From 6ed5bcccbb4f82b4d1fed19fc7e609c00babe4ef Mon Sep 17 00:00:00 2001 From: silversword411 Date: Tue, 10 Oct 2023 00:39:04 -0400 Subject: [PATCH 1/4] wip - Send message thru discord --- scripts_wip/Win_Discord_Send_Messagev1.ps1 | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 scripts_wip/Win_Discord_Send_Messagev1.ps1 diff --git a/scripts_wip/Win_Discord_Send_Messagev1.ps1 b/scripts_wip/Win_Discord_Send_Messagev1.ps1 new file mode 100644 index 00000000..112e563d --- /dev/null +++ b/scripts_wip/Win_Discord_Send_Messagev1.ps1 @@ -0,0 +1,33 @@ +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + +function dischat { + + [CmdletBinding()] + param ( + [Parameter (Position=0,Mandatory = $True)] + [string]$msgContent + ) + + $hookUrl = 'https://discord.com/api/webhooks/yourwebhookurlhere' + + $Body = @{ + #This is who the message is from + 'username' = "Title" + 'content' = $msgContent + } + + Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body + +} + +function script { + $machinename = "Title?" + $publicip = (Invoke-WebRequest -uri "https://api.ipify.org?format=json" -UseBasicParsing).content | ConvertFrom-Json | Select-Object -ExpandProperty ip + $trmminstalled = Test-Path -Path "C:\Program Files\TacticalAgent" -PathType Container + + return "$machinename Pub IP: $publicip TRMM Installed: $trmminstalled" +} + +dischat (script) + +Write-Output "Sent to Discord" \ No newline at end of file From cb517cf29bb5f740dea23d2ab4b02a1b8f8ef030 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Tue, 10 Oct 2023 00:43:35 -0400 Subject: [PATCH 2/4] wip - defender AIO --- scripts_wip/Win_Defender_AIO.ps1 | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/scripts_wip/Win_Defender_AIO.ps1 b/scripts_wip/Win_Defender_AIO.ps1 index 3c055e03..154ce87a 100644 --- a/scripts_wip/Win_Defender_AIO.ps1 +++ b/scripts_wip/Win_Defender_AIO.ps1 @@ -1,5 +1,3 @@ - - param ( [switch]$debug, [switch]$listExclusions, @@ -8,7 +6,9 @@ param ( [switch]$startQuickScan, [switch]$startFullScan, [switch]$startWDOScan, - [switch]$removeThreat + [switch]$removeThreat, + [switch]$customScan, + [string]$customScanPath ) # For setting debug output level. -debug switch will set $debug to true @@ -79,11 +79,20 @@ if ($startWDOScan) { Start-MpWDOScan } +if ($customScan) { + if ($customScanPath -ne $null) { + Write-Output "Path required when using customScan switch" + Exit 1 + } + else { + Start-MpScan -ScanType CustomScan -ScanPath $customScanPath + } +} + if ($removeThreat) { Write-Output "Removing Threats" Remove-MpThreat } # Exit with the final exit code -exit $exitCode - +exit $exitCode \ No newline at end of file From 28b494466070e5b7519963199c1a2054ec8a3056 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Tue, 10 Oct 2023 00:51:30 -0400 Subject: [PATCH 3/4] Adding 2nd RunAsUser Example --- community_scripts.json | 22 +++++++++++++++++++--- scripts/Win_RunAsUser_Example.ps1 | 4 ++-- scripts/Win_RunAsUser_Example2.ps1 | 17 +++++++++++++++++ 3 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 scripts/Win_RunAsUser_Example2.ps1 diff --git a/community_scripts.json b/community_scripts.json index e7a58805..bee69641 100644 --- a/community_scripts.json +++ b/community_scripts.json @@ -299,7 +299,7 @@ "name": "Bitlocker - Get Recovery Keys", "description": "Retrieves a Bitlocker Recovery Keys", "shell": "powershell", - "syntax": "[-KeyOnly]", + "syntax": "[-KeyOnly]", "supported_platforms": [ "windows" ], @@ -751,6 +751,7 @@ "name": "Test Network Speed", "description": "This will download and run iperf to check network speeds, you need one machine on the network as a server and another as a client", "syntax": "[-mode ]\n[-IP ]", + "default_timeout": "600", "shell": "powershell", "supported_platforms": [ "windows" @@ -1467,6 +1468,19 @@ ], "default_timeout": "90" }, + { + "guid": "49f63733-090b-486b-8ce5-c9bea4917d07", + "filename": "Win_RunAsUser_Example2.ps1", + "submittedBy": "https://github.com/silversword411", + "name": "EXAMPLE RunAsUser Template2", + "description": "Reference Script: Will need manual tweaking, for getting logged in username for RunAsUser scripts", + "shell": "powershell", + "category": "TRMM (Win):Misc>Reference", + "supported_platforms": [ + "windows" + ], + "default_timeout": "90" + }, { "guid": "453c6d22-84b7-4767-8b5f-b825f233cf55", "filename": "Win_AD_Join_Computer.ps1", @@ -1635,7 +1649,9 @@ "-profile \"@Smart scan\"" ], "default_timeout": "7200", - "supported_platforms": ["windows"], + "supported_platforms": [ + "windows" + ], "shell": "powershell", "category": "TRMM (Win):3rd Party Software" }, @@ -1690,4 +1706,4 @@ ], "category": "TRMM (All):3rd Party Software" } -] +] \ No newline at end of file diff --git a/scripts/Win_RunAsUser_Example.ps1 b/scripts/Win_RunAsUser_Example.ps1 index 1e9e52ad..9c2fcf27 100644 --- a/scripts/Win_RunAsUser_Example.ps1 +++ b/scripts/Win_RunAsUser_Example.ps1 @@ -1,9 +1,9 @@ <# .SYNOPSIS - This is an example script for doing stuff in userland + This is a template example script for doing stuff in userland .DESCRIPTION - Fully functional example for RunAsUser, including getting return data and exit 1 from Userland + Fully functional example for RunAsUser run from SYSTEM, including getting return data and exit 1 from Userland .NOTES Change Log diff --git a/scripts/Win_RunAsUser_Example2.ps1 b/scripts/Win_RunAsUser_Example2.ps1 new file mode 100644 index 00000000..a24bbe4a --- /dev/null +++ b/scripts/Win_RunAsUser_Example2.ps1 @@ -0,0 +1,17 @@ +<# +.SYNOPSIS + This is an example script for getting logged in username for RunAsUser scripts. To be run from SYSTEM (not TRMM RunAsUser) + +.DESCRIPTION + Fully functional example for RunAsUser, including getting return data and exit 1 from Userland + +.NOTES + V1.0 +#> + +$currentuser = ((Get-WMIObject -ClassName Win32_ComputerSystem).Username).Split('\')[1] + +If (!$currentuser) { + Write-Output "Noone currently logged in" +} else { + Write-Output "Currently logged in user is: $currentuser"} \ No newline at end of file From a802b58555243015033751c8adeeb4504e4e53b1 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Tue, 10 Oct 2023 00:55:53 -0400 Subject: [PATCH 4/4] wip - Adding more advanced iperf3 network test script. --- scripts_wip/Win_Network_Speed_Testv2.ps1 | 81 ++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 scripts_wip/Win_Network_Speed_Testv2.ps1 diff --git a/scripts_wip/Win_Network_Speed_Testv2.ps1 b/scripts_wip/Win_Network_Speed_Testv2.ps1 new file mode 100644 index 00000000..62b58a1e --- /dev/null +++ b/scripts_wip/Win_Network_Speed_Testv2.ps1 @@ -0,0 +1,81 @@ +<# + .SYNOPSIS + This will download and run iperf to check network speeds, you need one machine on the network as a server and another as a client. + .PARAMETER Mode + The only mode parameter is server, set by using -mode server. Obviously this will only work in-LAN and server mode will be killed after script timeout. + .PARAMETER IP + Set IP but using -IP IPADDRESS. Not to be used with server mode + .PARAMETER Seconds + Client tests default to 3 seconds unless you want to run the tests longer. + .EXAMPLE + Server mode + -mode server + .EXAMPLE + Client mode + -IP 192.168.11.18 + .EXAMPLE + -IP 192.168.11.18 -Seconds 10 + .NOTES + 3/30/2022 v1 dinger1986 initial release + 9/20/2023 v2 silversword411 adding -Seconds param. Updated to recommended folders. Updating default script timeout to 600 seconds for server mode. Recommend setting up a permanent iperf3 server to run against. + + #> + + param ( + [string] $IP, + [int] $Seconds, + [string] $Mode +) + +# Check if $Seconds is not specified or 0 and set default value +if (-not $Seconds) { + $Seconds = 3 +} + +If (!(test-path $env:programdata\TacticalRMM\temp\)) { + New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\temp\ +} +If (!(test-path $env:programdata\TacticalRMM\toolbox\)) { + New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\toolbox\ +} +If (!(test-path $env:programdata\TacticalRMM\toolbox\iperf3)) { + New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\toolbox\iperf3\ +} + +Set-Location $env:programdata\TacticalRMM\temp\ + +If (!(test-path "$env:programdata\TacticalRMM\toolbox\iperf3\iperf3.exe")) { + Write-Output "iperf3.exe doesn't exist, downloading and extracting" +Invoke-WebRequest https://iperf.fr/download/windows/iperf-3.1.3-win64.zip -Outfile iperf3.zip + +# Expand and move files to toolbox +expand-archive iperf3.zip +Set-Location $env:programdata\TacticalRMM\temp\iperf3\iperf-3.1.3-win64\ +Move-Item .\cygwin1.dll $env:programdata\TacticalRMM\toolbox\iperf3\ +Move-Item .\iperf3.exe $env:programdata\TacticalRMM\toolbox\iperf3\ + +# Cleanup +Set-Location $env:programdata\TacticalRMM\toolbox\ +Remove-Item -LiteralPath "$env:programdata\TacticalRMM\temp\iperf3.zip" -Force -Recurse +Remove-Item -LiteralPath "$env:programdata\TacticalRMM\temp\iperf3\" -Force -Recurse +} + +if ($Mode -eq "server") { + Write-Output "Starting iPerf3 Server" + netsh advfirewall firewall add rule name="iPerf3" dir=in action=allow program="$env:programdata\TacticalRMM\toolbox\iperf3\iperf3.exe" enable=yes + & '$env:programdata\TacticalRMM\toolbox\iperf3\iperf3.exe' -s + Start-Sleep -Seconds 599 + taskkill /IM "iPerf3.exe" /F + exit +} + +else { + Write-Output "################# TCP Upload #################" + & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -t $Seconds -bidir + Write-Output "################# UDP Upload #################" + & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -u -b 0 -t $Seconds -bidir + Write-Output "################# TCP Download ##################" + & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -R -t $Seconds -bidir + Write-Output "################# UDP Download #################" + & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -R -u -b 0 -t $Seconds -bidir +}