Jordan Borean jborean93
jborean93
/ tls-keylogger.ps1
Last active
February 11, 2025 23:09
Logs Wireshark compatible TLS keys like the SSLKEYLOGFILE env var
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Module PSDetour | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory)] | |
| [string] | |
| $LogPath | |
| ) | |
| $LogPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($LogPath) |
jborean93
/ Get-SMBApplicationKey.ps1
Last active
October 12, 2022 19:44
Gets the SMB2 Application Key from a Logon Session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| <# Example Code to Run on the Server | |
| $pipeServer = [System.IO.Pipes.NamedPipeServerStream]::new("jordan-test", [System.IO.Pipes.PipeDirection]::InOut) | |
| $pipeServer.WaitForConnection() | |
| try { | |
| $tokenStat = Get-NamedPipeClientStatistics -Pipe $pipeServer | |
| $appKey = Get-SMBApplicationKey -LogonId $tokenStat.AuthenticationId | |
| [System.Convert]::ToBase64String($appKey.Applicationkey) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Get-LogonSessionData { | |
| <# | |
| .SYNOPSIS | |
| Get LSA logon session data. | |
| .DESCRIPTION | |
| Get the logon session information for all or a specific logon session or specific process logon sessions. |
jborean93
/ Get-WTSSessionInfo.ps1
Last active
March 26, 2024 14:49
Tries to replicate qwinsta but return structured objects
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Get-WTSSessionInfo { | |
| <# | |
| .SYNOPSIS | |
| Enumerates sessions on a Windows host. | |
| .DESCRIPTION | |
| Enumerates all the sessions available on a Windows host through the WTSEnumerateSessionsExW API. |
jborean93
/ Trace-TlsHandshake.ps1
Last active
December 7, 2023 14:49
Debug TLS Handshakes using .NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Trace-TlsHandshake { | |
| <# | |
| .SYNOPSIS | |
| TLS Handshake Diagnostics. | |
| .DESCRIPTION | |
| Performs a TLS handshake and returns diagnostic information about that |
jborean93
/ HttpSslCert.ps1
Created
April 1, 2022 01:35
Create pwsh wrapper for netsh.exe http add|delete|show sslcert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Flags()] enum CertCheckMode { | |
| VerifyClientCertRevocation = 0x00000000 | |
| VerifyRevocationUsingCacheOnly = 0x00000002 | |
| DefaultRevocationFreshnessTimeIsEnabled = 0x00000004 | |
| NoUsageCheck = 0x00010000 | |
| } | |
| [Flags()] enum SslFlags { | |
| None = 0x00000000 | |
| UseDsMapper = 0x00000001 |
jborean93
/ win_powershell_ssh.ps1
Last active
January 8, 2025 10:50
Windows PowerShell SSH Remoting Stub
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Windows PowerShell SSH Server Subsystem Shim. | |
| .DESCRIPTION | |
| Used as a basic wrapper for Windows PowerShell that allows it to be used as a target for SSH based remoting sessions. | |
| This allows a PowerShell client to target a Windows host through SSH without having PowerShell 7 installed. | |
| .NOTES | |
| This is experimental and used as a POC. |
jborean93
/ PSClassSplat.ps1
Last active
December 5, 2023 10:25
Example on how to use a class as a PowerShell splat value
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class SplatClass : System.Collections.IEnumerable { | |
| SplatClass() {} | |
| [System.Collections.IEnumerator] GetEnumerator() { | |
| # This can be any hashtable stored or derived from the class. This is | |
| # just an example | |
| $params = @{ | |
| Path = '/tmp' | |
| } | |
jborean93
/ KDCProxy.ps1
Last active
November 13, 2024 01:59
Functions to help set up a KDC proxy server and add client proxy servers - https://syfuhs.net/kdc-proxy-for-remote-access
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Install-KDCProxyServer { | |
| <# | |
| .SYNOPSIS | |
| Set up a KDC Proxy server. | |
| .DESCRIPTION | |
| Sets up the KDC proxy server on the current host. |
jborean93
/ NetServiceAccount.ps1
Created
February 2, 2022 00:44
APIS that wrap the LMAccess Net*ServiceAccount APIS for Managed Service Accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -Namespace LmAccess -Name Native -MemberDefinition @' | |
| [DllImport("Netapi32.dll", CharSet = CharSet.Unicode, EntryPoint = "NetAddServiceAccount")] | |
| private static extern int NativeNetAddServiceAccount( | |
| IntPtr ServerName, | |
| string AccountName, | |
| IntPtr Password, | |
| AddServiceFlags Flags); | |
| /// <summary>Add a sMSA or gMSA to the current host.</summary> | |
| /// <param name="accountName">The name of the MSA to install.</param> |