Skip to content

Instantly share code, notes, and snippets.

View neil-sabol's full-sized avatar

Neil Sabol neil-sabol

4 followers · 1 following
  • New Mexico, USA
View GitHub Profile
@neil-sabol
neil-sabol / ykman-yubikey-generate-static-password.ps1
Created August 29, 2020 14:34
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey.
# Create an alias for ykman pointing to the install location
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe"
# Run ykman to generate a random static password in Yubikey's config slot 2
ykman otp static 2 --generate --length 16 --force --keyboard-layout US
@neil-sabol
neil-sabol / ykman-yubikey-create-oath-totp-credential-example.ps1
Last active January 31, 2021 13:17
See https://blog.neilsabol.site/post/yubikey-manager-ykman-powershell-cli-duo-mfa-oath-totp-token/ . This snippet uses the ykman command to generate an OATH-TOTP credential on the Yubikey which can be used with services that require you to supply your own TOTP secret.
# Create an alias for ykman pointing the install location
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe"
# Get the Yubikey's serial number with ykman
# Not required but will be used to import into Duo later (to test)
$serialNumber = ykman info | where { $_ -like "Serial number:*" } |
%{ $_ -replace "Serial number: ",""}
# Generate a random 40 character hex secret
# See https://codegolf.stackexchange.com/questions/58442/generate-random-uuid - thanks Forty3
@neil-sabol
neil-sabol / totp-test.ps1
Last active April 30, 2020 23:09
See https://blog.neilsabol.site/post/effect-of-clock-skew-on-oath-totp-passcodes/. This snippet generates and compares OATH-TOTP passcodes with varying degrees of clock skew (resets the computer's time) and dumps the results to CSV.
############################################################################################################
# NOTE: This must be run as administrator since w32tm and time are used to manipulate the computer's time. #
############################################################################################################
# Import ecspresso's TOTPPowerShellModule (based on jonfriesen's TOTP Client for PowerShell).
# Assumes the module is downloaded to C:\Temp\TOTP.
# https://github.com/ecspresso/TOTPPowerShellModule
# https://gist.github.com/jonfriesen/234c7471c3e3199f97d5
Import-Module C:\Temp\TOTP\totp.psd1
@neil-sabol
neil-sabol / authproxy.cfg
Created July 20, 2019 22:26
Sample Duo Authentication Proxy Configuration for LDAP and the Forum Systems test LDAP server (https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/)
[ad_client]
;https://duo.com/docs/authproxy-reference#ad_client
;https://help.duo.com/s/article/2121?language=en_US
;https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
; I am binding on port 389 (no encryption) - #neverinproduction - use 636 (LDAPS) instead
host=ldap.forumsys.com
auth_type=plain
service_account_username=read-only-admin
service_account_password=password
bind_dn=cn=read-only-admin,dc=example,dc=com
@neil-sabol
neil-sabol / Admin-Password-Reset.iss
Last active December 31, 2018 23:19
InnoSetup installer script to generate a "package" that resets a local account password on Windows (intended for use with SCCM)
[Setup]
; Basic information
AppName = Computer Maintenance
AppVerName = Computer Maintenance 0.0.1
AppPublisher = Neil Sabol
AppVersion = 0.0.1
Compression = lzma
SolidCompression = yes
PrivilegesRequired = admin
; Choose a benign directory to "install" even though we are not really