Neil Sabol neil-sabol
neil-sabol
/ onetimesecret-api-random-credential-link-example.ps1
Created
April 5, 2020 00:27
See https://blog.neilsabol.site/post/onetimesecret-api-powershell-cli-basic-example-one-time-secret/ . This snippet uses Invoke-RestMethod and the OneTimeSecret API to generate a random password then output the password and secret link to retrieve it.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Your OneTimeSecret Username and API key from https://onetimesecret.com/account#apikey-tab | |
| $apiUsername = "username@example.com" | |
| $apiPassword = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | |
| # Invoke-RestMethod is a little "tempermental" with Basic Authentication - the "-Credential" parameter specifically | |
| # See https://stackoverflow.com/questions/24672760/powershells-invoke-restmethod-equivalent-of-curl-u-basic-authentication - thanks Borek Bernard | |
| $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $apiUsername,$apiPassword))) | |
| # Specify parameters for random password generation - in this case, a Time to Live in seconds (7 days) | |
| $Body = @{ |
neil-sabol
/ ykman-yubikey-create-oath-totp-credential-example.ps1
Last active
January 31, 2021 13:17
See https://blog.neilsabol.site/post/yubikey-manager-ykman-powershell-cli-duo-mfa-oath-totp-token/ . This snippet uses the ykman command to generate an OATH-TOTP credential on the Yubikey which can be used with services that require you to supply your own TOTP secret.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an alias for ykman pointing the install location | |
| set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe" | |
| # Get the Yubikey's serial number with ykman | |
| # Not required but will be used to import into Duo later (to test) | |
| $serialNumber = ykman info | where { $_ -like "Serial number:*" } | | |
| %{ $_ -replace "Serial number: ",""} | |
| # Generate a random 40 character hex secret | |
| # See https://codegolf.stackexchange.com/questions/58442/generate-random-uuid - thanks Forty3 |
neil-sabol
/ ykman-yubikey-static-password-reset-example.ps1
Last active
January 31, 2021 13:17
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey, then reset the password of the user running the PowerShell session to the new static password (requires pressing the bu…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an alias for ykman pointing the the install location | |
| set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe" | |
| # Provide an opportunity to insert the yubikey before continuing | |
| Read-Host -Prompt "Ensure Yubikey is inserted then press Enter to continue" | |
| # Add a new line for formatting/tidiness | |
| write-host " " | |
| # Run ykman to generate the static password on the Yubikey (in slot 2) |
neil-sabol
/ authproxy.cfg
Created
July 20, 2019 22:26
Sample Duo Authentication Proxy Configuration for LDAP and the Forum Systems test LDAP server (https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ad_client] | |
| ;https://duo.com/docs/authproxy-reference#ad_client | |
| ;https://help.duo.com/s/article/2121?language=en_US | |
| ;https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ | |
| ; I am binding on port 389 (no encryption) - #neverinproduction - use 636 (LDAPS) instead | |
| host=ldap.forumsys.com | |
| auth_type=plain | |
| service_account_username=read-only-admin | |
| service_account_password=password | |
| bind_dn=cn=read-only-admin,dc=example,dc=com |
neil-sabol
/ Admin-Password-Reset.iss
Last active
December 31, 2018 23:19
InnoSetup installer script to generate a "package" that resets a local account password on Windows (intended for use with SCCM)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Setup] | |
| ; Basic information | |
| AppName = Computer Maintenance | |
| AppVerName = Computer Maintenance 0.0.1 | |
| AppPublisher = Neil Sabol | |
| AppVersion = 0.0.1 | |
| Compression = lzma | |
| SolidCompression = yes | |
| PrivilegesRequired = admin | |
| ; Choose a benign directory to "install" even though we are not really |
NewerOlder