Skip to content

Instantly share code, notes, and snippets.

@NiceRath
NiceRath / windows-rds-temp-user-fw-rule-cleanup.ps1
Last active October 5, 2024 10:09
Windows RDS - Script to gracefully reboot the server (notify users)
# Task Scheduler
# General
# Use local service-user of SYSTEM
# Enable 'Run whether user is logged in or not'
# Enable 'Do not store password'
# Enable 'Run with highest privileges'
#
# Action
# Program: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
# Arguments: -File C:\scripts\GracefulReboot.ps1
@NiceRath
NiceRath / windows-rds-temp-user-fw-rule-cleanup.ps1
Last active October 5, 2024 10:06
Windows RDS - Script to scheduled remove temporary user-firewall-rules
# Task Scheduler
# General
# Select user SYSTEM (admin user will not work correctly)
# Enable 'Run with highest privileges'
#
# Action
# Program: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
# Arguments: -File C:\scripts\RemoveUserFWRules.ps1
# NOTE: to get the rule-names you need to execute 'Get-NetFirewallRule' as SYSTEM-USER - some rules have other display-names in that context..
@NiceRath
NiceRath / windows-rds-temp-profile-cleanup.ps1
Last active October 5, 2024 10:05
Windows RDS - Script to scheduled clean-up temporary user profiles
# Task Scheduler
# General
# Use local service-user of SYSTEM
# Enable 'Run whether user is logged in or not'
# Enable 'Do not store password'
# Enable 'Run with highest privileges'
#
# Action
# Program: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
# Arguments: -File C:\scripts\rds\RemoveTmpProfiles.ps1
@NiceRath
NiceRath / ssl-validate.sh
Last active October 14, 2024 20:26
Script to validate certificate of service
#!/bin/bash
if [ -z "$1" ]
then
echo 'Provide the target hostname!'
exit 1
fi
TARGET="$1"
@NiceRath
NiceRath / ssl-ocsp-check.sh
Created September 30, 2024 15:33
Script to check if website has OCSP enabled or issues with it
#!/bin/bash
if [ -z "$1" ]
then
echo 'Provide a hostname of a website to check!'
exit 1
fi
if [ -z "$2" ]
then
@NiceRath
NiceRath / port_check.py
Created September 4, 2024 10:49
Python3 Port Check Script
#!/usr/bin/env python3
from sys import argv as sys_argv
from socket import socket, AF_INET, AF_INET6, SOCK_STREAM
if len(sys_argv) < 3:
raise ValueError("""
You need to provide two arguments:
1 > Target IP
2 > Target port (only TCP)
@NiceRath
NiceRath / ansible-decrypt-vault-pipe-to-parent-process.sh
Last active August 27, 2024 13:48
Ansible - Decrypt Vault and Pipe output to parent process
# this can be useful in CI environments if you need to process config or secrets and pipe them to the parent process in a secure manner
# example file: secrets.yml
> my_secret1: !vault |
> $ANSIBLE_VAULT;1.1;AES256
> ...
> service_xyz: !vault |
> $ANSIBLE_VAULT;1.1;AES256
> ...
@NiceRath
NiceRath / python3-write-to-os-pipe.py
Created August 27, 2024 12:32
Python3 - Write to OS pipe /dev/fd/
#!/usr/bin/env python3
# this can be useful in CI environments if you need to process config or secrets and pipe them to the parent process in a secure manner
import io
import os
from time import sleep
w = io.open(69, 'wb', 0)
w.write(b'MY SECRE3T')
@NiceRath
NiceRath / opnsense-backup-rules-to-csv.py
Last active August 26, 2024 10:06
OPNSense - Backup Rules to CSV
from csv import DictWriter
import xml.etree.ElementTree as ET
# reads unencrypted OPNSense backup file and extracts its rules in CSV format
FILE_IN = 'firewall.xml'
FILE_OUT = 'firewall.csv'
FIELDS = [
'uuid', 'type', 'interface', 'ipprotocol', 'statetype', 'descr', 'direction', 'floating', 'log', 'quick',
'protocol', 'source', 'destination', 'category', 'disabled', 'gateway', 'icmptype', 'associated-rule-id',
@NiceRath
NiceRath / chocolatey_msi_install_startup.ps1
Created August 12, 2024 13:21
Chocolatey - Install MSI Packages on Windows Startup
# NOTES:
# you need to install chocolatey first: https://community.chocolatey.org/install.ps1
# source for ChocolateyInstallPackage: https://github.com/chocolatey/choco/blob/master/src/chocolatey.resources/helpers/functions/Install-ChocolateyInstallPackage.ps1
# source for helper functions: https://github.com/chocolatey/choco/tree/master/src/chocolatey.resources/helpers/functions
# this script need to be copied to your client; it may not work if executed through a network share
# you also need to copy those helper-function (see HELPERS_INCLUDE below) to your clients (see HELPERS_PATH below)
$LOGFILE = 'C:\gpo\logs\choco.log'
$SCRIPT_PATH = 'C:\gpo\scripts\choco'
$HELPERS_PATH = "$SCRIPT_PATH\helpers"