technion’s gists

technion / phishget.rb

Last active August 3, 2022 09:11

See https://lolware.net/2019/05/12/abusing-safebrowse.html for information

	#!/usr/bin/env ruby
	require 'httparty'

	FILELIST = [
	'/dropbox.zip',
	'/robots.txt', # Not from the original list - this serves as a sanity check as it usually exists
	'/css/business-frontpage.css',
	'/newphase.zip',
	'/Doc.zip',
	'/wp-content.zip',

technion / otxhashget.ps1

Created July 26, 2019 06:24

Alien Vault OTX file hash IOC download Powershell

	# Script to create current IOC hash file from Alien Vault Open Threat Exchange
	$apikey = "KEY"
	$feedurl = "https://otx.alienvault.com/api/v1/pulses/subscribed/?limit=10&page=1"

	Start-Transcript -Path E:\custom-hash-iocs.txt

	function fetchOTX($url) {
	$indicators = Invoke-RestMethod -Uri $url -Headers @{"X-OTX-API-KEY"="$apikey"}
	foreach($ioc in $indicators.results.indicators) {
	if ($ioc.type -like "FileHash-*") {

technion / dlimportexport.ps1

Created January 14, 2020 00:36

	# Export
	$allGroups = Get-DistributionGroup \| select Name, primarysmtpaddress

	$exportlist = @()

	foreach($group in $allGroups) {
	$obj = New-Object -TypeName psobject
	$obj \| Add-Member -MemberType NoteProperty -Name Name -Value $group.Name
	$obj \| Add-Member -MemberType NoteProperty -Name Email -Value $group.PrimarySMTPAddress

technion / Check-CVE-2020-0688.ps1

Created April 7, 2020 07:00

Scan Exchange server for CVE-2020-0688 vulnerability

	Set-Strictmode -Version 2
	$path = Get-WebApplication ecp
	$ecppath = $path \| where { $_.PhysicalPath -match 'Client' }
	$found = Select-String validationKey -Path "$($ecppath.PhysicalPath)\web.config"
	if ($found) {
	Write-host "Server is vulnerable" -ForegroundColor Yellow
	} else {
	write-host "Server is not vulnerable"
	}

technion / AzureGroups.ps1

Created April 30, 2020 05:47

Adds all AzureAD users with a certain license to a group

	$skus = Get-AzureADSubscribedSku

	# Exchange Online E1
	$skue1 = ( $skus \| where { $_.skupartnumber -eq 'EXCHANGESTANDARD' } ).SkuID

	$members = Get-AzureADUser -All $true

	foreach($member in $members) {
	if ($member.ImmutableId -eq $null) {
	# Cloud user - skip

technion / User duplicate provisioning.ps1

Last active June 29, 2020 05:00

	Set-StrictMode -Version 2
	Add-Type -AssemblyName 'System.Web'

	$adusers = Get-ADGroupMember "Team"

	foreach ($user in $adusers) {
	$newname = "$($user.Samaccountname).delegate"
	$password = [System.Web.Security.Membership]::GeneratePassword(12, 0)
	$secPw = ConvertTo-SecureString -String $password -AsPlainText -Force

technion / Hyper-V VM Use Report.ps1

Created July 14, 2020 03:43

Report on whole VM cluster in csv format

	$nodelist = Get-Clusternode -Cluster cls

	$vmdata = @()
	foreach ($node in $nodelist) {


	$vmList = Get-VM -ComputerName $node.Name \| where { $_.name -notlike '*_replica' }

