# Specify the path to the existing text file
$filePath = "C:\TEMP\Rubbish.txt"
# Calculate the size of 2MB in bytes
$additionalDataSize = 2 * 1024 * 1024
# Generate 2MB of random data
$randomText = [byte[]]::new($additionalDataSize)
$random = New-Object System.Random
$random.NextBytes($randomText)
# Open the file in append mode and write the random data
$fileStream = [System.IO.File]::Open($filePath, [System.IO.FileMode]::Append)
$fileStream.Write($randomText, 0, $randomText.Length)
$fileStream.Close()
Write-Host "Added 2MB of random data to $filePath"
Encode Files with Certutil
Encode
certutil -encode "C:\Wherever\Whatever.whatever" "C:\Wherever.whatever"
Decode
certutil -decode "C:\Wherever\Whatever.whatver" "C:\Wherever\Whatever.Whatever"
Ping Sweep a Network from Windows CMD Line
From a Microsoft OS command line interface, enter the following:
for /l %i in (1,1,254) do @ping -n 1 -w 100 <first three octets of host network>.%i
Also useful in ping sweep scenerios:
arp -a
New acoustic attack steals data from keystrokes with 95% accuracy
Find a file in an array of computers
# Define the array of computer names
$computers = @("Computer1", "Computer2", "Computer3")
# Define the file name or pattern you want to search for (with wildcards if needed)
$targetFileName = "*password*.txt"
# Define the directory where you want to start the recursive search on each computer
$targetDirectory = "C$"
# Loop through each computer and search for the file
foreach ($computer in $computers) {
$filePath = "\\$computer\$targetDirectory"
# Get all files with the specified name/pattern in the target directory and its subdirectories
$foundFiles = Get-ChildItem -Path $filePath -Filter $targetFileName -Recurse -ErrorAction SilentlyContinue
# Check if any file was found
if ($foundFiles) {
foreach ($file in $foundFiles) {
Write-Host "File '$($file.Name)' found on $computer at $($file.FullName)"
}
} else {
Write-Host "File '$targetFileName' not found on $computer"
}
}
DRM Management
# This script lists all files that haven't been modified within three years.
# Get the current date and time.
$currentDateTime = Get-Date
# Calculate the date three years ago.
$threeYearsAgo = $currentDateTime - (3 * (365.25 * 24 * 60 * 60))
# Find all files that have not been modified since three years ago.
$files = Get-ChildItem -Recurse -ErrorAction SilentlyContinue | Where-Object {
# Get the last modified date of the file.
$lastModifiedDateTime = $_.LastWriteTime
# Compare the last modified date to the date three years ago.
$lastModifiedDateTime -lt $threeYearsAgo
}
# Print the list of files.
ForEach ($file in $files) {
Write-Host $file.FullName
}
Journalist opens USB letter bomb in newsroom
Export a listing of all enabled Active Directory users
<#
Exports a listing of all enabled Active Directory users
Author: Brandon Lanczak
Date: 03-20-2023
Note: Adjust properties as needed.
#>
#
Get-ADUser -LDAPFilter "(objectCategory=User)" -Properties Enabled, Name, EmailAddress, Title | Where { $_.Enabled -eq $True } | Select-Object Name, EmailAddress,Title, Enabled | Sort-Object -Property Name | Export-CSV -NoType 'C:\Temp\blah mm-dd-yyyy.csv'
Export GAL as Standard Outlook User
[Microsoft.Office.Interop.Outlook.Application] $outlook = New-Object -ComObject Outlook.Application
$entries = $outlook.Session.GetGlobalAddressList().AddressEntries
foreach($entry in $entries){
write-output ("{0}: {1}" -f $entry.Name, $entry.GetExchangeUser().PrimarySMTPAddress), $entry.GetExchangeUser().MobileTelephoneNumber)
}
OR
param (
$OutFile = (Get-Date -Format yyyy-MM-dd) + "_GALEntries.csv"
)
$Outlook = New-Object -ComObject Outlook.Application
$GlobalAddressList = $Outlook.Session.GetGlobalAddressList().AddressEntries
$TotalObjects = $GlobalAddressList.Count
$i = 1
foreach ($entry in $GlobalAddressList)
{
Write-Progress -Id 1 -Activity "Exporting Global Address List Entries" -PercentComplete (($i / $TotalObjects) * 100) -Status "[$($i)/$($TotalObjects)] entries exported"
If ($entry.Address -match "\/o\=")
{
$EntryData = $entry.GetExchangeUser()
$RecordData = [ordered]@{
Name = $EntryData.Name
First = $EntryData.FirstName
Last = $EntryData.Last
PrimarySmtpAddress = $EntryData.PrimarySmtpAddress
UserPrincipalName = $EntryData.PrimarySmtpAddress
x500 = $EntryData.Address
Alias = $EntryData.Alias
AssistantName = $EntryData.AssistantName
BusinessPhone = $EntryData.BusinessTelephoneNumber
MobilePhone = $EntryData.MobileTelephoneNumber
Title = $EntryData.JobTitle
Department = $EntryData.Department
Company = $EntryData.CompanyName
OfficeLocation = $EntryData.OfficeLocation
Address = $EntryData.StreetAddress
City = $EntryData.City
StateOrProvince = $EntryData.StateOrProvince
PostalCode = $EntryData.PostalCode
}
$Record = New-Object PSobject -Property $RecordData
$Record | Export-csv $OutFile -NoTypeInformation -Append
}
$i++
}
Write-Progress -Id 1 -Status "Completed." -Completed
Powershell Find & Replace IPs in a PCAP
# Netshark Powershell Module is required for this operation. Install if needed with this line
#Install-Module NetShark
# Import the NetShark module
Import-Module NetShark
# Set the path to the input pcap file
$inputFile = "C:\Path\To\Input\File.pcap"
# Set the path to the output pcap file
$outputFile = "C:\Path\To\Output\File.pcap"
# Set the original IP address to be replaced
$originalIpAddress = "10.0.0.1"
# Set the new IP address to replace the original one
$newIpAddress = "192.168.0.1"
# Create a filter expression to match packets with the original IP address
$filterExpression = "ip.addr == $originalIpAddress"
# Use NetShark to read the input pcap file and filter packets matching the filter expression
Get-NetSharkCapture -FilePath $inputFile -FilterExpression $filterExpression |
ForEach-Object {
# Replace the original IP address with the new IP address in each matching packet
$_.Packet.IP.DstAddr = $newIpAddress
$_.Packet.IP.SrcAddr = $newIpAddress
$_
} |
# Use NetShark to write the modified packets to the output pcap file
Set-NetSharkCapture -FilePath $outputFile