Share

Here are a few samples to go along with our multiple web series and labs. Below are links to the videos and code:

PowerShell Port Scanner Banner Grabber:

# Problem: We need a way to test open sockets in Powershell. It would be nice to grab a banner
# while we were at it too.

# Solution: Create a function that will loop a System.Net.Sockets.TCPClient and connect to the port.
# If the port is open, attempt to grab the banner and if closed it will tell you.

# TCP Connect test and banner grab.
# Written by Jeremy Martin – jeremy@informationwarfarecenter.com
# For more episodes of Cyber Secrets, visit youtube.com/IWCCyberSec
# www.informationwarfarecenter.com or Intelligenthacking.com

clear
$Hostname = Read-Host -Prompt “Please Enter the target to scan (Example: 192.168.0.1 or test.com)”
$results=@() ;$details=@()
$File = “.\ports.txt”
$_Ports = Get-Content $File #For hardcoded, use: $_Ports = @(21,22,80,443,902,3389,etc…)
$Report = “$HostName-report.csv”
echo “working…”
If (Test-Connection -count 1 -comp $HostName -quiet) {
$details = @{
Date = get-date
ComputerName = $Hostname
IPAddress = $IP
Online = “Yes”
Ports = “”
}
foreach ($_Port in $_Ports) {
try {
$TestPort = QueryPort $HostName $_Port
if ($TestPort.Length -eq 0){ echo $_Port
} else {
echo “$_Port : $TestPort”
$details.Ports += $TestPort + “`r`n”
}
} catch { }
}
$results += New-Object PSObject -Property $details
} Clear; $results

function QueryPort ([string]$HostName, [string]$Port) {
$socket = New-Object System.Net.Sockets.TCPClient
$connected = ($socket.BeginConnect( $HostName, $Port, $Null, $Null )).AsyncWaitHandle.WaitOne(500)
if ($connected -eq “True”){
$stream = $socket.getStream()
Start-Sleep -m 1000; $text = “”
while ($stream.DataAvailable) { $text += [char]$stream.ReadByte() }
if ($text.Length -eq 0){ $text = “No Banner Given”}
$text = “TCP:$Port is open : $text”
$text
$socket.Close()
} else { }
}
$results | export-csv -Path “$Report” -NoTypeInformation
Invoke-Item “$Report”

PowerShell: YouTube downloader, FFMpeg, Cyber Secrets Video Pack

# Cyber Secrets Archiver (YouTube-DL, FFMPEG, & Cyber Secrets)
# Author: Jeremy Martin
# jeremy@informationwarfarecenter.com

# Building the Cyber Secrets video pack
Function Cleanup () {
$MoveEpisodes = Get-ChildItem -Filter “*.mp4”
foreach ($Episode in $MoveEpisodes) {
if ($Episode.Name -imatch “Just”){ Move-Item $Episode “$CSPath\Just the Tip” -Force
} else { Move-Item $Episode “$CSPath\Cyber Secrets” -Force }
}
}

Function YouTube-dl ([string]$Path) {
$source = “https://yt-dl.org/latest/youtube-dl.exe”
$destination = “$Path\youtube-dl.exe”
if (Test-Path $destination) { echo “YouTube-DL is already installed”
} else { Invoke-WebRequest $source -OutFile $destination; echo “YouTube-dl Installed”}
}

Function FFMpeg ([string]$Path) {
$Source = “http://ffmpeg.zeranoe.com/builds/win64/static/ffmpeg-3.3.2-win64-static.zip”
$destination = “$env:TEMP\ffmpeg.zip”
$FFMpeg = “ffmpeg.exe”
if (Test-Path “$destination\$FFMpeg”) { echo “FFMpeg is already installed”
} else {
curl $Source -OutFile $destination
Expand-Archive –Path $destination -DestinationPath $Path -Force
Move-Item “$Path\ffmpeg-3.3.2-win64-static\bin\*.*” $Path
Remove-Item “$Path\ffmpeg-3.3.2-win64-static\” -Recurse -Force
echo “FFMpeg installed”
}
}

$CSPath = “c:\Cyber-Secrets”; clear
if (Test-Path $CSPath) {
echo “Thank you for your support. Enjoy the vids!”
} else { New-Item $CSPath -type directory }
if (Test-Path “$CSPath\Just the Tip”) { } else { New-Item “$CSPath\Just the Tip” -type directory }
if (Test-Path “$CSPath\Cyber Secrets”) { } else { New-Item “$CSPath\Cyber Secrets” -type directory }