	foreach ($vm in $vmList) {
	$UtilSummaryObj = New-Object System.Object

technion / phishing.js

Last active August 12, 2020 03:46

blog of phishing code

	'use strict';
	/** @type {!Array} */
	var _0xd60a = ["call", "unknown BTYPE: ", "innerHTML", "lazy", "invalid code length: ", "subarray", "createElement", "invalid compression type", "decompress", "input buffer is broken", "POSITIVE_INFINITY", "index", "verify", "charCodeAt", "bufferSize", "invalid uncompressed block header: LEN", "var ", "compile", "fromCodePoint", "finish", "bufferType", "shift", "compressionType", "input", "Zlib.Inflate.prototype.decompress", "invalid inflate mode", "slice", "NONE", "appendChild", "length", "string",
	"Zlib.Inflate", "textContent", "prototype", "Zlib.Deflate.compress", "resize", "number", "invalid index", "documentElement", "buffer", "undefined", "trim", "unsupported compression type", "keys", "constructor", "Inflate", "unsupported compression method", "a9ae92d3-ee4f-4bc1-a8c5-7cff21373a99", "split", 'return /" + this + "/', "invalid adler-32 checksum", "getParent", "close", "invalid length: ", "push", "fromCharCode", "invalid code: ", "Zlib.Deflate.CompressionType", "write"

technion / Scan-Netlogon-Secure.ps1

Last active August 16, 2020 23:30

Search domain controllers for events relating to Netlogon vulnerability

	# More information: https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
	Set-StrictMode -Version 2

	# Fetch all Domain Controllers. Use this pattern to fetch from all sites.
	$addomain = Get-ADDomain
	$controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)"

	foreach ($dc in $controllers) {
	# Errors are ignored so as not to throw an exception if there are no such logs found
	Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore

technion / tank.wa

Created November 12, 2020 07:04

Warlock tanking weak aura

!WA:2!1zvZUTTrq4YOwKc1IcB3a30FqbtBtacqRQLsIDQrqqfTLtuJSTcLSDcGrLwYDL42qUC7UlTLuVjKd5SEe0HCOON0JGFcim6tGrFc8lq7SKuYQUUxKwoC2DN5B(MVHgBTuWs4LWVX3jsseT6Bmjiet8Rk3JrvELqCQNO3UD6ijkJjyQK7J63K0tDnr)PwrmxVqr9qkt5SrLDAwXEItOateBe6hk(PC5Yvp3kfEWejkGO3AKG0UuKW)AN7GCFvxryedN6AIFx6NZFfHWll5exLnsrd9gNeGT4iLh)wGDFF53JeUigHhEmKcsfsrA56rKQcbLSWePl)PLzm4ACjsZgEiC4XorcMPGiPsL0KYmD9qktCKGY6AQ8iMnpgmwjGteHcPjH5c7wrefgkcv6OGzy1jKP4lSLGoW85riSaPqMnB64kc5T6x)DxPW9lEUknDpqG4BdrT9g1kVD9HsYVgbhjjhFXoHcskcKHm8vRQVOoixYHLX4qM8WdiOxvosGKhwxNGjl3MGPOdtTQ)9ENktYRxKwuYXxakNLX)sKurWe82uM3y4MGaVzFoXI6gYsl0aC1ks(8rAlvz66j)gUHH(WzX0H0MujYXNG9gj9rmLolCQUtJQBwzmSdmvJfY8ISen(ZMekOewkgnC)k2nRUr5ANKYhsJTpWcfPGYOk09iIqc(9(F7DNsTQch6nV2h)3wdcddmUief9(RfkfrXtw5(LTxBn7JSDWdDdd4qnu6LX3sI)pX(ykw5vK)5ZXwBb4Cas1INTWwrdiqjZnj8x1g4mc1(Ia4WqDj87E7Ifsyw7auwZh)y7eIcb)Ohz(DMLFYtS31SAdZgpTAtUz2EMEdflaeoLEFzwSyHmYjt9sbOFPgLFj)w)N9n7cZmfV(yCyRm3ABrH(X8oDG)KE5h3H2JGpqNOV(dVaLudm4lCrtvkE)EWALpLb4)EnRvDNk8BaHickxqFI1mN9olfe1wWahMVGLpDWaKaB2e4dkkFKK43jTn3A3Mn3DBB3Pn4gos

Joshua Small technion