I hereby claim:
- I am jborean93 on github.
- I am jborean93 (https://keybase.io/jborean93) on keybase.
- I have a public key ASBK396SPyaXDgm1YsnDbsIuacm8LKPknZa0C4omPUU8SAo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
Add-Type -Namespace Win32 -Name NativeMethods -MemberDefinition @' | |
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] | |
[return: MarshalAs(UnmanagedType.I1)] | |
public static extern bool CreateSymbolicLinkW( | |
string lpSymlinkFileName, | |
string lpTargetFileName, | |
UInt32 dwFlags); | |
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] | |
public static extern bool RemoveDirectoryW( |
<# | |
This does not work due to the unsupported CTL_CODE used in DeviceIoControl | |
DeviceIoControl() get buffer size failed - Incorrect function (Win32 ErrorCode 1 - 0x00000001) | |
At C:\temp\enumerate_snapshots.ps1:145 char:1 | |
+ Get-ShadowCopy -Path "\\localhost\c$" | |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException | |
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ShadowCopy | |
#> |
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
# To use, copy the .psm1 file locally and run | |
# Import-Module -Name Get-SnapshotPath.psm1 | |
# Get-SnapshotPath -Path "\\server\share" | |
Add-Type -TypeDefinition @' | |
using Microsoft.Win32.SafeHandles; | |
using System; |
Add-Type -TypeDefinition @' | |
using System; | |
using System.Runtime.InteropServices; | |
namespace ProcessInfo | |
{ | |
public class NativeMethods | |
{ | |
[DllImport("User32.dll", SetLastError = true)] | |
public static extern bool CloseDesktop( |
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
<# | |
The cmdlets in this script can be used to install a PowerShell module from a nupkg as well as some logic to get the | |
nupkg URI from either the PowerShell Gallery or a GitHub release asset. The PowerShell Gallery is the most reliable | |
function to use as a nupkg is guaranteed to be there and a GitHub release must have explicitly added the nupkg itself. | |
You can run this by doing: |
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
import uuid | |
from smbprotocol.connection import Connection | |
from smbprotocol.session import Session | |
from smbprotocol.open import CreateDisposition, CreateOptions, DirectoryAccessMask, FileAttributes, \ | |
FileInformationClass, ImpersonationLevel, Open, ShareAccess | |
from smbprotocol.tree import TreeConnect |
Function Add-WinRMDaclRule { | |
<# | |
.SYNOPSIS | |
Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration. | |
.DESCRIPTION | |
Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration. | |
This can be useful if you wish to give access to an individual user or group to either the root WinRM listener or | |
a specific PSSession configuration that is not an Administrator. |
# Copyright: (c) 2019, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
import uuid | |
from contextlib import contextmanager | |
from io import BytesIO | |
from smbprotocol.connection import Connection | |
from smbprotocol.session import Session | |
from smbprotocol.open import CreateDisposition, FileAttributes, FilePipePrinterAccessMask, ImpersonationLevel, Open, \ |
$bootstrap_wrapper = { | |
&chcp.com 65001 > $null | |
$exec_wrapper_str = $input | Out-String | |
$split_parts = $exec_wrapper_str.Split(@("`0`0`0`0"), 2, [StringSplitOptions]::RemoveEmptyEntries) | |
If (-not $split_parts.Length -eq 2) { throw "invalid payload" } | |
Set-Variable -Name json_raw -Value $split_parts[1] | |
$exec_wrapper = [ScriptBlock]::Create($split_parts[0]) | |
&$exec_wrapper | |
}.ToString() |