Scot Gabriel scotgabriel

## Windows command line gui access.md

      
              1 file
            
          
              16 forks
            
          
              1 comment
            
          
              64 stars
            
          
                scotgabriel
                / Windows command line gui access.md
            
            
              Last active
              November 11, 2023 14:53
            
              
                Common windows functions via rundll user32 and control panel
              
          
    Rundll32 commands

OS: Windows 10/8/7

Add/Remove Programs


RunDll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,0

Content Advisor


RunDll32.exe msrating.dll,RatingSetupUI

Control Panel


## MarkDownCheatSheet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                scotgabriel
                / MarkDownCheatSheet.md
            
            
              Last active
              April 12, 2018 16:16
            
              
                My Mark Down Cheat SHeet
              
          
    Use the official GitHub Markdown article

  
## Windows-Access-Special-Folders-From-Shell.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              1 star
            
          
                scotgabriel
                / Windows-Access-Special-Folders-From-Shell.md
            
            
              Last active
              September 15, 2023 00:27
            
              
                How to access Windows Special Folders using Shell Commands
              
          
    Since Windows Vista, the list of available shell shortcuts can be found here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\


Command
Win 10
Win 8
Win 7
Vista
XP


shell:AccountPictures
x
x
-
-
-


shell:Roaming Tiles
x
x
-
-
-


shell:Common Programs
x
x
x
x
x


## Powershell-Exchange.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                scotgabriel
                / Powershell-Exchange.md
            
            
              Last active
              April 4, 2021 15:35
            
              
                Powershell commands to interact with Microsoft Exchange
              
          
    Powershell Commands to Interact with Microsoft Exchange

Connect, via Powershell, to Exchange Server remotely

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://server.domain.dom/PowerShell/ -Authentication Kerberos
import-pssession $session

Add Exchange Module

must already have Exchange Management Console installed


## FailedLogons.ps1
# Powershell to get last 2 collected entries from Forwarded Events log having ID of 4625 (failed logon)
get-winevent -filterhashtable @{logname = 'ForwardedEvents'; id = 4625} -maxevents 2 | format-table -wrap -autosize

## commandToPrepEventLogForwarding.ps1
### Run on SOURCE computers
# from elevated command prompt
winrm quickconfig
# Collecting from DC(s)? Then you won't be able to modify local policy or local admin group, do this instead on each SOURCE
wevtutil sl security /ca:O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;s-1-5-20)


### Run on COLLECTOR computer
#from elevated command prompt
wecutil qc

## check-modified-date-less-than.ps1
$folderToCheck = "E:\data\backups"
if ((Get-ChildItem -Path $folderToCheck | ? {$_.LastWriteTime -gt (Get-Date).AddDays(-1)}.Count -lt 1) {
  write-host "Bad Juju"
} else {write-host "G2g"}

## Windows-Compromised-System-EventLog-checks.ps1
# github username: gabe31415
# events compiled from: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
# NOTES:
# get-winevent has an UNDOCUMENTED id list max of '23' events, therefore i chose to just loop through
#     one event at a time


# Get OS version
$wmiOS = Get-WmiObject -Class Win32_OperatingSystem

## firefox-install.ps1
# Silently Install Firefox

# Path for the workdir
$workdir = "c:\installer\"

# Check if work directory exists if not create it

If (Test-Path -Path $workdir -PathType Container)
{ Write-Host "$workdir already exists" -ForegroundColor Red}
ELSE

## plex-movie-list-export.sh
#!/usr/bin/env bash

/usr/bin/sqlite3 /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Plug-in\ Support/Databases/com.plexapp.plugins.library.db 'SELECT title,added_at from metadata_items WHERE metadata_type=1 ORDER BY title ASC;' >> /path/to/save/to/plex-ordered-by-movie-name.txt
/usr/bin/sqlite3 /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Plug-in\ Support/Databases/com.plexapp.plugins.library.db 'SELECT title,added_at from metadata_items WHERE metadata_type=1 ORDER BY added_at DESC;' >> /path/to/save/to/plex-ordered-by-added-date.txt
Command	Win 10	Win 8	Win 7	Vista	XP
shell:AccountPictures	x	x	-	-	-
shell:Roaming Tiles	x	x	-	-	-
shell:Common Programs	x	x	x	x	x
	# Powershell to get last 2 collected entries from Forwarded Events log having ID of 4625 (failed logon)
	get-winevent -filterhashtable @{logname = 'ForwardedEvents'; id = 4625} -maxevents 2 \| format-table -wrap -autosize
	### Run on SOURCE computers
	# from elevated command prompt
	winrm quickconfig
	# Collecting from DC(s)? Then you won't be able to modify local policy or local admin group, do this instead on each SOURCE
	wevtutil sl security /ca:O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;s-1-5-20)


	### Run on COLLECTOR computer
	#from elevated command prompt
	wecutil qc
	$folderToCheck = "E:\data\backups"
	if ((Get-ChildItem -Path $folderToCheck \| ? {$_.LastWriteTime -gt (Get-Date).AddDays(-1)}.Count -lt 1) {
	write-host "Bad Juju"
	} else {write-host "G2g"}
	# github username: gabe31415
	# events compiled from: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
	# NOTES:
	# get-winevent has an UNDOCUMENTED id list max of '23' events, therefore i chose to just loop through
	# one event at a time



	# Get OS version
	$wmiOS = Get-WmiObject -Class Win32_OperatingSystem
	# Silently Install Firefox

	# Path for the workdir
	$workdir = "c:\installer\"

	# Check if work directory exists if not create it

	If (Test-Path -Path $workdir -PathType Container)
	{ Write-Host "$workdir already exists" -ForegroundColor Red}
	ELSE
	#!/usr/bin/env bash

	/usr/bin/sqlite3 /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Plug-in\ Support/Databases/com.plexapp.plugins.library.db 'SELECT title,added_at from metadata_items WHERE metadata_type=1 ORDER BY title ASC;' >> /path/to/save/to/plex-ordered-by-movie-name.txt
	/usr/bin/sqlite3 /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Plug-in\ Support/Databases/com.plexapp.plugins.library.db 'SELECT title,added_at from metadata_items WHERE metadata_type=1 ORDER BY added_at DESC;' >> /path/to/save/to/plex-ordered-by-added-date.txt