Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-06-28 21:58:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PowerHuntShares.psm1

Browse Source 
Added noping option.
Lack of ping response no longer stops execution of port scan.
This commit is contained in:
Scott Sutherland
2024-05-20 09:46:26 -05:00
committed by GitHub
parent 0de4a04ffb
commit e7ae7c3b63
1 changed files with 53 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
PowerHuntShares.psm1
View File

@ -2,9 +2,9 @@
#-------------------------------------- #--------------------------------------
# Function: Invoke-HuntSMBShares # Function: Invoke-HuntSMBShares
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2022 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.33 # Version: v1.34
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares function Invoke-HuntSMBShares
{ {
@ -32,7 +32,7 @@ function Invoke-HuntSMBShares
o Determine current computer's domain o Determine current computer's domain
o Enumerate domain computers o Enumerate domain computers
o Filter for computers that respond to ping reqeusts o Check if computers respond to ping requests
o Filter for computers that have TCP 445 open and accessible o Filter for computers that have TCP 445 open and accessible
o Enumerate SMB shares o Enumerate SMB shares
o Enumerate SMB share permissions o Enumerate SMB share permissions
@ -201,7 +201,11 @@ function Invoke-HuntSMBShares
[Parameter(Mandatory = $false, [Parameter(Mandatory = $false,
HelpMessage = 'Path to file of file paths to search for. One path per line.')] HelpMessage = 'Path to file of file paths to search for. One path per line.')]
[string] $FindFilesList [string] $FindFilesList,
[Parameter(Mandatory = $false,
HelpMessage = 'Do not perform ping scan.')]
[switch] $NoPing
) )
@ -215,7 +219,7 @@ function Invoke-HuntSMBShares
Write-Output " " Write-Output " "
Write-Output " o Determine current computer's domain " Write-Output " o Determine current computer's domain "
Write-Output " o Enumerate domain computers " Write-Output " o Enumerate domain computers "
Write-Output " o Filter for computers that respond to ping reqeusts " Write-Output " o Check if computers respond to ping requests "
Write-Output " o Filter for computers that have TCP 445 open and accessible " Write-Output " o Filter for computers that have TCP 445 open and accessible "
Write-Output " o Enumerate SMB shares " Write-Output " o Enumerate SMB shares "
Write-Output " o Enumerate SMB share permissions " Write-Output " o Enumerate SMB share permissions "
@ -361,6 +365,11 @@ function Invoke-HuntSMBShares
# Identify computers that respond to ping reqeusts # Identify computers that respond to ping reqeusts
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
if($NoPing){
Write-Output " [*][$Time] - Skipping ping scan."
$ComputerPingableCount = 0
}else{
# Status user # Status user
$Time = Get-Date -UFormat "%m/%d/%Y %R" $Time = Get-Date -UFormat "%m/%d/%Y %R"
Write-Output " [*][$Time] Pinging $ComputerCount computers" Write-Output " [*][$Time] Pinging $ComputerCount computers"
@ -387,20 +396,13 @@ function Invoke-HuntSMBShares
$Time = Get-Date -UFormat "%m/%d/%Y %R" $Time = Get-Date -UFormat "%m/%d/%Y %R"
Write-Output " [*][$Time] - $ComputerPingableCount computers responded to ping requests." Write-Output " [*][$Time] - $ComputerPingableCount computers responded to ping requests."
# Stop if no hosts are accessible
If ($ComputerPingableCount -eq 0)
{
$Time = Get-Date -UFormat "%m/%d/%Y %R"
Write-Output " [*][$Time] - Aborting."
break
}
# Save results # Save results
# Write-Output " [*] - Saving results to $OutputDirectory\$TargetDomain-Domain-Computers-Pingable.csv" # Write-Output " [*] - Saving results to $OutputDirectory\$TargetDomain-Domain-Computers-Pingable.csv"
$ComputersPingable | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Domain-Computers-Pingable.csv" $ComputersPingable | Export-Csv -NoTypeInformation "$OutputDirectory\$TargetDomain-Domain-Computers-Pingable.csv"
$null = Convert-DataTableToHtmlTable -DataTable $ComputersPingable -Outfile "$OutputDirectory\$TargetDomain-Domain-Computers-Pingable.html" -Title "Domain Computers: Ping Response" -Description "This page shows the domain computers for the $TargetDomain Active Directory domain that responded to ping requests." $null = Convert-DataTableToHtmlTable -DataTable $ComputersPingable -Outfile "$OutputDirectory\$TargetDomain-Domain-Computers-Pingable.html" -Title "Domain Computers: Ping Response" -Description "This page shows the domain computers for the $TargetDomain Active Directory domain that responded to ping requests."
