Saturday, March 12, 2016

File and Folder Auditing with Powershell

$ErrorActionPreference = "Continue"
$strComputer = $env:ComputerName
$colDrives = Get-PSDrive -PSProvider Filesystem
    $StartPath = "\\myserver\share"
    Get-ChildItem -LiteralPath $StartPath -Recurse |
    ForEach {
      $FullPath = Get-Item -LiteralPath (Get-Item -LiteralPath $_.PSPath)
      (Get-Item -LiteralPath $FullPath).GetAccessControl() |
      Select * -Expand Access |
      Select @{N='Server Name';E={$strComputer}},
             @{N='Full Path';E={$FullPath}},
             @{N='Type';E={If($FullPath.PSIsContainer -eq $True) {'D'} Else {'F'}}},
             @{N='Trustee';E={$_.IdentityReference}} } |
             #@{N='Inheritance Flags';E={$_.InheritanceFlags}},
             #@{N='Ace Flags';E={$_.PropagationFlags}},
             #@{N='Ace Type';E={$_.AccessControlType}},
             #@{N='Access Masks';E={$_.FileSystemRights}} } |
      Export-CSV -NoTypeInformation -Delimiter "," –Path "$strComputer`_myserver-share.csv"

No comments:

Post a Comment

Docker with Juiceshop - Focus on SQL Injection

In preparation for an ethical hacking class that I will be teaching, I wanted to work through a few of the Vulnhub or docker images to refr...