Skip to main content

Posts

PowerShell TCP Port scanner in one line

If you ever need a TCP port scanner that takes years to run, and you want to do it all in one line, PowerShell has you covered.  1..254 | % {if(Test-Connection 192.168.10.$_ -count 1 -quiet){foreach($x in 1..65535){if(Test-NetConnection -Port $x -ComputerName 192.168.10.$_ -InformationLevel Quiet){Write-Host "Found 192.168.10.$_`:$x"}}}} This one-liner pings every address in the specified network and if it receives a response, it then does a TCP port scan on the address. Keep in mind, it scans the address for all 65,535 ports. The addressing scheme and port ranges can change though, and if you only need to scan a network for all servers with port 80 open, it will be considerably faster. I still recommend using Nmap though. 
Recent posts

Remote VPS file share server

 Recently, I've *allegedly* received some documents on torrent clients on my network. Of course, I wholeheartedly respect copyright laws and do my utmost to ensure that files on my systems are 100% legal. Regardless, I thought creating an offsite file download/share server might be an exciting project.  I already had a VPS I was renting from a VPS provider, so I spun up another one with them. Relatively low specs, 4 CPUs, 4GB RAM, but it has unlimited network usage which is good for my purposes. I went with the most recent version of Ubuntu, but any OS would work with this.  To start off, I had an idea for a setup that used a management IP that I could access to download files and communicate with the torrent client, and a download IP that ran a VPN at all times and was only used for downloading files. Luckily enough, my VPS provider had options for adding extra IPv4 addresses to the server, so I bought an extra address and got that working. OpenVPN also has an option to bind to a

Vynae - process exploration in PowerShell

Vynae can be found on my GitHub . Vynae is a fleshed-out version of the original project, PidHunter. PidHunter was written for use in the Collegiate Cyber Defense Competition for tracing process IDs and gathering simple information about processes running in Windows Server environments. It started as a lightweight script that could be deployed on multiple servers and return consistent results. Mainly, it was used to detect Crowd Strike beacons after we discovered one of our servers had a beacon running on it. I wanted a way to pull up process and network information on the fly without needing to run multiple commands or tools. As such, it was hyper-specific to the situation I was in. While I originally tried to expand PidHunter to be useful in normal operations, it never really took off and was abandoned. Cue summer semester 2022 where I found I had a good amount of extra time before classes started in earnest. I needed to take a break from some other projects, and as I'm takin

Automated firewall manager for multiple windows devices

Code can be found here . For the upcoming CCDC regionals, I'll need to manage multiple different windows machines and servers. In the state competition, I had made a simple script that created some basic firewall rules mostly targetting Active Directory services. I then applied these to both the Windows server 2012 DC and the Windows server 2016 Hyper-V/Docker machine. The rules worked fine for both, especially considering that I decided to 'reduce my threat surface' by removing the net adapters from the Docker box. However, for regionals, I'll be managing multiple Active Directories, Exchange servers, and Docker at the very least.  Having a rigid script that applies the same firewall rules to every box won't work as well as it did in state, and creating a new script for each machine is too time-consuming. So I decided to create something that could detect what services and roles were installed on a given machine and then install the necessary firewall rules based o

Using Zerologon to exploit and dump credentials from a Windows 2012 AD server

EDIT: Related video made for a class The CCDC qualifiers are over now, and my team got 1st! That being said, towards the end of the day, we noticed a lot of suspicious traffic coming to the AD box. While I couldn't figure it out during the competition, it turns out that the red team had been using the zerologon exploit . After we got back, I wanted to learn the ins and outs of this exploit in order to prevent myself from getting hit with it again at the next competition. Turns out, it's relatively easy to set up and execute using Impacket and Risksense' zerologon script.   For the testing environment, I have a Windows lab consisting of a 2012 AD, 2019 Email server, 2016 Docker/Hyper-V box, and Windows 10 and 7 machines. This setup is for CCDC prep and is designed to mirror the environments and machines used in the competition. I also have a kali box running on the same network as the Windows machines. This is what staged the attacks on the 2012 AD server.   To begin with,