I hereby claim:
- I am jborean93 on github.
- I am jborean93 (https://keybase.io/jborean93) on keybase.
- I have a public key ASBK396SPyaXDgm1YsnDbsIuacm8LKPknZa0C4omPUU8SAo
To claim this, I am signing this object:
Jordan Borean jborean93
jborean93
/ keybase.md
Created
February 10, 2018 04:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -Namespace Win32 -Name NativeMethods -MemberDefinition @' | |
| [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] | |
| [return: MarshalAs(UnmanagedType.I1)] | |
| public static extern bool CreateSymbolicLinkW( | |
| string lpSymlinkFileName, | |
| string lpTargetFileName, | |
| UInt32 dwFlags); | |
| [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] | |
| public static extern bool RemoveDirectoryW( |
jborean93
/ shadow-copy-deviceiocontrol.ps1
Created
March 20, 2019 01:44
Use DeviceIoControl to enumerate shadow copies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| This does not work due to the unsupported CTL_CODE used in DeviceIoControl | |
| DeviceIoControl() get buffer size failed - Incorrect function (Win32 ErrorCode 1 - 0x00000001) | |
| At C:\temp\enumerate_snapshots.ps1:145 char:1 | |
| + Get-ShadowCopy -Path "\\localhost\c$" | |
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException | |
| + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ShadowCopy | |
| #> |
jborean93
/ Get-SnapshotPath.psm1
Created
March 20, 2019 08:17
Get all the VSS snapshot paths for the path specified
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2019, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| # To use, copy the .psm1 file locally and run | |
| # Import-Module -Name Get-SnapshotPath.psm1 | |
| # Get-SnapshotPath -Path "\\server\share" | |
| Add-Type -TypeDefinition @' | |
| using Microsoft.Win32.SafeHandles; | |
| using System; |
jborean93
/ Get-ProcessSessionStationAndDesktop.ps1
Last active
May 3, 2019 09:34
Get process session, station, and desktop
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -TypeDefinition @' | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ProcessInfo | |
| { | |
| public class NativeMethods | |
| { | |
| [DllImport("User32.dll", SetLastError = true)] | |
| public static extern bool CloseDesktop( |
jborean93
/ Install-ModuleNupkg.ps1
Last active
July 10, 2025 02:48
Installs a PowerShell module from a Nupkg URI on systems that don't have PowerShellGet installed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2019, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| <# | |
| The cmdlets in this script can be used to install a PowerShell module from a nupkg as well as some logic to get the | |
| nupkg URI from either the PowerShell Gallery or a GitHub release asset. The PowerShell Gallery is the most reliable | |
| function to use as a nupkg is guaranteed to be there and a GitHub release must have explicitly added the nupkg itself. | |
| You can run this by doing: |
jborean93
/ smb_listdir.py
Last active
February 5, 2025 22:39
Gets the contents of an directory exposes by SMB in Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2019, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| import uuid | |
| from smbprotocol.connection import Connection | |
| from smbprotocol.session import Session | |
| from smbprotocol.open import CreateDisposition, CreateOptions, DirectoryAccessMask, FileAttributes, \ | |
| FileInformationClass, ImpersonationLevel, Open, ShareAccess | |
| from smbprotocol.tree import TreeConnect |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Add-WinRMDaclRule { | |
| <# | |
| .SYNOPSIS | |
| Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration. | |
| .DESCRIPTION | |
| Add a Discretionary Acl rule to the root WinRM listener or individual PSSession configuration. | |
| This can be useful if you wish to give access to an individual user or group to either the root WinRM listener or | |
| a specific PSSession configuration that is not an Administrator. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2019, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| import uuid | |
| from contextlib import contextmanager | |
| from io import BytesIO | |
| from smbprotocol.connection import Connection | |
| from smbprotocol.session import Session | |
| from smbprotocol.open import CreateDisposition, FileAttributes, FilePipePrinterAccessMask, ImpersonationLevel, Open, \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $bootstrap_wrapper = { | |
| &chcp.com 65001 > $null | |
| $exec_wrapper_str = $input | Out-String | |
| $split_parts = $exec_wrapper_str.Split(@("`0`0`0`0"), 2, [StringSplitOptions]::RemoveEmptyEntries) | |
| If (-not $split_parts.Length -eq 2) { throw "invalid payload" } | |
| Set-Variable -Name json_raw -Value $split_parts[1] | |
| $exec_wrapper = [ScriptBlock]::Create($split_parts[0]) | |
| &$exec_wrapper | |
| }.ToString() |
OlderNewer