Skip to content

Instantly share code, notes, and snippets.

Neil Sabol neil-sabol

  • New Mexico, USA
View GitHub Profile
@neil-sabol
neil-sabol / totp-test.ps1
Last active Apr 30, 2020
See https://blog.neilsabol.site/post/effect-of-clock-skew-on-oath-totp-passcodes/. This snippet generates and compares OATH-TOTP passcodes with varying degrees of clock skew (resets the computer's time) and dumps the results to CSV.
View totp-test.ps1
############################################################################################################
# NOTE: This must be run as administrator since w32tm and time are used to manipulate the computer's time. #
############################################################################################################
# Import ecspresso's TOTPPowerShellModule (based on jonfriesen's TOTP Client for PowerShell).
# Assumes the module is downloaded to C:\Temp\TOTP.
# https://github.com/ecspresso/TOTPPowerShellModule
# https://gist.github.com/jonfriesen/234c7471c3e3199f97d5
Import-Module C:\Temp\TOTP\totp.psd1
@neil-sabol
neil-sabol / onetimesecret-api-random-credential-link-example.ps1
Created Apr 5, 2020
See https://blog.neilsabol.site/post/onetimesecret-api-powershell-cli-basic-example-one-time-secret/ . This snippet uses Invoke-RestMethod and the OneTimeSecret API to generate a random password then output the password and secret link to retrieve it.
View onetimesecret-api-random-credential-link-example.ps1
@neil-sabol
neil-sabol / ykman-yubikey-create-oath-totp-credential-example.ps1
Last active Apr 6, 2020
See https://blog.neilsabol.site/post/yubikey-manager-ykman-powershell-cli-duo-mfa-oath-totp-token/ . This snippet uses the ykman command to generate an OATH-TOTP credential on the Yubikey which can be used with services that require you to supply your own TOTP secret.
View ykman-yubikey-create-oath-totp-credential-example.ps1
# Create an alias for ykman pointing the install location
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe"
# Get the Yubikey's serial number with ykman
# Not required but will be used to import into Duo later (to test)
$serialNumber = ykman info | where { $_ -like "Serial number:*" } | %{ $_ -replace "Serial number: ",""}
# Generate a random 40 character hex secret
# See https://codegolf.stackexchange.com/questions/58442/generate-random-uuid - thanks Forty3
# The length of the hex secret must be divisible by 5 to leverage HumanEquivalentUnit's
@neil-sabol
neil-sabol / ykman-yubikey-static-password-reset-example.ps1
Last active Mar 21, 2020
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey, then reset the password of the user running the PowerShell session to the new static password (requires pressing the bu…
View ykman-yubikey-static-password-reset-example.ps1
# Create an alias for ykman pointing the the install location
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe"
# Provide an opportunity to insert the yubikey before continuing
Read-Host -Prompt "Ensure Yubikey is inserted then press Enter to continue"
# Add a new line for formatting/tidiness
write-host " "
# Run ykman to generate the static password on the Yubikey (in slot 2)
@neil-sabol
neil-sabol / authproxy.cfg
Created Jul 20, 2019
Sample Duo Authentication Proxy Configuration for LDAP and the Forum Systems test LDAP server (https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/)
View authproxy.cfg
[ad_client]
;https://duo.com/docs/authproxy-reference#ad_client
;https://help.duo.com/s/article/2121?language=en_US
;https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
; I am binding on port 389 (no encryption) - #neverinproduction - use 636 (LDAPS) instead
host=ldap.forumsys.com
auth_type=plain
service_account_username=read-only-admin
service_account_password=password
bind_dn=cn=read-only-admin,dc=example,dc=com
@neil-sabol
neil-sabol / Admin-Password-Reset.iss
Last active Dec 31, 2018
InnoSetup installer script to generate a "package" that resets a local account password on Windows (intended for use with SCCM)
View Admin-Password-Reset.iss
[Setup]
; Basic information
AppName = Computer Maintenance
AppVerName = Computer Maintenance 0.0.1
AppPublisher = Neil Sabol
AppVersion = 0.0.1
Compression = lzma
SolidCompression = yes
PrivilegesRequired = admin
; Choose a benign directory to "install" even though we are not really
You can’t perform that action at this time.