#Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force #Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) # Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; #DISM.exe /Online /Cleanup-image /Restorehealth #sfc /scannow ### CONFIG SECTION Windows 10 tested ### ## Run in cmd as Administrator #powershell.exe -noprofile -executionpolicy bypass -file .\script.ps1 #NOTE REset firewall #netsh advfirewall reset #Disable/Enable firewall #netsh advfirewall set currentprofile state off #OR #netsh advfirewall set all state off #Using PowerShell (as an administrator) in Windows 10, use the following command: #Set-MpPreference -DisableRealtimeMonitoring $true #To re-enable it: #Set-MpPreference -DisableRealtimeMonitoring $false #PS to Exe #PS C:\> Install-Module ps2exe # Invoke-ps2exe .\source.ps1 .\target.exe -requireAdmin -prepareDebug # OR # ps2exe .\source.ps1 .\target.exe # You can use sc (Service Control) to stop and start Windows Defender: # sc stop WinDefend # And: # sc start WinDefend # Install-Module ps12exe # '"Hello World!"' | ps12exe # ps12exe .\source.ps1 .\target.exe # ps12exeGUI Set-ExecutionPolicy Bypass -Scope Process -Force #Set-ExecutionPolicy remotesingned # Build an rest api for get and set info #check Windows Version and Download logic # powershell version => $PSVersionTable # ps=>get-ComputerInfo, cmd=>systeminfo ,wmic # winXP => ftp download, ?? &iexpress package # win7 => ftp download , ps2exe & iexpress package # win8+ => https download, ps2exe & iexpress package # Get info and upload for profiling # Add security layer for login credentials && download && connections # Convert to Csharp code #Copy-Item C:\Code\Trunk -Filter *.csproj.user -Destination C:\Code\F2 -Recurse ## LOAD Modules $WebClient = New-Object System.Net.WebClient <# NOTE Functions Section ToggleFw() TunnelCfgDownload() BuildDir() WinVerDetect() DownloadFileVer() GetWinInfo() ... $Manufacturer = Get-WmiObject win32_baseboard | select-object -expand Manufacturer $Product = Get-WmiObject win32_baseboard | select-object -expand Product $SerialNumber = Get-WmiObject win32_baseboard | select-object -expand SerialNumber $UUID = (Get-WmiObject -Class Win32_ComputerSystemProduct).UUID write-host $Manufacturer~$Product~$SerialNumber~$UUID # NOTE This and UUID is Working $key = 'HKLM:\SOFTWARE\Microsoft\Cryptography' Get-ItemProperty -Path $key # for list all (Get-ItemProperty -Path $key -Name MachineGuid).MachineGuid #for version from 2.0 through 5.0 Get-ItemPropertyValue -Path $key -Name MachineGuid # (Win10 default)5.0+ (Get-CimInstance -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'").DeviceHardwareData There is actually another way to uniquely identify each Windows PC. Open up Registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography Find the key called “MachineGuid” this key is generated uniquely during the installation of Windows and it won’t change regardless of any hardware swap (apart from replacing the boot-able hard drive where the OS are installed on). That means if you want to keep tracking installation per OS this is another alternative. It won’t change unless you do a fresh reinstall of Windows. #> # $location = Get-Location # Write-Host "Current Working Directory: $location" -ForegroundColor Green # # Load Functions # try{ # . "$location\DownloadsTools.ps1" # } # catch{ # Write-Warning -Message "ERROR loading libs" # } function installUESModules { <# .SYNOPSIS Returns a list of services that are set to start automatically, are not currently running, excluding the services that are set to delayed start. .DESCRIPTION Get-MrAutoStoppedService is a function that returns a list of services from the specified remote computer(s) that are set to start automatically, are not currently running, and it excludes the services that are set to start automatically with a delayed startup. .PARAMETER ComputerName The remote computer(s) to check the status of the services on. