Rath NiceRath
NiceRath
/ windows-rds-temp-user-fw-rule-cleanup.ps1
Last active
October 5, 2024 10:09
Windows RDS - Script to gracefully reboot the server (notify users)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Task Scheduler | |
| # General | |
| # Use local service-user of SYSTEM | |
| # Enable 'Run whether user is logged in or not' | |
| # Enable 'Do not store password' | |
| # Enable 'Run with highest privileges' | |
| # | |
| # Action | |
| # Program: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | |
| # Arguments: -File C:\scripts\GracefulReboot.ps1 |
NiceRath
/ windows-rds-temp-user-fw-rule-cleanup.ps1
Last active
October 5, 2024 10:06
Windows RDS - Script to scheduled remove temporary user-firewall-rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Task Scheduler | |
| # General | |
| # Select user SYSTEM (admin user will not work correctly) | |
| # Enable 'Run with highest privileges' | |
| # | |
| # Action | |
| # Program: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | |
| # Arguments: -File C:\scripts\RemoveUserFWRules.ps1 | |
| # NOTE: to get the rule-names you need to execute 'Get-NetFirewallRule' as SYSTEM-USER - some rules have other display-names in that context.. |
NiceRath
/ windows-rds-temp-profile-cleanup.ps1
Last active
October 5, 2024 10:05
Windows RDS - Script to scheduled clean-up temporary user profiles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Task Scheduler | |
| # General | |
| # Use local service-user of SYSTEM | |
| # Enable 'Run whether user is logged in or not' | |
| # Enable 'Do not store password' | |
| # Enable 'Run with highest privileges' | |
| # | |
| # Action | |
| # Program: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | |
| # Arguments: -File C:\scripts\rds\RemoveTmpProfiles.ps1 |
NiceRath
/ ssl-validate.sh
Last active
October 14, 2024 20:26
Script to validate certificate of service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$1" ] | |
| then | |
| echo 'Provide the target hostname!' | |
| exit 1 | |
| fi | |
| TARGET="$1" |
NiceRath
/ ssl-ocsp-check.sh
Created
September 30, 2024 15:33
Script to check if website has OCSP enabled or issues with it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$1" ] | |
| then | |
| echo 'Provide a hostname of a website to check!' | |
| exit 1 | |
| fi | |
| if [ -z "$2" ] | |
| then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from sys import argv as sys_argv | |
| from socket import socket, AF_INET, AF_INET6, SOCK_STREAM | |
| if len(sys_argv) < 3: | |
| raise ValueError(""" | |
| You need to provide two arguments: | |
| 1 > Target IP | |
| 2 > Target port (only TCP) |
NiceRath
/ ansible-decrypt-vault-pipe-to-parent-process.sh
Last active
August 27, 2024 13:48
Ansible - Decrypt Vault and Pipe output to parent process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this can be useful in CI environments if you need to process config or secrets and pipe them to the parent process in a secure manner | |
| # example file: secrets.yml | |
| > my_secret1: !vault | | |
| > $ANSIBLE_VAULT;1.1;AES256 | |
| > ... | |
| > service_xyz: !vault | | |
| > $ANSIBLE_VAULT;1.1;AES256 | |
| > ... |
NiceRath
/ python3-write-to-os-pipe.py
Created
August 27, 2024 12:32
Python3 - Write to OS pipe /dev/fd/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # this can be useful in CI environments if you need to process config or secrets and pipe them to the parent process in a secure manner | |
| import io | |
| import os | |
| from time import sleep | |
| w = io.open(69, 'wb', 0) | |
| w.write(b'MY SECRE3T') |
NiceRath
/ opnsense-backup-rules-to-csv.py
Last active
August 26, 2024 10:06
OPNSense - Backup Rules to CSV
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from csv import DictWriter | |
| import xml.etree.ElementTree as ET | |
| # reads unencrypted OPNSense backup file and extracts its rules in CSV format | |
| FILE_IN = 'firewall.xml' | |
| FILE_OUT = 'firewall.csv' | |
| FIELDS = [ | |
| 'uuid', 'type', 'interface', 'ipprotocol', 'statetype', 'descr', 'direction', 'floating', 'log', 'quick', | |
| 'protocol', 'source', 'destination', 'category', 'disabled', 'gateway', 'icmptype', 'associated-rule-id', |
NiceRath
/ chocolatey_msi_install_startup.ps1
Created
August 12, 2024 13:21
Chocolatey - Install MSI Packages on Windows Startup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTES: | |
| # you need to install chocolatey first: https://community.chocolatey.org/install.ps1 | |
| # source for ChocolateyInstallPackage: https://github.com/chocolatey/choco/blob/master/src/chocolatey.resources/helpers/functions/Install-ChocolateyInstallPackage.ps1 | |
| # source for helper functions: https://github.com/chocolatey/choco/tree/master/src/chocolatey.resources/helpers/functions | |
| # this script need to be copied to your client; it may not work if executed through a network share | |
| # you also need to copy those helper-function (see HELPERS_INCLUDE below) to your clients (see HELPERS_PATH below) | |
| $LOGFILE = 'C:\gpo\logs\choco.log' | |
| $SCRIPT_PATH = 'C:\gpo\scripts\choco' | |
| $HELPERS_PATH = "$SCRIPT_PATH\helpers" |
NewerOlder