/Get-FileShareAccessRights

Multiple functions to evaluate critical file permissions on a specified network share

Primary LanguagePowerShell

PowerShell Network Share Tools

This repository provides a collection of PowerShell functions that assist administrators and security auditors in evaluating network share permissions, Discretionary Access Control Lists (DACLs), and ownership details.

The idea to this came after finding file permission issues on SYSVOL and NETLOGON shares multiple times during security assessments.

Functions

  1. Get-FileShareCriticalPermissions: Recursively retrieves the ACE´s for a specified network share path, listing the users/groups and their associated rights.
  2. Get-CriticalPermissionOverview: Get an overview which users have critical permissions on the share
  3. Get-CriticalPermissionsByUser: Get file and folder objects a user/group has critical permissions to
  4. Get-FileDACL: Fetches the DACL of a specified file, returning each Access Control Entry (ACE) as an individual object.
  5. Get-FileShareOwnershipAndCreator: Recursively fetches the owner and creator (if available) of files and folders from a given network share path.

Usage

Download and import

iex (New-Object Net.Webclient).downloadstring('https://raw.githubusercontent.com/michiiii/Get-FileShareAccessRights/main/Get-FileShareAccessRights.ps1')

Get-FileShareCriticalPermissions

Retrieve the ACE´s for a specified network share path.

$permissions = Get-FileShareCriticalPermissions -NetworkSharePath "\\pwnyfarm.local\netlogon"

Get-CriticalPermissionOverview

Following that I want to create an overview of which users have how many write permissions

# See users that have potential critical rights
Get-CriticalPermissionOverview -SharePermissions $permissions

Get-CriticalPermissionsByUser

Finally, you can filter for intersting user/groups:

Get-CriticalPermissionsByUser -SharePermissions $permissions -UserName "Authenticated Users"

Get-FileDACL

Retrieves the DACL for a specified file.

Get-FileDACL -FilePath "\\pwnyfarm.local\netlogon\LAPS.msi"

Get-FileShareOwnershipAndCreator

Retrieve the owner and creator information from a network share path.

Get-FileShareOwnershipAndCreator -NetworkSharePath "\\pwnyfarm.local\netlogon"

Contributions

Feel free to submit pull requests or issues if you identify any bugs or have suggestions for improvements.

Contributors:

  • @skelsec: Supporting me to do this as accurate as possible :D

TODO

  • Consider Deny rules in the ACL´s