.*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("ftpd.*","","None.","Secret","") | Out-Null
@ -1138,6 +1139,13 @@ function Analyze-HuntSMBShares
$FileNamePatternsAll.Rows.Add("*Drives.xml*","Group policy file that may contain passwords.","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("*Drives.xml*","Group policy file that may contain passwords.","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*unattend*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("*unattend*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*sysprep*","","None.","Secret","") | Out-Null $FileNamePatternsAll.Rows.Add("*sysprep*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.key","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.private","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.pem","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.p12","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.pfx","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.crt","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.ppk","","None.","Secret","") | Out-Null
# Add rows to data table - System/VM Images # Add rows to data table - System/VM Images
$FileNamePatternsAll.Rows.Add("*.img*","","None.","SystemImage","") | Out-Null $FileNamePatternsAll.Rows.Add("*.img*","","None.","SystemImage","") | Out-Null
@ -1191,6 +1199,8 @@ function Analyze-HuntSMBShares
$FileNamePatternsAll.Rows.Add("*.dll","","None.","Binaries","") | Out-Null $FileNamePatternsAll.Rows.Add("*.dll","","None.","Binaries","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.exe","","None.","Binaries","") | Out-Null $FileNamePatternsAll.Rows.Add("*.exe","","None.","Binaries","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.msi","","None.","Binaries","") | Out-Null $FileNamePatternsAll.Rows.Add("*.msi","","None.","Binaries","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.jar","","None.","Binaries","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.war","","None.","Binaries","") | Out-Null
$FileNamePatternsAll.Rows.Add("*Program Files*","This is an application directory.","None.","Binaries","") | Out-Null $FileNamePatternsAll.Rows.Add("*Program Files*","This is an application directory.","None.","Binaries","") | Out-Null
# Use keyword from define file instead # Use keyword from define file instead