Skip to content

"Missing" files on share and -FileKeywordsPath #19

New issue
New issue
Open
Open
"Missing" files on share and -FileKeywordsPath#19
@rkuhn-drivebyte

Description

@rkuhn-drivebyte
rkuhn-drivebyte
opened on Jan 2, 2025

Hi,

at first, thank you for the very cool and outstanding tool and all the work you put in!

At the moment I'm running into some issues and couldn't figure out why so far (will still try to find the issues).

The first issue is that I have a share, it's called "DIP$" for example. The share itself is detected. However, there are no files on the share detected. There is a folder "\test-server.domain.test\DIP$\system" that pops up in the report as a secret. However, no files are detected if I'm looking into the "domain.test-Shares-Directory-Listings-Depth-15.csv" (as we see here, i set the folder depth to 15). This File does not contain "DIP$" at all. From the manual search and other tools search I know that there are files on the share, that should trigger. But it seems to me, that the files are not enumerated at all. Is there any reason why specific shares are not getting enumerated?

The second issue is, that i have another share with some files that should trigger (as for my understanding), but don't. The share contains .pfx files. As for line 1500 in the code '$FileNamePatternsAll.Rows.Add(".pfx","Private key.","None.","Secret","")' this is a file pattern that should match. The file is listed in "domain.test-Shares-Directory-Listings-Depth-15.csv" this time. But it does not create a "Secret" in the report. Any idea why this is happening?

And the last issue is: I found some files like "pass.txt" and "pw.txt". I wanted to add them by adding entries into an "interesting-files.csv" like this:

"*pass.txt*","File that contains passwords","None.","Secret",""
"*pw.txt*","File that contains passwords","None.","Secret",""

However, they do not pop up. Also in this case, the files are listed in "domain.test-Shares-Directory-Listings-Depth-15.csv".

I called the tool with:
Invoke-HuntSMBShares -OutputDirectory ..\output -DirLevel 15 -FileKeywordsPath .\interesting-files.csv
and
Invoke-HuntSMBShares -OutputDirectory ..\output -DirLevel 15

Please let me know if I should split these into single issues or something.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions