Dan danzek

## clsid_list.txt
# use shell::: with CLSID to launch location from run dialog
# e.g., shell:::{21EC2020-3AEA-1069-A2DD-08002B30309D}
#
# retrieved 20170719 from http://krypsec.com/all-clsid-for-windows-to-used-in-ethical-hacking-and-batch-programming/
#
# see also:
# https://www.sysnative.com/forums/windows-8-windows-rt-tutorials/12157-shells-shortcuts-clsid-listing-windows-10-8-1-8-7-a.html
# http://www.geoffchappell.com/studies/windows/shell/explorer/cmdline.htm

CLSID_ControlPanel                {21EC2020-3AEA-1069-A2DD-08002B30309D}

## mapGPSv1.py
# Extracts GPS coordinates from images in X-Ways Forensic software and creates a KML file plotting
# the location data that can be opened in Google Earth.
#
# Using public code for extracting GPS EXIF data from https://gist.github.com/moshekaplan/5330395
# based on original code at https://gist.github.com/erans/983821 using PIL 1.1.7 library
#
# Copyright (c) 2013 Dan O'Day. All rights reserved. https://code.google.com/p/digital0day/
# This software distributed under the Eclipse Public License 1.0 (EPL-1.0)
# http://www.opensource.org/licenses/EPL-1.0
#

## narrowWiden.cpp
/* Retrieved from http://stackoverflow.com/a/18374698/ on April 13, 2017
 * Posted by user [dk123](https://stackoverflow.com/users/1709725/dk123) on Aug 22 '13 at 7:57
 * Credit given in post to user ArmanSchwarz who posted a comment with this information
 */

#include <codecvt>

// string to wstring
wstring s2ws(const std::string& str)
{

## directcopy.cpp
/* only works on NTFS: does not work for resident files (files within the $MFT)
 * from http://www.rohitab.com/discuss/topic/24252-ntfs-directcopy-method-from-napalm/
 * retrieved on April 13, 2017
 * posted by user Napalm (http://www.rohitab.com/discuss/user/3860-napalm/) 09 April 2007 - 03:13 AM

DirectCopy v2.0 - by Napalm @ NetCore2K
------------------------------------
Please try and read and understand this source code. You will learn something.

Sector  = 512 Bytes of disk space

## macoslogginqgsubsystems
class Logging(object):

    __name__ = 'logger.info(1)'
    plist = '/System/Library/Preferences/Logging/Subsystems/'

    def __init__(__name__, plist, *args, **kwargs):
        super(getLogger/, self).__init__()

        logger.info('Input parameters:\n'
                    'accessibility: "{com.apple.Accessibility.plist}"\n'

## createDirectoryRecursively.cpp
/* From http://blog.nuclex-games.com/2012/06/how-to-create-directories-recursively-with-win32/
 * Retrieved April 12, 2017
 * Posted by user Cygon (http://blog.nuclex-games.com/author/cygon/)
 *
 * This code is free for the taking and you can use it however you want.
 *
 * THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
 * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

## bruteforcegesture.py
#!/usr/bin/env python

"""Cracks a gesture.key file (Android pattern lock), reverse-engineers the Android method of creating an unsalted SHA1
hash value from the 3-9 digit pattern code (each digit consisting of 9 possible values: 0-8).

Note that Android > v2.33 requires minimum of four values, but three makes this work for old ones too.

The original Android source code for pattern locks:

/*

## WindowsNTFS.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              5 stars
            
          
                danzek
                / WindowsNTFS.md
            
            
              Last active
              March 25, 2022 12:25
            
              
                Some important articles on Windows/NTFS
              
          
    Important articles about Windows/NTFS

This also contains quotes from the articles in case they are moved/deleted/etc.

File Times: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724290


A file time is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since 12:00 A.M. January 1, 1601 Coordinated Universal Time (UTC). The system records file times when applications create, access, and write to files.
The NTFS file system stores time values in UTC format, so they are not affected by changes in time zone or daylight saving time. The FAT file system stores time values based on the local time of the computer.  For example, a file that is saved at 3:00pm PST in Washington is seen as 6:00pm EST in New York on an NTFS volume, but it is seen as 3:00pm EST in New York on a FAT volume.


