Skip to content

Instantly share code, notes, and snippets.

@ItsMichal

ItsMichal/MGWNDSOR.ps1

Created January 17, 2019 22:25
Show Gist options
  • Save ItsMichal/cab8b0bb6c42e9b1ecd85eab5b8d3e3e to your computer and use it in GitHub Desktop.
Save ItsMichal/cab8b0bb6c42e9b1ecd85eab5b8d3e3e to your computer and use it in GitHub Desktop.
Download ZIP
Metal Gear WNDSOR
Raw
MGWNDSOR.ps1
#Metal Gear WNDSOR by Michal Bodzianowski
#DEFINED
$services_exempt = "AppMgmt", "AppXSvc", "camsvc", "ClipSVC", "defragsvc", "DoSvc", "DsSvc", "InstallService", "PhoneSvc", "smphost", "TrustedInstaller", "LSM", "NetSetupSVC"
#resource
#SETUP
$host.UI.RawUI.ForegroundColor = "Gray"
$host.UI.RawUI.BackgroundColor = "DarkGreen"
clear
echo "-------------------------------------------------------------------------------
T A C T I C A L E S P I O N A G E A C T T I O N
_ _ ___ _____ _ _ ___ ___ _ ____ __ __ _ _ ___
| \ / || _|_ _|/ \ | | / _ \ | _| / \ | _ \ / \ / \ | | | || \
| \/ || | | | / _ \ | | | / \_|| | / A \ | | | || |\_|| /\ || | | || |\ |
| \ / || |_ | || |_| || | | | __ | |_ | /_\ || |_| | \ \ | || || | | || || |
| |\/| || _| | || _ || | | ||_ || _|| _ || _ < \ \ | || || | | || || |
| | | || | | || | | || | | | | || | | | | || | | | _ \ \| || || | | || || |
| | | || |_ | || | | || |_| \_/ || |_ | | | || | | || \| || \/ || |_| || |/ |
|_| |_||___| |_||_| |_||___|\__,_||___||_| |_||_| \_\ \__/ \__/ |___|_||___/
-------------------------------------------------------------------------------
INITIATING METAL GEAR WNDSOR - PROTOTYPE ADVANCED CYBER WEAPONS SYSTEM
-------------------------------------------------------------------------------
"
echo "Installing Required Packages..."
Install-Module -Name PolicyFileEditor
echo "Running gpupdate..."
echo gpupdate
#END SETUP
#FUNCTIONS
function MG-Policies {
echo "POLICIES - Starting Policy check..."
#this part made by help from https://4sysops.com/archives/compare-windows-services-in-powershell-with-compare-object/
$usedefaultfilename = Read-Host "Use default csv name? (y/n)"
$filename = "C:\Users\ene\Desktop\default_user.csv"
Switch($usedefaultfilename)
{
N {$filename = Read-Host "Please enter filepath"}
Default {echo "Using default filename"}
}
$og_services_user = Import-Csv $filename
$cur_services_user = Get-PolicyFileEntry -Path "$env:windir\system32\GroupPolicy\User\registry.pol" -all | select name, caption, state, startmode
echo "TEST"
$Diff_startmode = ForEach ($line1 in $cur_services) # Looking for all rows in the first CSV file
{
$found = 0
ForEach ($line2 in $og_services) # Looking for all rows in the second CSV file
{
IF ($line1.name -eq $line2.name) # If the same service name is found in both files
{
#Write-Host $line1.name . " - " . $line2.name
$found = 1
IF (($line1.startmode -ne $line2.startmode) -and !($line1.name -in $services_exempt) ) # If startmode is different
{
New-Object -TypeName PSObject -Property @{
Name = $line1.name
Caption = $line1.caption
Reason = "Startmode"
CUR = $line1.startmode
OG = $line2.startmode
}
} ElseIf (($line1.state -ne $line2.state)-and !($line1.name -in $services_exempt)) {
Write-Host "MATCH - " $line1.name " - " $line2.name
New-Object -TypeName PSObject -Property @{
Name = $line1.name
Caption = $line1.caption
Reason = "State"
CUR = $line1.state
OG = $line2.state
}
}
}
}
If ($found -eq 0){
New-Object -TypeName PSObject -Property @{
Name = $line1.name
Caption = $line1.caption
Reason = "Not Found!"
OG = ""
CUR = ""
}
}
}
$Diff_startmode | select Name, caption, Reason, CUR, OG | export-csv -encoding UTF8 -notype "ServicesFinal.csv"
$Diff_startmode | Out-GridView -PassThru -Title "Service Results"
}
function MG-LSP {
echo "SERVICES - Starting LSP check..."
#this part made by help from https://4sysops.com/archives/compare-windows-services-in-powershell-with-compare-object/
$usedefaultfilename = Read-Host "Use default csv name? (y/n)"
$filename = "C:\Users\ene\Desktop\default_services.csv"
Switch($usedefaultfilename)
{
N {$filename = Read-Host "Please enter filepath"}
Default {echo "Using default filename"}
}
$og_services = Import-Csv $filename
$cur_services = Get-CimInstance win32_service | select name, caption, state, startmode
echo "TEST"
$Diff_startmode = ForEach ($line1 in $cur_services) # Looking for all rows in the first CSV file
{
$found = 0
ForEach ($line2 in $og_services) # Looking for all rows in the second CSV file
{
IF ($line1.name -eq $line2.name) # If the same service name is found in both files
{
#Write-Host $line1.name . " - " . $line2.name
$found = 1
IF (($line1.startmode -ne $line2.startmode) ) # If startmode is different
{
New-Object -TypeName PSObject -Property @{
Name = $line1.name
Caption = $line1.caption
Reason = "Startmode"
CUR = $line1.startmode
OG = $line2.startmode
}
} ElseIf ($line1.state -ne $line2.state) {
Write-Host "MATCH - " $line1.name " - " $line2.name
New-Object -TypeName PSObject -Property @{
Name = $line1.name
Caption = $line1.caption
Reason = "State"
CUR = $line1.state
OG = $line2.state
}
}
}
}
If ($found -eq 0){
New-Object -TypeName PSObject -Property @{
Name = $line1.name
Caption = $line1.caption
Reason = "Not Found!"
OG = ""
CUR = ""
}
}
}
$Diff_startmode | select Name, caption, Reason, CUR, OG | export-csv -encoding UTF8 -notype "ServicesFinal.csv"
$Diff_startmode | Out-GridView -PassThru -Title "Service Results"
}
#TODO: USER INTERFACE
MG-Services
#Services Check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment