2nd RunAsUser Example. WIP: defender AIO, discord, and speedtestv2

community_scripts.json

@@ -299,7 +299,7 @@
     "name": "Bitlocker - Get Recovery Keys",
     "description": "Retrieves a Bitlocker Recovery Keys",
     "shell": "powershell",
-     "syntax": "[-KeyOnly]",
+    "syntax": "[-KeyOnly]",
     "supported_platforms": [
       "windows"
     ],
@@ -751,6 +751,7 @@
     "name": "Test Network Speed",
     "description": "This will download and run iperf to check network speeds, you need one machine on the network as a server and another as a client",
     "syntax": "[-mode <string>]\n[-IP <string>]",
+    "default_timeout": "600",
     "shell": "powershell",
     "supported_platforms": [
       "windows"
@@ -1467,6 +1468,19 @@
     ],
     "default_timeout": "90"
   },
+  {
+    "guid": "49f63733-090b-486b-8ce5-c9bea4917d07",
+    "filename": "Win_RunAsUser_Example2.ps1",
+    "submittedBy": "https://github.com/silversword411",
+    "name": "EXAMPLE RunAsUser Template2",
+    "description": "Reference Script: Will need manual tweaking, for getting logged in username for RunAsUser scripts",
+    "shell": "powershell",
+    "category": "TRMM (Win):Misc>Reference",
+    "supported_platforms": [
+      "windows"
+    ],
+    "default_timeout": "90"
+  },
   {
     "guid": "453c6d22-84b7-4767-8b5f-b825f233cf55",
     "filename": "Win_AD_Join_Computer.ps1",
@@ -1635,7 +1649,9 @@
       "-profile \"@Smart scan\""
     ],
     "default_timeout": "7200",
-    "supported_platforms": ["windows"],
+    "supported_platforms": [
+      "windows"
+    ],
     "shell": "powershell",
     "category": "TRMM (Win):3rd Party Software"
   },
@@ -1690,4 +1706,4 @@
     ],
     "category": "TRMM (All):3rd Party Software"
   }
-]
+]

scripts/Win_RunAsUser_Example.ps1

@@ -1,9 +1,9 @@
 <#
 .SYNOPSIS
-    This is an example script for doing stuff in userland
+    This is a template example script for doing stuff in userland
 
 .DESCRIPTION
-    Fully functional example for RunAsUser, including getting return data and exit 1 from Userland
+    Fully functional example for RunAsUser run from SYSTEM, including getting return data and exit 1 from Userland
 
 .NOTES
     Change Log

scripts/Win_RunAsUser_Example2.ps1

@@ -0,0 +1,17 @@
+<#
+.SYNOPSIS
+    This is an example script for getting logged in username for RunAsUser scripts. To be run from SYSTEM (not TRMM RunAsUser)
+
+.DESCRIPTION
+    Fully functional example for RunAsUser, including getting return data and exit 1 from Userland
+
+.NOTES
+    V1.0 
+#>
+
+$currentuser = ((Get-WMIObject -ClassName Win32_ComputerSystem).Username).Split('\')[1]
+
+If (!$currentuser) {    
+    Write-Output "Noone currently logged in"
+} else {
+    Write-Output "Currently logged in user is: $currentuser"}

scripts_wip/Win_Defender_AIO.ps1

@@ -1,5 +1,3 @@
-
-
 param (
     [switch]$debug,
     [switch]$listExclusions,
@@ -8,7 +6,9 @@ param (
     [switch]$startQuickScan,
     [switch]$startFullScan,
     [switch]$startWDOScan,
-    [switch]$removeThreat
+    [switch]$removeThreat,
+    [switch]$customScan,
+    [string]$customScanPath
 )
 
 # For setting debug output level. -debug switch will set $debug to true
@@ -79,11 +79,20 @@ if ($startWDOScan) {
     Start-MpWDOScan
 }
 
+if ($customScan) {
+    if ($customScanPath -ne $null) {
+        Write-Output "Path required when using customScan switch"
+        Exit 1
+    }
+    else {
+        Start-MpScan -ScanType CustomScan -ScanPath $customScanPath
+    }
+}
+
 if ($removeThreat) {
     Write-Output "Removing Threats"
     Remove-MpThreat
 }
 
