Skip to content

Instantly share code, notes, and snippets.

View Get-SMBIOSData.ps1
Add-Type -TypeDefinition @'
using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace SMBIOS
{
public enum FirmwareProvider : uint
{
ACPI = 0x41435049,
@jborean93
jborean93 / macOS-CommandLine.ps1
Created December 2, 2022 07:16
Get the Command Line of a process on macOS
View macOS-CommandLine.ps1
Add-Type -CompilerOptions '/unsafe' -TypeDefinition @'
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace macOS
{
public static class Native
{
[DllImport("libc", SetLastError = true)]
@jborean93
jborean93 / Copy-ToFtp.ps1
Created December 2, 2022 03:20
Copies a file to an FTP(S) server
View Copy-ToFtp.ps1
# Copyright: (c) 2022, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function Copy-ToFtp {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[System.String]
$Path,
@jborean93
jborean93 / Get-TlsCipherSuite.ps1
Created November 3, 2022 02:38
Basic replacement for Get-TlsCipherSuite for older OS versions.
View Get-TlsCipherSuite.ps1
Function Get-TlsCipherSuite {
<#
.DESCRIPTION
Get a list of enabled TLS cipher suites for the server.
This is like the Get-TlsCipherSuite cmdlet but works on older Windows
versions.
#>
[OutputType([string])]
param ()
@jborean93
jborean93 / Remove-FileEntry.ps1
Last active December 2, 2022 01:19
Removes a file/dir using direct Win32 calls
View Remove-FileEntry.ps1
Add-Type -TypeDefinition @'
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.IO;
using System.Runtime.InteropServices;
namespace Kernel32
{
public enum FileInfoLevel
@jborean93
jborean93 / tls-keylogger.ps1
Last active November 26, 2022 19:36
Logs Wireshark compatible TLS keys like the SSLKEYLOGFILE env var
View tls-keylogger.ps1
#Requires -Module PSDetour
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[string]
$LogPath
)
$LogPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($LogPath)
@jborean93
jborean93 / Get-SMBApplicationKey.ps1
Last active October 12, 2022 19:44
Gets the SMB2 Application Key from a Logon Session
View Get-SMBApplicationKey.ps1
# Copyright: (c) 2022, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
<# Example Code to Run on the Server
$pipeServer = [System.IO.Pipes.NamedPipeServerStream]::new("jordan-test", [System.IO.Pipes.PipeDirection]::InOut)
$pipeServer.WaitForConnection()
try {
$tokenStat = Get-NamedPipeClientStatistics -Pipe $pipeServer
$appKey = Get-SMBApplicationKey -LogonId $tokenStat.AuthenticationId
[System.Convert]::ToBase64String($appKey.Applicationkey)
@jborean93
jborean93 / Get-LogonSessionData.ps1
Created August 30, 2022 11:57
Get LSA logon session data
View Get-LogonSessionData.ps1
# Copyright: (c) 2022, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function Get-LogonSessionData {
<#
.SYNOPSIS
Get LSA logon session data.
.DESCRIPTION
Get the logon session information for all or a specific logon session or specific process logon sessions.
@jborean93
jborean93 / Get-WTSSessionInfo.ps1
Last active August 23, 2022 03:52
Tries to replicate qwinsta but return structured objects
View Get-WTSSessionInfo.ps1
# Copyright: (c) 2022, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function Get-WTSSessionInfo {
<#
.SYNOPSIS
Enumerates sessions on a Windows host.
.DESCRIPTION
Enumerates all the sessions available on a Windows host through the WTSEnumerateSessionsExW API.
@jborean93
jborean93 / Trace-TlsHandshake.ps1
Last active November 3, 2022 02:03
Debug TLS Handshakes using .NET
View Trace-TlsHandshake.ps1
# Copyright: (c) 2022, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function Trace-TlsHandshake {
<#
.SYNOPSIS
TLS Handshake Diagnostics.
.DESCRIPTION
Performs a TLS handshake and returns diagnostic information about that