Skip to content

Instantly share code, notes, and snippets.

View jborean93's full-sized avatar

Jordan Borean jborean93

530 followers · 2 following
View GitHub Profile
@jborean93
jborean93 / NoGui.ps1
Last active July 1, 2025 13:58
Generates an exe called NoGui.exe that can spawn a hidden windows
<#
NOTE: Must be run in Windows PowerShell (5.1), PowerShell (7+) cannot create standalone exes.
This is designed to create a simple exe that can be used to spawn any console
application with a hidden Window. As NoGui.exe is a GUI executable it won't
spawn with an associated console window and can be used to then create a new
process with a hidden console window with the arguments it was created with.
By default, NoGui will spawn the child process with same stdio handles as
@jborean93
jborean93 / New-S4UAccessToken.ps1
Last active August 27, 2024 14:01
Generates a Win32 Access Token using S4U (no password required)
# Copyright: (c) 2023, Jordan Borean (@jborean93) <[email protected]>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
#Requires -Module Ctypes
Function New-S4UAccessToken {
<#
.SYNOPSIS
Generates an S4U access token.
@jborean93
jborean93 / New-Uuid5.ps1
Created September 11, 2023 03:28
Generate UUIDv5 values in PowerShell
# Copyright: (c) 2023, Jordan Borean (@jborean93) <[email protected]>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
class EncodingTransformAttribute : System.Management.Automation.ArgumentTransformationAttribute {
[object] Transform([System.Management.Automation.EngineIntrinsics]$engineIntrinsics, [object]$InputData) {
$result = switch ($InputData) {
{ $_ -is [System.Text.Encoding] } { $_ }
{ $_ -is [string] } {
switch ($_) {
@jborean93
jborean93 / linux_print_argv.c
Last active October 30, 2023 22:25
Code that can be used to generate an executable that can print how it receives arguments
#include<stdio.h>
// gcc print_argv.c -o print_argv
int main(int argc, char *argv[])
{
int i;
for(i = 1;i < argc;i++)
{
printf("[%d] %s\n", i, argv[i]);
@jborean93
jborean93 / TightVNC Password.ps1
Created August 15, 2023 11:44
Code that can encrypt or decrypt TightVNC server passwords
Function ConvertTo-EncryptedVNCPassword {
[OutputType([byte[]])]
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[SecureString]
$Password
)
# This is hardcoded in VNC applications like TightVNC.
@jborean93
jborean93 / 1 - KB2267602 Info.md
Last active August 15, 2023 01:25
Windows Update API (WUA) KB2267602

This is to document some issues with trying to install KB2267602 on Windows Server 2016 using the Windows Updates API (WUA). The ansible.windows.win_updates.log shows the installation of KB2267602 and it's first failure when installed by the Ansible module, the manual MpCmdRun.exe workaround on this failure, then subsequent update runs that show the update no longer being required. The MpSigStub.log file shows the contents of that log file for the first failed install using WUA and then the subsequent working entries when using MpCmdRun.exe.

The update KB is the security intelligence updates for Microsoft Defender Antivirus and can be updated many times in one day. From what I can see it typically installs just fine but there is a chance where Windows Updates pulls down a new version before it is ready to be installed. For example the logs during a failed run indicates that the following update tried to be installed and resulted in the following error:

4ee7ce61-491b-4e2d-bfd9-a9decbb3ae1a:
@jborean93
jborean93 / AsyncPSCmdlet.cs
Last active May 29, 2024 07:38
Async PSCmdlet base class
using System;
using System.Collections.Concurrent;
using System.Management.Automation;
using System.Threading;
using System.Threading.Tasks;
public abstract class AsyncPSCmdlet : PSCmdlet, IDisposable
{
private enum PipelineType
{
@jborean93
jborean93 / Get-SqlServerTlsCertificate.ps1
Last active May 20, 2024 19:27
Gets the certificate used by a MS SQL Server
# Copyright: (c) 2023, Jordan Borean (@jborean93) <[email protected]>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function Get-SqlServerTlsCertificate {
<#
.SYNOPSIS
Gets the MS SQL X509 Certificate.
.DESCRIPTION
Gets the X509 Certificate that is being used by a remote MS SQL Server.
@jborean93
jborean93 / Get-FileSDDL.ps1
Last active April 11, 2023 03:22
Get the file SDDL string
#Requires -Module Ctypes
#Requires -Module PSPrivilege
Function Get-FileSDDL {
[CmdletBinding()]
param ($Path)
$a32 = New-CtypesLib Advapi32.dll
$allSecurityInformation = 0xF00000FF
@jborean93
jborean93 / Get-GMSAToken.ps1
Last active December 5, 2023 10:24
Gets the gMSA AccessToken (PowerShell 7.3+)
#Requires -Module Ctypes
$advapi32 = New-CtypesLib Advapi32.dll
$kernel32 = New-CtypesLib Kernel32.dll
$advapi32.Returns([bool]).ImpersonateLoggedOnUser = @([IntPtr])
$advapi32.Returns([bool]).RevertToSelf = @()
$kernel32.Returns([void]).CloseHandle = @([IntPtr])
# This is a quick and dirty way to impersonate SYSTEM