$ComputersPingableFile = "$TargetDomain-Domain-Computers-Pingable.csv" $ComputersPingableFile = "$TargetDomain-Domain-Computers-Pingable.csv"
$ComputersPingableFileH = "$TargetDomain-Domain-Computers-Pingable.html" $ComputersPingableFileH = "$TargetDomain-Domain-Computers-Pingable.html"
}
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Identify computers that have TCP 445 open and accessible # Identify computers that have TCP 445 open and accessible
@ -408,10 +410,7 @@ function Invoke-HuntSMBShares
# Status user # Status user
$Time = Get-Date -UFormat "%m/%d/%Y %R" $Time = Get-Date -UFormat "%m/%d/%Y %R"
Write-Output " [*][$Time] Checking if TCP Port 445 is open on $ComputerPingableCount computers" Write-Output " [*][$Time] Checking if TCP Port 445 is open on $ComputerCount computers"
# Get clean list of pingable computers
$ComputersPingableClean = $ComputersPingable | Select-Object ComputerName
# Create script block to port scan tcp 445 # Create script block to port scan tcp 445
$MyScriptBlock = { $MyScriptBlock = {
@ -443,7 +442,7 @@ function Invoke-HuntSMBShares
} }
# Perform port scan of tcp 445 threaded # Perform port scan of tcp 445 threaded
$Computers445Open = $ComputersPingableClean | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $GlobalThreadCount -RunspaceTimeout $RunSpaceTimeOut -ErrorAction SilentlyContinue $Computers445Open = $DomainComputers | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $GlobalThreadCount -RunspaceTimeout $RunSpaceTimeOut -ErrorAction SilentlyContinue
# Status user # Status user
$Computers445OpenCount = $Computers445Open.count $Computers445OpenCount = $Computers445Open.count
@ -1494,6 +1493,12 @@ function Invoke-HuntSMBShares
$StopWatch.Stop() $StopWatch.Stop()
$RunTime = $StopWatch | Select-Object Elapsed -ExpandProperty Elapsed $RunTime = $StopWatch | Select-Object Elapsed -ExpandProperty Elapsed
if($NoPing){
$NoPingMsg = "(No Ping)"
}else{
$NoPingMsg = ""
}
#Write-Output " [*][$Time] -----------------------------------------------" #Write-Output " [*][$Time] -----------------------------------------------"
#Write-Output " [*][$Time] Get-ShareInventory Summary Report" #Write-Output " [*][$Time] Get-ShareInventory Summary Report"
#Write-Output " [*][$Time] -----------------------------------------------" #Write-Output " [*][$Time] -----------------------------------------------"
@ -1504,7 +1509,7 @@ function Invoke-HuntSMBShares
Write-Output " [*][$Time] " Write-Output " [*][$Time] "
Write-Output " [*][$Time] COMPUTER SUMMARY" Write-Output " [*][$Time] COMPUTER SUMMARY"
Write-Output " [*][$Time] - $ComputerCount domain computers found." Write-Output " [*][$Time] - $ComputerCount domain computers found."
Write-Output " [*][$Time] - $ComputerPingableCount ($PercentComputerPingP) domain computers responded to ping." Write-Output " [*][$Time] - $ComputerPingableCount ($PercentComputerPingP) domain computers responded to ping. $NoPingMsg"
Write-Output " [*][$Time] - $Computers445OpenCount ($PercentComputerPortP) domain computers had TCP port 445 accessible." Write-Output " [*][$Time] - $Computers445OpenCount ($PercentComputerPortP) domain computers had TCP port 445 accessible."
Write-Output " [*][$Time] - $ComputerwithNonDefaultCount ($PercentComputerNonDefaultP) domain computers had shares that were non-default." Write-Output " [*][$Time] - $ComputerwithNonDefaultCount ($PercentComputerNonDefaultP) domain computers had shares that were non-default."
Write-Output " [*][$Time] - $ComputerWithExcessive ($PercentComputerExPrivP) domain computers had shares with potentially excessive privileges." Write-Output " [*][$Time] - $ComputerWithExcessive ($PercentComputerExPrivP) domain computers had shares with potentially excessive privileges."