## makeMetered.ps1
<#
.SYNOPSIS   :  PowerShell script to set Ethernet connection as metered or not metered

.AUTHOR     :  Michael Pietroforte

.SITE       :  https://4sysops.com
#>

# Retrieved from https://4sysops.com/archives/set-windows-10-ethernet-connection-to-metered-with-powershell/

## sid.py
#!/usr/bin/env python
"""
Module containing class to parse and return formatted SID string given list of integers containing SID from byte array

This was made for formatting the CreatorSID from the Microsoft Windows CIM (WMI) repository database in the standard
Windows SID format ("S-1-5-21-<RID>-<RID>...). For instance, if using a script such as [`python-cim`](https://github.com/fireeye/flare-wmi/tree/master/python-cim)
[filter-to-consumer bindings](https://github.com/fireeye/flare-wmi/blob/master/python-cim/samples/show_filtertoconsumerbindings.py),
to extract CreatorSID using that script, you would add `'CreatorSID'` to the filter or consumer properties like so:

    filter_sid = filter.properties["CreatorSID"].value
	# use shell::: with CLSID to launch location from run dialog
	# e.g., shell:::{21EC2020-3AEA-1069-A2DD-08002B30309D}
	#
	# retrieved 20170719 from http://krypsec.com/all-clsid-for-windows-to-used-in-ethical-hacking-and-batch-programming/
	#
	# see also:
	# https://www.sysnative.com/forums/windows-8-windows-rt-tutorials/12157-shells-shortcuts-clsid-listing-windows-10-8-1-8-7-a.html
	# http://www.geoffchappell.com/studies/windows/shell/explorer/cmdline.htm

	CLSID_ControlPanel {21EC2020-3AEA-1069-A2DD-08002B30309D}
	# Extracts GPS coordinates from images in X-Ways Forensic software and creates a KML file plotting
	# the location data that can be opened in Google Earth.
	#
	# Using public code for extracting GPS EXIF data from https://gist.github.com/moshekaplan/5330395
	# based on original code at https://gist.github.com/erans/983821 using PIL 1.1.7 library
	#
	# Copyright (c) 2013 Dan O'Day. All rights reserved. https://code.google.com/p/digital0day/
	# This software distributed under the Eclipse Public License 1.0 (EPL-1.0)
	# http://www.opensource.org/licenses/EPL-1.0
	#
	/* Retrieved from http://stackoverflow.com/a/18374698/ on April 13, 2017
	* Posted by user [dk123](https://stackoverflow.com/users/1709725/dk123) on Aug 22 '13 at 7:57
	* Credit given in post to user ArmanSchwarz who posted a comment with this information
	*/

	#include <codecvt>

	// string to wstring
	wstring s2ws(const std::string& str)
	{
	/* only works on NTFS: does not work for resident files (files within the $MFT)
	* from http://www.rohitab.com/discuss/topic/24252-ntfs-directcopy-method-from-napalm/
	* retrieved on April 13, 2017
	* posted by user Napalm (http://www.rohitab.com/discuss/user/3860-napalm/) 09 April 2007 - 03:13 AM

	DirectCopy v2.0 - by Napalm @ NetCore2K
	------------------------------------
	Please try and read and understand this source code. You will learn something.

	Sector = 512 Bytes of disk space
	class Logging(object):

	__name__ = 'logger.info(1)'
	plist = '/System/Library/Preferences/Logging/Subsystems/'

	def __init__(__name__, plist, args, *kwargs):
	super(getLogger/, self).__init__()

	logger.info('Input parameters:\n'
	'accessibility: "{com.apple.Accessibility.plist}"\n'
	/* From http://blog.nuclex-games.com/2012/06/how-to-create-directories-recursively-with-win32/
	* Retrieved April 12, 2017
	* Posted by user Cygon (http://blog.nuclex-games.com/author/cygon/)
	*
	* This code is free for the taking and you can use it however you want.
	*
	* THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
	* LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
	* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
	#!/usr/bin/env python

	"""Cracks a gesture.key file (Android pattern lock), reverse-engineers the Android method of creating an unsalted SHA1
	hash value from the 3-9 digit pattern code (each digit consisting of 9 possible values: 0-8).

	Note that Android > v2.33 requires minimum of four values, but three makes this work for old ones too.

	The original Android source code for pattern locks:

	/*
	<#
	.SYNOPSIS : PowerShell script to set Ethernet connection as metered or not metered

	.AUTHOR : Michael Pietroforte

	.SITE : https://4sysops.com
	#>

	# Retrieved from https://4sysops.com/archives/set-windows-10-ethernet-connection-to-metered-with-powershell/
	#!/usr/bin/env python
	"""
	Module containing class to parse and return formatted SID string given list of integers containing SID from byte array

	This was made for formatting the CreatorSID from the Microsoft Windows CIM (WMI) repository database in the standard
	Windows SID format ("S-1-5-21-<RID>-<RID>...). For instance, if using a script such as [`python-cim`](https://github.com/fireeye/flare-wmi/tree/master/python-cim)
	[filter-to-consumer bindings](https://github.com/fireeye/flare-wmi/blob/master/python-cim/samples/show_filtertoconsumerbindings.py),
	to extract CreatorSID using that script, you would add `'CreatorSID'` to the filter or consumer properties like so:

	filter_sid = filter.properties["CreatorSID"].value