Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-06-28 05:38:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PowerHuntShares.psm1

Browse Source 
Added parser for .fetchmailrc credentials.
This commit is contained in:
Scott Sutherland
2024-10-07 08:10:03 -05:00
committed by GitHub
parent aaa7356409
commit e962d8db1e
1 changed files with 119 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
PowerHuntShares.psm1
View File

@ -4,7 +4,7 @@
#--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD
# Version: v1.151
# Version: v1.152
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares
{
@ -1611,13 +1611,14 @@ function Invoke-HuntSMBShares
$FileNamePatternsAll.Rows.Add("vas.conf","May include auth configs.","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("grub.cfg","","None.","Secret","Get-PwGrubConfig") | Out-Null
$FileNamePatternsAll.Rows.Add("grub.conf","","None.","Secret","Get-PwGrubConfig") | Out-Null
$FileNamePatternsAll.Rows.Add("*.fetchmailrc","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.fetchmailrc","","None.","Secret","Get-PwFetchmailrc") | Out-Null
$FileNamePatternsAll.Rows.Add("*.keytab","May store authentication tokens.","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*mysql_history*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*psql_history*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.git-credentials*","","None.","Secret","Get-PwGitCredentials") | Out-Null
$FileNamePatternsAll.Rows.Add("*azure.config.ini*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*azure.profile.json*","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.azure","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*dbeaver-data-sources.xml","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.s3cfg","","None.","Secret","") | Out-Null
$FileNamePatternsAll.Rows.Add("*.netrc","","None.","Secret","Get-PwNetrc") | Out-Null
@ -26970,3 +26971,119 @@ function Get-PwGitCredentials {
# Return parsed credentials
return $credentialsList
}
# Author: Scott Sutherland, NetSPI (@_nullbind / nullbind)
# Intended input: .fetchmailrc files
# Author: Scott Sutherland, NetSPI (@_nullbind / nullbind)
# Intended input: .fetchmailrc files
function Get-PwFetchmailrc {
param (
[string]$FilePath,
[string]$ComputerName = "NA",
[string]$ShareName = "NA",
[string]$UncFilePath = "NA",
[string]$FileName = "NA",
[string]$TargetURL = "NA"
)
if (-not (Test-Path -Path $FilePath)) {
Write-Host "File not found: $FilePath"
return
}
# Read and clean the lines into a modifiable list
$lines = [System.Collections.Generic.List[string]](Get-Content -Path $FilePath | ForEach-Object {
$_.Trim()
} | Where-Object { $_ -notmatch '^#' }) # Remove comments
# Consolidate multi-line configurations
for ($i = $lines.Count - 1; $i -gt 0; $i--) {
if ($lines[$i] -notmatch '^(defaults|poll|skip)\s+') {
$lines[$i - 1] += " " + $lines[$i]
$lines.RemoveAt($i)
}
}
# Initialize variables
$defaults = @{}
$credentials = @()
# Function to parse individual configuration lines
function Parse-FetchmailRCLine {
param ($line)
$cred = @{
"Username" = @()
"Password" = @()
"TargetServer" = ""
"Section" = ""
"TargetPort" = ""
}
# Extract users, passwords, server, protocol, and port
$userMatch = [regex]::Match($line, '\s+user(?:name)?\s+"([^"]+)"')
if ($userMatch.Success) {
$cred["Username"] = $userMatch.Groups[1].Value
}
$passMatch = [regex]::Match($line, '\s+pass(?:word)?\s+"([^"]+)"')
if ($passMatch.Success) {
$cred["Password"] = $passMatch.Groups[1].Value
}
$cred["TargetServer"] = if ($line -match '^(?:poll|skip)\s+(\S+)') { $matches[1] } else { $cred["TargetServer"] }
$cred["Section"] = if ($line -match '\s+proto(?:col)?\s+(\S+)') { $matches[1] } else { $cred["Section"] }
$cred["TargetPort"] = if ($line -match '\s+(?:port|service)\s+(\S+)') { $matches[1] } else { $cred["TargetPort"] }
# Return credentials if found
return $cred
}
# Parse each line for credentials
foreach ($line in $lines) {
# If 'defaults' line, save defaults
if ($line -match '^defaults') {
$defaults = Parse-FetchmailRCLine -line $line
continue
}
# Parse line, merge with defaults if any
$parsedCred = Parse-FetchmailRCLine -line $line
foreach ($key in $defaults.Keys) {
if (-not $parsedCred[$key] -or ($parsedCred[$key] -is [array] -and $parsedCred[$key].Count -eq 0)) {
$parsedCred[$key] = $defaults[$key]
}
}
# Add parsed credentials if valid
if ($parsedCred["TargetServer"] -and $parsedCred["Section"] -and $parsedCred["Username"] -and $parsedCred["Password"]) {
$credentials += [pscustomobject]@{
ComputerName = $ComputerName
ShareName = $ShareName
UncFilePath = $UncFilePath
FileName = $FileName
Section = $parsedCred["Section"]
ObjectName = "NA"
TargetURL = $TargetURL
TargetServer = $parsedCred["TargetServer"]
TargetPort = $parsedCred["TargetPort"]
Database = "NA"
Domain = "NA"
Username = $parsedCred["Username"]
Password = $parsedCred["Password"]
PasswordEnc = "NA"
KeyFilePath = "NA"
}
}
}
# Output credentials
if ($credentials.Count -eq 0) {
Write-Host "No credentials found in $FilePath"
} else {
$credentials | Format-Table -AutoSize
}
return $credentials
}