Jordan Borean jborean93

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jborean93
                / keybase.md
            
            
              Created
              February 10, 2018 04:14
            
          
    Keybase proof

I hereby claim:

I am jborean93 on github.
I am jborean93 (https://keybase.io/jborean93) on keybase.
I have a public key ASBK396SPyaXDgm1YsnDbsIuacm8LKPknZa0C4omPUU8SAo

To claim this, I am signing this object:

  
## shadow-copy.ps1
Add-Type -Namespace Win32 -Name NativeMethods -MemberDefinition @'
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
[return: MarshalAs(UnmanagedType.I1)]
public static extern bool CreateSymbolicLinkW(
    string lpSymlinkFileName,
    string lpTargetFileName,
    UInt32 dwFlags);

[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool RemoveDirectoryW(

## shadow-copy-deviceiocontrol.ps1
<#
This does not work due to the unsupported CTL_CODE used in DeviceIoControl

DeviceIoControl() get buffer size failed - Incorrect function (Win32 ErrorCode 1 - 0x00000001)
At C:\temp\enumerate_snapshots.ps1:145 char:1
+ Get-ShadowCopy -Path "\\localhost\c$"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ShadowCopy
#>

## Get-SnapshotPath.psm1
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

# To use, copy the .psm1 file locally and run
# Import-Module -Name Get-SnapshotPath.psm1
# Get-SnapshotPath -Path "\\server\share"

Add-Type -TypeDefinition @'
using Microsoft.Win32.SafeHandles;
using System;

## Get-ProcessSessionStationAndDesktop.ps1
Add-Type -TypeDefinition @'
using System;
using System.Runtime.InteropServices;

namespace ProcessInfo
{
    public class NativeMethods
    {
        [DllImport("User32.dll", SetLastError = true)]
        public static extern bool CloseDesktop(

## Install-ModuleNupkg.ps1
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

<#
The cmdlets in this script can be used to install a PowerShell module from a nupkg as well as some logic to get the
nupkg URI from either the PowerShell Gallery or a GitHub release asset. The PowerShell Gallery is the most reliable
function to use as a nupkg is guaranteed to be there and a GitHub release must have explicitly added the nupkg itself.

You can run this by doing:

## smb_listdir.py
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

import uuid

from smbprotocol.connection import Connection
from smbprotocol.session import Session
from smbprotocol.open import CreateDisposition, CreateOptions, DirectoryAccessMask, FileAttributes, \
    FileInformationClass, ImpersonationLevel, Open, ShareAccess
from smbprotocol.tree import TreeConnect

## Add-WinRMDaclRule.ps1
Function Add-WinRMDaclRule {
    <#
    .SYNOPSIS
    Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration.

    .DESCRIPTION
    Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration.

    This can be useful if you wish to give access to an individual user or group to either the root WinRM listener or
    a specific PSSession configuration that is not an Administrator.

## smb_b_open.py
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

import uuid

from contextlib import contextmanager
from io import BytesIO
from smbprotocol.connection import Connection
from smbprotocol.session import Session
from smbprotocol.open import CreateDisposition, FileAttributes, FilePipePrinterAccessMask, ImpersonationLevel, Open, \

## Ansible Example.ps1

$bootstrap_wrapper = {
    &chcp.com 65001 > $null
	$exec_wrapper_str = $input | Out-String
	$split_parts = $exec_wrapper_str.Split(@("`0`0`0`0"), 2, [StringSplitOptions]::RemoveEmptyEntries)
	If (-not $split_parts.Length -eq 2) { throw "invalid payload" }
	Set-Variable -Name json_raw -Value $split_parts[1]
	$exec_wrapper = [ScriptBlock]::Create($split_parts[0])
	&$exec_wrapper
}.ToString()
	Add-Type -Namespace Win32 -Name NativeMethods -MemberDefinition @'
	[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
	[return: MarshalAs(UnmanagedType.I1)]
	public static extern bool CreateSymbolicLinkW(
	string lpSymlinkFileName,
	string lpTargetFileName,
	UInt32 dwFlags);

	[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
	public static extern bool RemoveDirectoryW(
	<#
	This does not work due to the unsupported CTL_CODE used in DeviceIoControl

	DeviceIoControl() get buffer size failed - Incorrect function (Win32 ErrorCode 1 - 0x00000001)
	At C:\temp\enumerate_snapshots.ps1:145 char:1
	+ Get-ShadowCopy -Path "\\localhost\c$"
	+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
	+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ShadowCopy
	#>
	# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
	# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

	# To use, copy the .psm1 file locally and run
	# Import-Module -Name Get-SnapshotPath.psm1
	# Get-SnapshotPath -Path "\\server\share"

	Add-Type -TypeDefinition @'
	using Microsoft.Win32.SafeHandles;
	using System;
	Add-Type -TypeDefinition @'
	using System;
	using System.Runtime.InteropServices;

	namespace ProcessInfo
	{
	public class NativeMethods
	{
	[DllImport("User32.dll", SetLastError = true)]
	public static extern bool CloseDesktop(
	# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
	# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

	<#
	The cmdlets in this script can be used to install a PowerShell module from a nupkg as well as some logic to get the
	nupkg URI from either the PowerShell Gallery or a GitHub release asset. The PowerShell Gallery is the most reliable
	function to use as a nupkg is guaranteed to be there and a GitHub release must have explicitly added the nupkg itself.

	You can run this by doing:
	# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com>
	# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

	import uuid

	from smbprotocol.connection import Connection
	from smbprotocol.session import Session
	from smbprotocol.open import CreateDisposition, CreateOptions, DirectoryAccessMask, FileAttributes, \
	FileInformationClass, ImpersonationLevel, Open, ShareAccess
	from smbprotocol.tree import TreeConnect
	Function Add-WinRMDaclRule {
	<#
	.SYNOPSIS
	Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration.

	.DESCRIPTION
	Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration.

	This can be useful if you wish to give access to an individual user or group to either the root WinRM listener or
	a specific PSSession configuration that is not an Administrator.

	$bootstrap_wrapper = {
	&chcp.com 65001 > $null
	$exec_wrapper_str = $input \| Out-String
	$split_parts = $exec_wrapper_str.Split(@("`0`0`0`0"), 2, [StringSplitOptions]::RemoveEmptyEntries)
	If (-not $split_parts.Length -eq 2) { throw "invalid payload" }
	Set-Variable -Name json_raw -Value $split_parts[1]
	$exec_wrapper = [ScriptBlock]::Create($split_parts[0])
	&$exec_wrapper
	}.ToString()