 # Exit with the final exit code
-exit $exitCode
-
+exit $exitCode

scripts_wip/Win_Discord_Send_Messagev1.ps1

@@ -0,0 +1,33 @@
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+function dischat {
+
+  [CmdletBinding()]
+  param (    
+  [Parameter (Position=0,Mandatory = $True)]
+  [string]$msgContent
+  ) 
+
+  $hookUrl = 'https://discord.com/api/webhooks/yourwebhookurlhere'
+
+  $Body = @{
+    #This is who the message is from
+    'username' = "Title"
+    'content' = $msgContent
+  }
+
+  Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body
+
+}
+
+function script {
+    $machinename = "Title?"
+    $publicip = (Invoke-WebRequest -uri "https://api.ipify.org?format=json" -UseBasicParsing).content | ConvertFrom-Json | Select-Object -ExpandProperty ip
+    $trmminstalled = Test-Path -Path "C:\Program Files\TacticalAgent" -PathType Container
+
+        return "$machinename Pub IP: $publicip TRMM Installed: $trmminstalled"
+}
+
+dischat (script)
+
+Write-Output "Sent to Discord"

scripts_wip/Win_Network_Speed_Testv2.ps1

@@ -0,0 +1,81 @@
+<#
+      .SYNOPSIS
+      This will download and run iperf to check network speeds, you need one machine on the network as a server and another as a client.
+      .PARAMETER Mode
+      The only mode parameter is server, set by using -mode server. Obviously this will only work in-LAN and server mode will be killed after script timeout.
+      .PARAMETER IP
+      Set IP but using -IP IPADDRESS. Not to be used with server mode
+      .PARAMETER Seconds
+      Client tests default to 3 seconds unless you want to run the tests longer. 
+      .EXAMPLE
+      Server mode 
+      -mode server
+      .EXAMPLE
+      Client mode 
+      -IP 192.168.11.18
+      .EXAMPLE
+      -IP 192.168.11.18 -Seconds 10
+      .NOTES
+      3/30/2022 v1 dinger1986 initial release
+      9/20/2023 v2 silversword411 adding -Seconds param. Updated to recommended folders. Updating default script timeout to 600 seconds for server mode. Recommend setting up a permanent iperf3 server to run against.
+
+  #>
+
+  param (
+    [string] $IP,
+    [int] $Seconds,
+    [string] $Mode
+)
+
+# Check if $Seconds is not specified or 0 and set default value
+if (-not $Seconds) {
+    $Seconds = 3
+}
+
+If (!(test-path $env:programdata\TacticalRMM\temp\)) {
+    New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\temp\
+}
+If (!(test-path $env:programdata\TacticalRMM\toolbox\)) {
+    New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\toolbox\
+}
+If (!(test-path $env:programdata\TacticalRMM\toolbox\iperf3)) {
+    New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\toolbox\iperf3\
+}
+
+Set-Location $env:programdata\TacticalRMM\temp\
+
+If (!(test-path "$env:programdata\TacticalRMM\toolbox\iperf3\iperf3.exe")) {
+    Write-Output "iperf3.exe doesn't exist, downloading and extracting"
+Invoke-WebRequest https://iperf.fr/download/windows/iperf-3.1.3-win64.zip -Outfile iperf3.zip
+
+# Expand and move files to toolbox
+expand-archive iperf3.zip
+Set-Location $env:programdata\TacticalRMM\temp\iperf3\iperf-3.1.3-win64\
+Move-Item .\cygwin1.dll $env:programdata\TacticalRMM\toolbox\iperf3\
+Move-Item .\iperf3.exe $env:programdata\TacticalRMM\toolbox\iperf3\
+
+# Cleanup
+Set-Location $env:programdata\TacticalRMM\toolbox\
+Remove-Item -LiteralPath "$env:programdata\TacticalRMM\temp\iperf3.zip" -Force -Recurse
+Remove-Item -LiteralPath "$env:programdata\TacticalRMM\temp\iperf3\" -Force -Recurse
+}
+
+if ($Mode -eq "server") {
+    Write-Output "Starting iPerf3 Server"
+	netsh advfirewall firewall add rule name="iPerf3" dir=in action=allow program="$env:programdata\TacticalRMM\toolbox\iperf3\iperf3.exe" enable=yes
+    & '$env:programdata\TacticalRMM\toolbox\iperf3\iperf3.exe' -s
+    Start-Sleep -Seconds 599
+    taskkill /IM "iPerf3.exe" /F
+    exit
+}
+
+else {
+    Write-Output "#################   TCP Upload   #################"
+    & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -t $Seconds -bidir
+    Write-Output "#################   UDP Upload   #################"
+    & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -u -b 0 -t $Seconds -bidir
+    Write-Output "#################   TCP Download   ##################"
+    & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -R -t $Seconds -bidir
+    Write-Output "#################   UDP Download   #################"
+    & 'C:\ProgramData\TacticalRMM\toolbox\iperf3\iperf3.exe' -c $IP -p 9200 -R -u -b 0 -t $Seconds -bidir
+}