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE Get-MrAutoStoppedService -ComputerName 'Server1', 'Server2' .EXAMPLE 'Server1', 'Server2' | Get-MrAutoStoppedService .EXAMPLE Get-MrAutoStoppedService -ComputerName 'Server1' -Credential (Get-Credential) .INPUTS String .OUTPUTS PSCustomObject .NOTES Author: Mike F. Robbins Website: https://mikefrobbins.com Twitter: @mikefrobbins #> process { #NOTE Create Module Directory # Define dir module $modulePath = "$HOME\Documents\WindowsPowerShell\Modules\UESDownloadTools" $baseUri = "https://baizabal.xyz/downloads/Powershell/modules" if (-not [System.IO.Directory]::Exists($modulePath)) { $folder = New-Item -Type Directory -Path $modulePath } Write-Host "Installing necesary modules" #Get links $links = (Invoke-WebRequest -Uri "$baseUri").Links.Href Write-Host "$links" foreach ( $link in $links ) { if ($link -ne "../") { Write-Host "Trying Download ... $baseUri/$link => $modulePath\$link" -ForegroundColor Green Invoke-WebRequest -Uri "$baseUri/$link" -OutFile "$modulePath\$link" } } } } # End InstallUESModules # #Temporary Disable Firewall #netsh advfirewall set currentprofile state off Write-Verbose "Turning off firewall ..." # Disable FW Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False #Install Modules InstallUESModules Get-Command -Module UESDownloadTools try { #Import-Module DownloadsTools.getDavFile -Minimumversion 13.0.0.20829139 -ErrorAction Stop Import-Module UESDownloadTools -Force -ErrorAction Stop } catch { Write-Error "Missing PowerCLI module!" } #WARNING Machine options #$cloudPath = https://example.com/nextcloud/remote.php/dav/files/USERNAME/ #To create a folder with the current date as name: ##$ curl -u user:pass -X MKCOL "https://example.com/nextcloud/remote.php/dav/files/USERNAME/$(date '+%d-%b-%Y')" ##To upload a file error.log into that directory: #$ curl -u user:pass -T error.log "https://example.com/nextcloud/remote.php/dav/files/USERNAME/$(date '+%d-%b-%Y')/error.log" ##To move a file: #$ curl -u user:pass -X MOVE --header 'Destination: https://example.com/nextcloud/remote.php/dav/files/USERNAME/target.jpg' https://example.com/nextcloud/remote.php/dav/files/USERNAME/source.jpg #NOTE Working #curl -u balam:@EnumaElish# -X MKCOL "https://cloud.baizabal.xyz/remote.php/dav/files/balam/Connections/" #curl -u balam:@EnumaElish# -T /media/baizabal/Development/Network/vpn/vm_proton_balamx01.ovpn "https://cloud.baizabal.xyz/remote.php/dav/files/balam/Connections/" # curl -u user:pass -X PUT --header "https://cloud.baizabal.xyz/remote.php/dav/files/Ambagasdowa/Development/Network/vpn/proton_01.ovpn" # WebDav Example: # curl --remote-name -u user:pass -request GET "https://cloud.baizabal.xyz/remote.php/dav/files/Ambagasdowa/Development/Network/vpn/proton_01.ovpn" # URL and Destination # $url = "https://cloud.baizabal.xyz/remote.php/dav/files/Ambagasdowa/Development/Network/vpn/proton_01.ovpn" # $dest = "c:\Users\uesx02\Downloads\proton_01.ovpn" # $requestMethod = "GET" # # Ask for Credentials ? # # Define username and password # $username = 'username' # $password = 'password' # # Convert to SecureString # $secPassword = ConvertTo-SecureString $password -AsPlainText -Force # # Create Credential Object # $credObject = New-Object System.Management.Automation.PSCredential ($username, $secPassword) # # Download file # Invoke-WebRequest -Uri $url -OutFile $dest -Credential $credObject -Method $requestMethod ##To get the properties of files in the root folder: #$ curl -X PROPFIND -H "Depth: 1" -u user:pass https://example.com/nextcloud/remote.php/dav/files/USERNAME/ | xml_pp # # # # /nextcloud/remote.php/dav/files/USERNAME/ # # # Tue, 13 Oct 2015 17:07:45 GMT # # # # 163 # 11802275840 # "561d3a6139d05" # # HTTP/1.1 200 OK # # # # /nextcloud/remote.php/dav/files/USERNAME/welcome.txt # # # Tue, 13 Oct 2015 17:07:35 GMT # 163 # # "47465fae667b2d0fee154f5e17d1f0f1" # text/plain # # HTTP/1.1 200 OK # # # # # NOTE Connect a network drive # $Password = ConvertTo-SecureString "YourPassword" -AsPlainText -Force # $Cred = New-Object System.Management.Automation.PSCredential ("YourUsername", $Password) # New-PSDrive -Name "Z" -PSProvider FileSystem -Root "\\Server\Share" -Credential $Cred -Persist # https://www.sharepointdiary.com/2022/03/map-network-drive-using-powershell.html # Copy file in ps #Item-Copy "Source" "DestinationFile" #NOTE At init Ask for credentials DavSource and Ovpn File $username = Read-Host -Prompt "Enter Your UES Cloud Instance Username" if ([string]::IsNullOrWhiteSpace($username)) { Write-Output "Input cannot be empty!" } $password = Read-Host -Prompt "Enter Your UES Cloud Instance Password" if ([string]::IsNullOrWhiteSpace($password)) { Write-Output "Input cannot be empty!" } $File = Read-Host -Prompt "Enter Your UES Connection File Name (Without extension), Default is username if you don't know it left in blank" if (-not [string]::IsNullOrWhiteSpace($File)) { $ConnectionFile = $File + ".ovpn" } else { $ConnectionFile = $username + ".ovpn" } <# NOTE Passwords The Passwords can be generated and send via email or requested from a server or build in site asking to the user and save to server ... thinking issue #> #$terminal='UESX02' # KVM virtual Machine win10 # NOTE WARNING VPN SECTION $terminal="$username" # Pichon01 Physical-Machine #$terminalPath="https://cloud.baizabal.xyz/s/$terminal/download/" #$vpnPrefix='vm_proton_' #$zfiles = "wassets.zip" $tmpPath = "$env:temp" # NOTE WARNING VPN SECTION $opvnConnectPath = "$env:ProgramFiles\OpenVPN Connect\" # $usrHome = Get-Variable HOME -valueOnly $usrHome = "$env:USERPROFILE" # NOTE: VNC Credentials # VNC Credentials $usrPass = "view$terminal" $usrAdminPass = "Effeta$terminal" # NOTE WARNING VPN SECTION $ovpn = "$ConnectionFile" $ovpn_log = "$username.log" # Destination of vpn file: $ovpConfigPath = "$usrHome\OpenVPN\config\$ovpn" $vpnOutDir= "$usrHome\OpenVPN\config" $ovpLogPath = "$usrHome\OpenVPN\log\$ovpn_log" $folderPath = "$usrHome\OpenVPN\config\" $logPath = "$usrHome\OpenVPN\log\" # NOTE Remote Fallback User Credentials $remoteusr = "systemAssistRemote" $remotepasuwaru = "@EffetaRemote$terminal#" $ConnData = @( [pscustomobject]@{username="$username";password="$password";ConnectionFile="$ConnectionFile";remoteusr="$remoteusr";remotepasuwaru="$remotepasuwaru"} # [pscustomobject]@{FirstName='John'; LastName='Doe'} ) ## get current location expect Downloads or Descargas etc $usrpath = Get-Location Write-Verbose -Message "Intalling Framework: $usrpath" ### UNISTALLS SERVICE IF EXIST ### $serviceName = "OVPNConnector*" $Service = Get-Service -Name $serviceName if (-not [System.IO.Directory]::Exists($folderPath)) { [System.IO.Directory]::CreateDirectory($folderPath) } if (-not [System.IO.Directory]::Exists($logPath)) { [System.IO.Directory]::CreateDirectory($logPath) } Write-Verbose "Build ovpn Directory $ovpConfigPath" #Split-Path -Path $curDir -Parent #$relativePath = Get-Item Downloads | Resolve-Path -Relative Write-Verbose "Current Working Directory: $usrpath" #NOTE Download ovpn file ## NOTE Parametrized Arguments For Download OVPN Connection File $remoteDir = "Connections" $domain = 'cloud.baizabal.xyz' Write-Verbose "Domain=>$domain RemoteDir=> $remoteDir ,Username => $username Password => $password ConnectionFile => $ConnectionFile Outdir => $ovpConfigPath" $requestFile = getDavFile -Domain $domain -RemoteDir $remoteDir -Username $username -Password $password -ConnectionFile $ConnectionFile -Outdir $vpnOutDir Write-Verbose $requestFile if($requestFile -eq $false){ return Write-Warning "Error Downloading connection file , try again please" exit } Write-Verbose "Download and copying connection file done " #$baseUriSource = "https://baizabal.xyz/downloads/windows_binary" $fdomain = "https://baizabal.xyz/" $fremoteDir = "downloads/windows_binary" #$remoteFiles = @("openvpn-connect-v3-windows.msi","tightvnc-2.8.85-gpl-setup-64bit.msi" ,"OpenSSH-Win64-v9.5.0.0.msi") $remoteFiles = @("openvpn-connect-v3-windows.msi","tightvnc-2.8.85-gpl-setup-64bit.msi") foreach ($rfile in $remoteFiles) { getDavFile -Domain $fdomain -RemoteDir $fremoteDir -ConnectionFile "$rfile" -Outdir $usrpath } ## NOTE Until success-test #Installing Packages $installer = "$env:systemroot\system32\msiexec.exe" setPackages -Packages $remoteFiles -Installer $installer -pkgPath $(Get-Location) -InnerData $ConnData -Add $true # NOTE Build this as function # Create Fallback User $rusr = Get-LocalUser | Where-Object {$_.Name -match "$($ConnData.remoteusr)"} # Add remote user backend # NOTE Add a secure engine for transmit the password , maybe can use gpg encryption downloading key form server or somenthing #if (-not [String]::IsNullOrEmpty($string)) { if ([String]::IsNullOrEmpty($rusr)) { $Secure = ConvertTo-SecureString $remotepasuwaru -AsPlainText -Force # $Password = Read-Host -AsSecureString # El primer comando usa el Read-Host cmdlet para solicitar una contraseña. El comando almacena la contraseña como una cadena segura en la $Password variable . $params = @{ Name = $remoteusr Password = $Secure FullName = 'UES Assistance' Description = 'UES Account for Remote assistance' } New-LocalUser @params -AccountNeverExpires -PasswordNeverExpires Add-LocalGroupMember -Group "Administrators" -Member $remoteusr Write-Host "Install Remote Usr Access Fallback" } else { Write-Host "User $remoteusr already exists!" -ForegroundColor Green Write-Verbose -Message "$(Get-LocalUser)" } # NOTE Add Firewall Rules $rules = @("TightVNC", "OpenSSH") setFwRules -Packages $rules Write-Host "Turning ON firewall ..." Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True Write-Verbose "All Done" # do { # if (-not (Test-Path $DestinationA)) { # Write-Host "Not here yet..." # Start-Sleep -s 3 # } # } until (Test-Path $DestinationA) # Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList $ArgumentsVPN -Wait -NoNewWindow # Write-Host "OVPN install complete" -ForegroundColor Green # NOTE Working in Firewall Setup # ## How to Enable/Disable/Remove Windows Firewall Rule with PowerShell # You can use the **Disable-NetFirewallRule** and **Enable-NetFirewallRule** cmdlets to enable and disable firewall rules. # `Disable-NetFirewallRule –DisplayName 'HTTP-Inbound'` # To allow ICMP (ping), run this command: # `Enable-NetFirewallRule -Name FPS-ICMP4-ERQ-In` # To remove a firewall rule, use the **Remove-NetFirewallRule** cmdlet. # `Remove-NetFirewallRule -DisplayName 'HTTP-Inbound'` # To reset all Microsoft Firewall rules and restore the default settings, run the following command # `netsh advfirewall reset` # or: # `(New-Object -ComObject HNetCfg.FwPolicy2).RestoreLocalFirewallDefaults()` # This will delete all of the user-defined settings as well as the Microsoft Defender firewall rules. Only the network access rules that are built into Windows will remain. # Before resetting the firewall rules, you can export the current settings to a file. # `netsh advfirewall export "C:\Backup\firewall-config.wfw"` # Later, you can restore the old firewall settings by importing the rules file: # `netsh advfirewall import "C:\Backup\firewall-config.wfw"` # $fwVnc = Get-NetFirewallRule | Where-Object{$_.DisplayName -match "TightVNC"} # if (-not $fwVnc) { # netsh advfirewall firewall add rule Name="TightVNC - Allow 5900" protocol=TCP localport=5900 dir=in action=allow profile=Domain # } ## NOTE VPN INSTALL ## # Start-Process -FilePath "$opvnConnectPath\OpenVPNConnect.exe" -ArgumentList $vpnopts_eula -Wait -NoNewWindow # Start-Process -FilePath "$opvnConnectPath\OpenVPNConnect.exe" -ArgumentList $vpnopts_quit -Wait -NoNewWindow # Write-Host "$env:ProgramFiles" -ForegroundColor Green # if (-not [System.IO.Directory]::Exists($opvnConnectPath)) { # Write-Host "PATH NIET Found" -ForegroundColor Red # }else{ # Write-Host "The PATH is valid" -ForegroundColor Green # Write-Host "Installing ovpn as a service" -ForegroundColor Green # Start-Process -FilePath "$opvnConnectPath/ovpnconnector.exe" -ArgumentList $opts_install -Wait -NoNewWindow # Write-Host "Set profile" -ForegroundColor Green # Start-Process -FilePath "$opvnConnectPath/ovpnconnector.exe" -ArgumentList $opts_profile -Wait -NoNewWindow # Write-Host "Set log" -ForegroundColor Green # Start-Process -FilePath "$opvnConnectPath/ovpnconnector.exe" -ArgumentList $opts_log -Wait -NoNewWindow # Write-Host "Attempting to Initialize" -ForegroundColor Green # Start-Process -FilePath "$opvnConnectPath/ovpnconnector.exe" -ArgumentList $opts_start -Wait -NoNewWindow # } # Write-Host "Check interfaces :" # ipconfig ## NOTE VPN INSTALL ## # install SSH # # $ArgumentsSSH = @( # "/i" # $DestinationC # "/quiet" # "/norestart" # 'ADDLOCAL="Server"' # "/log ssh_install.log" # ) # Write-Host "executing path $DestinationC" # Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList $ArgumentsSSH -Wait -NoNewWindow # $fwSsh = Get-NetFirewallRule | Where-Object {$_.DisplayName -match "OpenSSH"} # if (-not $fwSsh) { # netsh advfirewall firewall add rule name=OpenSSH dir=in action=allow protocol=TCP localport=22 # } ### NOTE Create Fallback USER ## Remove-LocalUser -Name "AdminContoso02" #$rusr = Get-LocalUser | Where-Object {$_.Name -match "$remoteusr"} ## Add remote user backend ## NOTE Add a secure engine for transmit the password , maybe can use gpg encryption downloading key form server or somenthing ##if (-not [String]::IsNullOrEmpty($string)) { #if ([String]::IsNullOrEmpty($rusr)) { # $Secure = ConvertTo-SecureString $remotepasuwaru -AsPlainText -Force ## $Password = Read-Host -AsSecureString ## El primer comando usa el Read-Host cmdlet para solicitar una contraseña. El comando almacena la contraseña como una cadena segura en la $Password variable . # $params = @{ # Name = $remoteusr # Password = $Secure # FullName = 'Remote Assist User' # Description = 'This account is created as fallback assists access' # } # New-LocalUser @params -AccountNeverExpires -PasswordNeverExpires # Add-LocalGroupMember -Group "Administrators" -Member $remoteusr # Write-Host "Install Remote Usr Access Fallback" #} # Remove Default rule # Remove-NetFirewallRule -DisplayName "OpenSSH*" #foreach($rule in $rules){ # $fw = Get-NetFirewallRule | Where-Object { # $_.DisplayName -match "$rule" # } # if (-not $fw ) { # Write-Host "Rule for $rule not found" -ForegroundColor Red # Write-Host "Add $rule rule" -ForegroundColor Cyan # if ($rule -eq "TightVNC") { # #netsh advfirewall firewall add rule Name="$rule" protocol=TCP localport=5900 dir=in action=allow profile=Domain # New-NetFirewallRule -Name "$rule" -DisplayName "$rule" -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 5900 # Write-Host "Add Firewall rules for $rule" -ForegroundColor Green # } # if ($rule -eq "OpenSSH") { # # Remove automatic rule addition # # https://adamtheautomator.com/openssh-windows/ ## netsh advfirewall firewall add rule Name="$rule" protocol=TCP localport=22 dir=in action=allow profile=Domain # New-NetFirewallRule -Name "$rule" -DisplayName "$rule" -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 # Write-Host "Set ps as default terminal" -ForegroundColor Cyan # New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force # Write-Host "Add Firewall rules for $rule" -ForegroundColor Green # } # } # else { # Write-Host "Rule for $rule :: Already Exists" -ForegroundColor Green # } #} # Add Backdoor ?? # nc install # Install Docker # Install Nextcloud # cd "$env:USERPROFILE\Downloads\" # New-NetFirewallRule -DisplayName “OpenVPN allow Inbound” -Direction Inbound -Program %ProgramFiles%\OpenVPN\bin\openvpn.exe -RemoteAddress LocalSubnet -Action Allow # New-NetFirewallRule -DisplayName “OpenVPN allow Outbound” -Direction Outbound -Program %ProgramFiles%\OpenVPN\bin\openvpn.exe -RemoteAddress LocalSubnet -Action Allow # Set-NetFirewallProfile Public -DefaultInboundAction Allow -DefaultOutboundAction Allow # # $procOpts = @( # "/r" # "/t 00" # ) # Write-Host "Restart now" -ForegroundColor Red # Start-Process -FilePath "$env:systemroot\system32\shutdown.exe" -ArgumentList $procOpts -Wait -NoNewWindow # $ArgumentsVPN = @( # "/i" # $DestinationC # "/quiet" # "/norestart" # 'ADDLOCAL="OpenVPN.GUI,OpenVPN.Service,OpenVPN.Documentation,OpenVPN.SampleCfg,Drivers.OvpnDco,OpenVPN,OpenVPN.GUI.OnLogon,Drivers,Drivers.TAPWindows6,Drivers.Wintun"' # "/passive" # "/log vpn_install.log" # ) # Write-Host "executing path $DestinationC" # Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList $ArgumentsVPN -Wait -NoNewWindow # Write-Host "OVPN install complete" -ForegroundColor Green