I often want to show customers how a ransomware attack will affect the business. Finding all the network shares that you have write access to as a normal user can take a lot of time to do manually. As a result of this I have created a script that I have called Ransomware simulator. The thought is that you start this script from one of your user’s workstation logged on as a normal user. The script will then find the shares to the hosts you specify and test if it can write to it or not. The script will find normal shares as well as administrative shares ($ shares). You can specify hostnames, ip-addresses or ip-ranges as input to the script. If you need help you can type get-help against the script.
I have copied a lot of code from Matthew Graeber (@mattifestation) and from Will Schroeder (@Harmj0y), so credits to them for their great work.
This release of the script is just the first version; I am currently working on a version that supports multi-threading on the scanning process. I have also created a video that shows the script in action:
The script can be found here: https://github.com/api0cradle/PowershellScripts/tree/master/Security
In order to run the 1.0 version of the script you need to run the script elevated and you need to be on a Windows 8.1 or newer OS that supports the test-netconnection cmdlet. This will change in my next release.
Hope you find this useful.