# Download Youtube-dl, FFMpeg, and Cyber Secrets Just the Tip episodes
if (Test-Path “$CSPath\youtube-dl.exe”) { echo “YouTube-DL is installed.” } else { YouTube-dl $CSPath -Verbose }
if (Test-Path “$CSPath\ffmpeg.exe”) { echo “FFMpeg is installed.” } else { FFMpeg $CSPath -Verbose }

# Profit
echo “Starting the download”
Set-Location -Path $CSPath
$downloadme = “youtube-dl.exe” # –yes-playlist –recode-video mp4
$arguments = ” https://www.youtube.com/watch?v=tHFhB-7LHls&list=PL9OxrA7zP_Z9a18ZA8KaNJdQ5u_6EZ7YU –yes-playlist –recode-video mp4″
start-process $downloadme $arguments -Wait -Verbose; Cleanup
$arguments = ” https://www.youtube.com/playlist?list=PL9OxrA7zP_Z8ZAc5cYJiQAx7SYkrvoUbh –yes-playlist –recode-video mp4″
start-process $downloadme $arguments -Wait -Verbose; Cleanup
Invoke-Item $CSPath

PowerShell: PsExec Remote EXE Install Network Loop – Patch Management

# Written by Jeremy Martin, Information Warfare Center
# More tips and episodes of Cyber Secrets at
# YouTube.com/IWCCyberSec
# InformationWarfareCEnter.com
# IntelligentHacking.com

clear
$results=@()
$Subnet = Read-Host -Prompt “Please Enter the Subnet the you want to search in (Example: 192.168.0)”
$IPStart = Read-Host -Prompt “Please Enter the First IP in that range (Example:1)”
$IPEnd = Read-Host -Prompt “Please Enter the Last IP in that range (Example:255)”
$User = Read-Host -Prompt “Please Enter the Admin User”
$Pass = Read-Host -Prompt “Please Enter the Admin Pass”
$Domain = Read-Host -Prompt “Please Enter the Domain (NA for None)”
$ScriptPath = Read-Host -Prompt “Please Enter the destination path (Example: c:\)”
$Prog = Read-Host -Prompt “Please Enter the program to push”
echo “Starting the push now…”
if (Test-Path $Subnet-“results.csv”)
{
$results += Import-Csv -Path $Subnet-“results.csv”
}
$IPStart..$IPEnd | %{
$IP = “$Subnet.$_”
If (Test-Connection -count 1 -comp $IP -quiet) {
$HostName = [System.Net.Dns]::GetHostByAddress($IP).HostName
$HostName = $HostName.trimend(“.domain”)
if ($Domain -eq “NA”){
$Domain=$HostName
}
$cmdkeyParams = @(‘/add:$HostName /user:$Domain\$User /pass:$Pass’)
Start-Process -FilePath cmdkey.exe -ArgumentList “$cmdkeyParams” -wait
echo “$IP – $HostName”
$props = @{
HostName = $HostName
IPAddress = $ip
Path = $ScriptPath
Program = $Prog
}
$Target = “\\$HostName”
$PUser = “-u $Domain\$User”
$PPass = “-p $Pass”
$Args = @(‘-i -f -c’, $Prog)
$Exec = “./PsExec.exe”
$Params = “$Target $PUser $PPass $Args”
echo “$Exec $Params”
$process = Start-Process -FilePath “$Exec” -ArgumentList “$Params” -PassThru
Wait-Process -InputObject $process
if ($process.ExitCode -eq 0) {
$results+= “$Prog was pushed to $IP – $HostName using PsExec.”
echo “$Prog was pushed to $IP – $HostName”
New-Object -TypeName psobject -Property $props
} elseif ($process.ExitCode -eq 2){
$results+= “$Prog was pushed to $IP – $HostName”
echo “$Prog was pushed to $IP – $HostName”
} else {
$results+= “$Prog FAILED to push to $IP – $HostName”
echo “$Prog FAILED to push to $IP – $HostName”
}

$cmdkeydParams = @(‘/delete:$HostName’)

} else {
Write-Host “the $IP is not reachable”
}
}

$results >> $Subnet-“results.csv”
Invoke-Item $Subnet-“results.csv” -force