neKuehn
neKuehn
/ Audit-CriticalADGroups.ps1
Created
September 9, 2021 02:26
Finds the members of the common Privileged Active Directory groups (adminCount = 1), the members of those groups, and if those accounts suffer from common security concerns.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #//////Functions | |
| FUNCTION Get-AdminGroupMembers($Group, $DomainName){ | |
| $Mems = Get-ADGroupMember -Identity $Group -Server $DomainName -Recursive | |
| Foreach ($mem in $Mems){ | |
| if ($mem.objectClass -eq "user"){ | |
| $adobj = $mem | Get-ADUser -Properties AllowReversiblePasswordEncryption,DoesNotRequirePreAuth,mail,MemberOf,PasswordNotRequired,SamAccountName,ServicePrincipalNames,canonicalName | |
| $act = ($adobj.canonicalName.split("."))[0] + "\" + $adobj.SamAccountName | |
| } elseif ($mem.objectClass -eq "computer"){ |
neKuehn
/ Audit-ADwriters.ps1
Created
September 9, 2021 02:20
Finds all OUs in a Forest and lists groups and users that have some level of privileged access assigned to those OUs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #//////Functions | |
| Function Get-OUacl ($ACLlist){ | |
| $MyOUAclArray = New-Object System.Collections.ArrayList | |
| Foreach ($ACL in $ACLlist){ | |
| $ACLobjectType = if($ACL.ObjectType -eq '00000000-0000-0000-0000-000000000000'){ | |
| "All" | |
| }ELSE{ | |
| $RawGUID = ([guid]$ACL.ObjectType).ToByteArray() | |
| (Get-ADObject -Searchbase (Get-ADRootDSE).schemaNamingContext -Filter {schemaIDGUID -eq $RawGuid}).Name |
neKuehn
/ Clean-DCshadow.ps1
Created
March 29, 2019 17:23
Removes the SPNs created when using the DC Shadow functionality of mimikatz
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| #search for accounts that have the sync SPN that aren't a Domain Controller | |
| $shadowcomps = Get-ADObject -LDAPFilter '(&(ServicePrincipalName=E3514235-4B06-11D1-AB04-00C04FC2DCD2/*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))' -Properties ServicePrincipalName | |
| foreach ($scomp in $shadowcomps){ | |
| $sSpns = $scomp.ServicePrincipalName | where {$_ -like "E3514235-4B06-11D1-AB04-00C04FC2DCD2/*"} | |
| foreach ($sSpn in $sSpns){ |
neKuehn
/ RootChromebookAndroid.sh
Created
February 27, 2019 20:29
#This script was modified from the one created by Nolirium to create the new image file but not include the extra utilities (https://nolirium.blogspot.com/2016/12/android-on-chrome-os-rooting-shell.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #This script was modified from the one created by Nolirium to create the new image file but not include the extra utilities | |
| #https://nolirium.blogspot.com/2016/12/android-on-chrome-os-rooting-shell.html | |
| # Main functions: | |
| check_if_root() { | |
| if [ $(id -u) != 0 ]; then |
neKuehn
/ FindOUpermissions.ps1
Last active
June 28, 2023 16:42
A different PowerShell script that finds permissions assigned to OUs. This one must be run from a windows system joined to the domain to be queried.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| FindOuPermissions is a Windows PowerShell script that finds all of the different OUs in a domain, | |
| determins the permissions assigned to different users and groups, and reports back which are different | |
| from their parent; including what those permissions are. | |
| This script does require that the device be joined to the domain being queried and RSAT is installed. | |
| Author: Eric Kuehn |
neKuehn
/ Invoke-FindOUpermissions.ps1
Last active
February 18, 2024 09:45
PowerShell Script to be used to find permissions assigned to Active Directory OUs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $MysIDArray = New-Object System.Collections.ArrayList | |
| FUNCTION Invoke-FindOuPermissions{ | |
| <# | |
| .SYNOPSIS | |
| Invoke-FindOuPermissions is a Windows PowerShell script that finds all of the different OUs in a domain, determins the permissions assigned to different users and groups, and reports back which are different from their parent; including what those permissions are.This script does require the Active Directory Modules. | |
| Author: Eric Kuehn | |
| .DESCRIPTION | |
| This script is designed to help during the Mapping phase of a penetration test. It does require a valid set of credentials from the Active Directory Domain being searched. Once it connects, it goes through the following process: |