neKuehn

## Invoke-FindOUpermissions.ps1
$MysIDArray = New-Object System.Collections.ArrayList
FUNCTION Invoke-FindOuPermissions{
<#
.SYNOPSIS
Invoke-FindOuPermissions is a Windows PowerShell script that finds all of the different OUs in a domain, determins the permissions assigned to different users and groups, and reports back which are different from their parent; including what those permissions are.This script does require the Active Directory Modules.

Author: Eric Kuehn

.DESCRIPTION
This script is designed to help during the Mapping phase of a penetration test.  It does require a valid set of credentials from the Active Directory Domain being searched.  Once it connects, it goes through the following process:

## FindOUpermissions.ps1
<#
.SYNOPSIS
FindOuPermissions is a Windows PowerShell script that finds all of the different OUs in a domain,
determins the permissions assigned to different users and groups, and reports back which are different
from their parent; including what those permissions are.

This script does require that the device be joined to the domain being queried and RSAT is installed.

Author: Eric Kuehn

## Clean-DCshadow.ps1
#Requires -RunAsAdministrator

#search for accounts that have the sync SPN that aren't a Domain Controller
$shadowcomps = Get-ADObject -LDAPFilter '(&(ServicePrincipalName=E3514235-4B06-11D1-AB04-00C04FC2DCD2/*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))' -Properties ServicePrincipalName

foreach ($scomp in $shadowcomps){

    $sSpns = $scomp.ServicePrincipalName | where {$_ -like "E3514235-4B06-11D1-AB04-00C04FC2DCD2/*"}

    foreach ($sSpn in $sSpns){

## Audit-ADwriters.ps1
#//////Functions
Function Get-OUacl ($ACLlist){
    $MyOUAclArray = New-Object System.Collections.ArrayList

    Foreach ($ACL in $ACLlist){
        $ACLobjectType = if($ACL.ObjectType -eq '00000000-0000-0000-0000-000000000000'){
            "All"
        }ELSE{
            $RawGUID = ([guid]$ACL.ObjectType).ToByteArray()
            (Get-ADObject  -Searchbase (Get-ADRootDSE).schemaNamingContext -Filter {schemaIDGUID -eq $RawGuid}).Name

## Audit-CriticalADGroups.ps1
#//////Functions
FUNCTION Get-AdminGroupMembers($Group, $DomainName){

    $Mems = Get-ADGroupMember -Identity $Group -Server $DomainName -Recursive

    Foreach ($mem in $Mems){
        if ($mem.objectClass -eq "user"){
            $adobj = $mem | Get-ADUser -Properties AllowReversiblePasswordEncryption,DoesNotRequirePreAuth,mail,MemberOf,PasswordNotRequired,SamAccountName,ServicePrincipalNames,canonicalName
            $act = ($adobj.canonicalName.split("."))[0] + "\" + $adobj.SamAccountName
        } elseif ($mem.objectClass -eq "computer"){

## RootChromebookAndroid.sh
#!/bin/sh
#This script was modified from the one created by Nolirium to create the new image file but not include the extra utilities
#https://nolirium.blogspot.com/2016/12/android-on-chrome-os-rooting-shell.html


# Main functions:

check_if_root() {

if [ $(id -u) != 0 ]; then
	$MysIDArray = New-Object System.Collections.ArrayList
	FUNCTION Invoke-FindOuPermissions{
	<#
	.SYNOPSIS
	Invoke-FindOuPermissions is a Windows PowerShell script that finds all of the different OUs in a domain, determins the permissions assigned to different users and groups, and reports back which are different from their parent; including what those permissions are.This script does require the Active Directory Modules.

	Author: Eric Kuehn

	.DESCRIPTION
	This script is designed to help during the Mapping phase of a penetration test. It does require a valid set of credentials from the Active Directory Domain being searched. Once it connects, it goes through the following process:
	<#
	.SYNOPSIS
	FindOuPermissions is a Windows PowerShell script that finds all of the different OUs in a domain,
	determins the permissions assigned to different users and groups, and reports back which are different
	from their parent; including what those permissions are.

	This script does require that the device be joined to the domain being queried and RSAT is installed.

	Author: Eric Kuehn
	#Requires -RunAsAdministrator

	#search for accounts that have the sync SPN that aren't a Domain Controller
	$shadowcomps = Get-ADObject -LDAPFilter '(&(ServicePrincipalName=E3514235-4B06-11D1-AB04-00C04FC2DCD2/*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))' -Properties ServicePrincipalName

	foreach ($scomp in $shadowcomps){

	$sSpns = $scomp.ServicePrincipalName \| where {$_ -like "E3514235-4B06-11D1-AB04-00C04FC2DCD2/*"}

	foreach ($sSpn in $sSpns){
	#//////Functions
	Function Get-OUacl ($ACLlist){
	$MyOUAclArray = New-Object System.Collections.ArrayList

	Foreach ($ACL in $ACLlist){
	$ACLobjectType = if($ACL.ObjectType -eq '00000000-0000-0000-0000-000000000000'){
	"All"
	}ELSE{
	$RawGUID = ([guid]$ACL.ObjectType).ToByteArray()
	(Get-ADObject -Searchbase (Get-ADRootDSE).schemaNamingContext -Filter {schemaIDGUID -eq $RawGuid}).Name
	#//////Functions
	FUNCTION Get-AdminGroupMembers($Group, $DomainName){

	$Mems = Get-ADGroupMember -Identity $Group -Server $DomainName -Recursive

	Foreach ($mem in $Mems){
	if ($mem.objectClass -eq "user"){
	$adobj = $mem \| Get-ADUser -Properties AllowReversiblePasswordEncryption,DoesNotRequirePreAuth,mail,MemberOf,PasswordNotRequired,SamAccountName,ServicePrincipalNames,canonicalName
	$act = ($adobj.canonicalName.split("."))[0] + "\" + $adobj.SamAccountName
	} elseif ($mem.objectClass -eq "computer"){
	#!/bin/sh
	#This script was modified from the one created by Nolirium to create the new image file but not include the extra utilities
	#https://nolirium.blogspot.com/2016/12/android-on-chrome-os-rooting-shell.html


	# Main functions:

	check_if_root() {

	if [ $(id -u) != 0 ]; then