Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-10-31 03:43:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PowerHuntShares.psm1

Browse Source 
Fix static application guess output bug.
Add connection check for llm api endpoint.
This commit is contained in:
Scott Sutherland
2024-11-06 16:59:56 -06:00
committed by GitHub
parent 44449d5c4d
commit f4a987d34f
1 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
PowerHuntShares.psm1
View File

@@ -4,7 +4,7 @@
#-------------------------------------- #--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI # Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD # License: 3-clause BSD
# Version: v1.196 # Version: v1.197
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares function Invoke-HuntSMBShares
{ {
@@ -249,6 +249,19 @@ function Invoke-HuntSMBShares
$StartTime = Get-Date $StartTime = Get-Date
$StopWatch = [system.diagnostics.stopwatch]::StartNew() $StopWatch = [system.diagnostics.stopwatch]::StartNew()
$Time = Get-Date -UFormat "%m/%d/%Y %R" $Time = Get-Date -UFormat "%m/%d/%Y %R"
# Check if there is connectivity to the api for llm calls
if($ApiKey -and $Endpoint){
$ConnTestLLM = Invoke-LLMRequest -SimpleOutput -apikey $ApiKey -endpoint $Endpoint -text "Please return the word 'hello' and nothing else."
if($ConnTestLLM -like "*hello*"){
$RunLLMQueries = 1
}else{
$RunLLMQueries = 0
Write-Output " [*][$Time] Connection test for LLM API ENDPOINT failed. LLM Queries will not be run."
}
}
Write-Output " [*][$Time] Scan Start" Write-Output " [*][$Time] Scan Start"
# Nova format # Nova format
@@ -2262,7 +2275,9 @@ function Invoke-HuntSMBShares
$ListShareDesc = $_.Description $ListShareDesc = $_.Description
$ListShareLocalPathC = $_.LocalPath $ListShareLocalPathC = $_.LocalPath
if($ListShareLocalPathC -ne ""){ if($ListShareLocalPathC -ne ""){
$ListShareLocalPath = "$ListShareLocalPath is the expected local path." $ListShareLocalPath = "$ListShareLocalPathC is the expected local path."
}else{
$ListShareLocalPath = ""
} }
$ShareShareJust = $_.Justification $ShareShareJust = $_.Justification
$ListShareApp = $_.Application $ListShareApp = $_.Application
@@ -2960,7 +2975,7 @@ function Invoke-HuntSMBShares
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Check if API and Endpoint have been provided # Check if API and Endpoint have been provided
if ($ApiKey -and $Endpoint) { if ($RunLLMQueries -eq 1) {
# Status user # Status user
$Time = Get-Date -UFormat "%m/%d/%Y %R" $Time = Get-Date -UFormat "%m/%d/%Y %R"
@@ -3022,7 +3037,7 @@ function Invoke-HuntSMBShares
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Generate LLM Application Fingerprint Summary # Generate LLM Application Fingerprint Summary
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
if($ApiKey -and $Endpoint){ if($RunLLMQueries -eq 1){
# Status User # Status User
$Time = Get-Date -UFormat "%m/%d/%Y %R" $Time = Get-Date -UFormat "%m/%d/%Y %R"
@@ -3709,7 +3724,7 @@ function Invoke-HuntSMBShares
$ShareFileShareUnc = $ExcessiveSharePrivs | where FileListGroup -eq $FileGroupName | select SharePath -unique -expandproperty SharePath | foreach { "$_ <br>"} $ShareFileShareUnc = $ExcessiveSharePrivs | where FileListGroup -eq $FileGroupName | select SharePath -unique -expandproperty SharePath | foreach { "$_ <br>"}
# Get application fingerprint values if gathered # Get application fingerprint values if gathered
if($ApiKey -and $Endpoint){ if($RunLLMQueries -eq 1){
# Check llm results # Check llm results
$FgAppInfo = $ExcessiveSharePrivsFinal | where FileListGroup -eq $FileGroupName | where ShareGuessApp -notlike "" | select ShareGuessApp, ShareGuessLLM -first 1 $FgAppInfo = $ExcessiveSharePrivsFinal | where FileListGroup -eq $FileGroupName | where ShareGuessApp -notlike "" | select ShareGuessApp, ShareGuessLLM -first 1
@@ -3799,7 +3814,7 @@ function Invoke-HuntSMBShares
$AclBar = $ShareNameBars.AclBar $AclBar = $ShareNameBars.AclBar
# Get app description from llm results # Get app description from llm results
if($ApiKey -and $Endpoint){ if($RunLLMQueries -eq 1){
# Get lmm fingerprint matches for sharename # Get lmm fingerprint matches for sharename
$SnLLmMatchesRaw = $ExcessiveSharePrivsFinal | $SnLLmMatchesRaw = $ExcessiveSharePrivsFinal |
@@ -4711,7 +4726,9 @@ function Invoke-HuntSMBShares
$ListShareDesc = $_.Description $ListShareDesc = $_.Description
$ListShareLocalPathC = $_.LocalPath $ListShareLocalPathC = $_.LocalPath
if($ListShareLocalPathC -ne ""){ if($ListShareLocalPathC -ne ""){
$ListShareLocalPath = "$ListShareLocalPath is the expected local path." $ListShareLocalPath = "$ListShareLocalPathC is the expected local path."
}else{
$ListShareLocalPath = ""
} }
$ShareShareJust = $_.Justification $ShareShareJust = $_.Justification
$ListShareApp = $_.Application $ListShareApp = $_.Application
@@ -4725,7 +4742,6 @@ function Invoke-HuntSMBShares
$ShareShareJust $ShareShareJust
$ListShareLocalPath $ListShareLocalPath
"@ "@
} }
} }