Install multiple .MSU packages

# This snippet installs all .MSU files in a given path

# Notes:
#      -Run this script / ISE as administrator
#      -Update the path for the MSU's prior to execution


# Obtain all .MSU files in a given path
$Dir = (Get-Item -Path "\\FileServer.domain.local\share" -Verbose).FullName
 
 # Loop through each .MSU file
 Foreach($Item in (ls $Dir *.msu -Name))
 {
    # Write the item to the screen so the operator know what is being worked on
    Write-Host "Starting on $Item" -ForegroundColor Magenta
    Write-Host "." 
    Write-Host "."
   
    # Use the Windows Update Standalone Installer (WUSA) to execute
    $item = $Dir + "\" + $Item
    wusa $Item /quiet /norestart | Out-Null
    Write-Host "Completed. Moving on..." -ForegroundColor Green
    Write-Host "."  
    Write-Host "." 
 }

Write-Host "Done with everything. Should probably reboot..." -ForegroundColor Green -BackgroundColor Black
pause
exit

Simple Countdown Timer

[int]$Time = Read-Host "Enter time in minutes"
$Time = $Time * 60
$Length = $Time / 100
For ($Time; $Time -gt 0; $Time--) {
$min = [int](([string]($Time/60)).split('.')[0])
$Text = " " + $min + " minutes " + ($Time % 60) + "seconds left"
Write-Progress -Activity "Waiting for..." -Status $Text -PercentComplete ($Time / $Length)
Start-Sleep 1
}

How to: Kill a VMware VM World

# SSH Into the host

# List all the VMs
esxcli vm process list

# Find the world you want to kill and copy the "VMX Cartel ID" number

# Kill the VM
esxcli vm process kill —type= [soft,hard,force] —world-id= WorldNumber

SolarWinds SUPERNOVA Hack Identification Snippet

If you think you may have been effected by the recent SolarWinds SUPERNOVA hack/malware the following snippet of PowerShell can assist you in identifying infection. It’s a rather simple foreach loop that searches all files for hashes publicly published by SolarWinds & CISA as compromised. If this script returns a known infected file it’s critical to take all remediation steps as soon as possible.

# Purpose: This snippet of PowerShell is designed to identify if the version of SolarWinds you're running is effected by the recent SolarWinds (SUPERNOVA) hack.
#
# How it works: Simple ForEach loop that looks for known infected files via SHA256 file hash related to the SolarWinds hack. 
#
# References: 
#        https://www.solarwinds.com/securityadvisory/faq
#        The SUPERNOVA malware is associated with the [app_web_logoimagehandler.ashx.b6031896.dll] file with a sha256 
#        hash of 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71'
#
# Hashes publicly known to contain the malware:
#     -c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
#
# Author: Brandon Lanczak
# Contact: Brandon@Lanczak.com
#
# Notes: 
#     -If your SolarWinds Orion installation is in a drive other than C:\ make sure you adjust the foreach statement accordingly.
#     -Run as an administrator to ensure it can access all files.
#
# Revision: v1.0 | 01-04-2021 @ 10:51 CST
#
# Execution:
[String] $HashToFind = 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71'

Foreach ($file in Get-ChildItem C:\ -file -Recurse)
{
    If ((Get-FileHash $file.Fullname -Algorithm SHA256).hash -eq $HashToFind)
    {
        Write-Host "SUPERNOVA Infected file found: $($File.Fullname) with hash $Hash"
        }
}
 
pause

SolarWinds SUNBURST Hack Identification Snippet

If you think you may have been effected by the recent SolarWinds hack/malware the following snippet of PowerShell can assist you in identifying infection. It’s a rather simple foreach loop that searches all files for hashes publicly published by SolarWinds & CISA as compromised. If this script returns a known infected file it’s critical to take all remediation steps as soon as possible.

Raw Code:

# Purpose: This snippet of PowerShell is designed to identify if the version of SolarWinds you're running is effected by the recent SolarWinds hack.
#
# How it works: Simple ForEach loop that looks for known infected files via SHA256 file hash related to the SolarWinds hack. 
#
# References: 
#        https://www.solarwinds.com/securityadvisory/faq
#        https://us-cert.cisa.gov/ncas/alerts/aa20-352a
#
# Hashes publicly known to contain the malware:
#     -a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
#     -9bee4af53a8cdd7ecabe5d0c77b6011abe887ac516a5a22ad51a058830403690
#     -bb86f66d11592e3312cd03423b754f7337aeebba9204f54b745ed3821de6252d
#     -ae6694fd12679891d95b427444466f186bcdcc79bc0627b590e0cb40de1928ad
#     -9d6285db647e7eeabdb85b409fad61467de1655098fec2e25aeb7770299e9fee
#     -dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b
#     -32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
#     -019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
#     -ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
#     -8dfe613b00d495fb8905bdf6e1317d3e3ac1f63a626032fa2bdad4750887ee8a
#     -143632672dcb6ef324343739636b984f5c52ece0e078cfee7c6cac4a3545403a
#     -cc870c07eeb672ab33b6c2be51b173ad5564af5d98bfc02da02367a9e349a76f
#
#
# Author: Brandon Lanczak
# Contact: Brandon@Lanczak.com
#
# Notes: 
#     -If your SolarWinds Orion installation is in a drive other than C:\ make sure you adjust the foreach statement accordingly.
#     -Run as an administrator to ensure it can access all files.
#
# Revision: v1.2 | 12-21-2020 @ 12:51 CST
#
# Execution:
[String] $HashToFind = 'a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc',
                        '9bee4af53a8cdd7ecabe5d0c77b6011abe887ac516a5a22ad51a058830403690',
                        'bb86f66d11592e3312cd03423b754f7337aeebba9204f54b745ed3821de6252d',
                        'ae6694fd12679891d95b427444466f186bcdcc79bc0627b590e0cb40de1928ad',
                        '9d6285db647e7eeabdb85b409fad61467de1655098fec2e25aeb7770299e9fee',
                        'dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b',
                        '32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77',
                        '019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134',
                        'ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6',
                        '8dfe613b00d495fb8905bdf6e1317d3e3ac1f63a626032fa2bdad4750887ee8a',
                        '143632672dcb6ef324343739636b984f5c52ece0e078cfee7c6cac4a3545403a',
                        'cc870c07eeb672ab33b6c2be51b173ad5564af5d98bfc02da02367a9e349a76f'
 
Foreach ($file in Get-ChildItem C:\ -file -Recurse)
{
    If ((Get-FileHash $file.Fullname -Algorithm SHA256).hash -eq $HashToFind)
    {
        Write-Host "Infected file found: $($File.Fullname) with hash $Hash"
        }
}
 
pause