Here is the general workflow over a PSRemoting session over SSH, for example spawned with Invoke-Command -HostName foo { 'test' }:
sequenceDiagram
box Client Machine
actor C as Pwsh Client
participant S1 as ssh client
end
Jordan Borean jborean93
jborean93
/ PSRemoting-over-ssh.md
Created
December 12, 2024 00:53
Breakdown over what happens with PSRemoting over SSH
jborean93
/ PwshPipeServer.cs
Created
December 10, 2024 06:25
Code to run a PowerShell named pipe server as a Task
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Management.Automation.Remoting; | |
| using System.Reflection; | |
| using System.Threading; | |
| using System.Threading.Tasks; | |
| #nullable enable | |
| /* | |
| This code uses internal APIs of the PowerShell remoting system to create the |
jborean93
/ AuthenticodeEncoding.Tests.ps1
Last active
December 6, 2024 06:23
Pester tests for checking out how the PowerShell Authenticode SIP determines the file encoding for the signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| #Requires -Version 7.4 | |
| using namespace System.IO | |
| using namespace System.Formats.Asn1 | |
| using namespace System.Globalization | |
| using namespace System.Security.Cryptography | |
| using namespace System.Security.Cryptography.Pkcs | |
| using namespace System.Security.Cryptography.X509Certificates | |
| using namespace System.Text |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| This must be run in Windows PowerShell (5.1). This will not work in PowerShell 7.x | |
| as Add-Type cannot generate an output executable. | |
| #> | |
| Add-Type -OutputType ConsoleApplication -OutputAssembly kill.exe -TypeDefinition @' | |
| using System; | |
| using System.ComponentModel; | |
| using System.Runtime.InteropServices; |
jborean93
/ Appx-Server2025.ps1
Created
November 10, 2024 21:40
Fix Appx in PSRemoting for Server 2025
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Server 2025 fails to run Get-AppxPackage and other DISM module commands in | |
| # a PSRemoting (psrp) session as it has a dependency on some dll's not present | |
| # in the GAC and only in the powershell.exe directory. As PSRP runs through | |
| # wsmprovhost.exe, it fails to find those dlls. This hack will manually load | |
| # the 4 required dlls into the GAC. This is a hack and should be removed in the | |
| # future if MS fix their bug on 2025. | |
| Add-Type -AssemblyName "System.EnterpriseServices" | |
| $publish = [System.EnterpriseServices.Internal.Publish]::new() |
jborean93
/ Get-ValidatedScriptBlock.ps1
Last active
December 4, 2024 15:39
WDAC Investigations for Ansible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-ValidatedScriptBlock { | |
| [OutputType([ScriptBlock])] | |
| param ( | |
| [Parameter(Mandatory)] | |
| [string] | |
| $Name, | |
| [Parameter(Mandatory)] | |
| [string] | |
| $ScriptAsBase64 |
jborean93
/ New-ScheduledTaskSession.ps1
Last active
January 11, 2025 21:05
Creates a PSSession that targets a scheduled task process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2024, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function New-ScheduledTaskSession { | |
| <# | |
| .SYNOPSIS | |
| Creates a PSSession for a process running as a scheduled task. | |
| .DESCRIPTION | |
| Creates a PSSession that can be used to run code inside a scheduled task |
jborean93
/ Invoke-AsScheduledJob.ps1
Created
August 23, 2024 04:39
Invokes a PowerShell script as a scheduled task changing the logon type to a BATCH logon.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2024, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Invoke-AsScheduledJob { | |
| <# | |
| .SYNOPSIS | |
| Runs a scriptblock as a scheduled job. | |
| .DESCRIPTION | |
| This is a helper function to run PowerShell code as a scheduled task. |
jborean93
/ smb_list_shares.py
Last active
August 9, 2024 11:09
List SMB shares using smbprotocol library
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # /// script | |
| # dependencies = [ | |
| # "bcrypt", | |
| # "cryptography >= 43.0.0", | |
| # "pyyaml", | |
| # ] | |
| # /// |
NewerOlder