This page will contain various scripts I have written to accomplish specific tasks. I don’t promise they will be useful to you or that they will work as you intend them to but they accomplished a task I was trying to automate at some point in time and found them useful. I am not responsible if you screw up your system. You have been warned.
Powershell
Powershell script to remove spaces from directories. Does not recurse.
Get-ChildItem * -force | Where-Object {$_.mode -match "d"} | ForEach-Object {$filename = $_.Name; $filename = ($filename).replace(" ",""); Rename-Item $_.FullName $filename }
Powershell script to parse file generated by Windows cmd FOR loop Ping Sweep (CLKF post HERE) and spit out a cleaner file with just IP addresses
Get-Content .\livehosts.txt | %{ $_.Split(' ')[2]; } | Foreach {$_.TrimEnd(':')} | %{[Net.IPAddress]$_} | Sort-Object Address | Get-Unique | Format-Table -HideTableHeaders IPAddressToString | Out-File .\livehostsparsed.txt
Powershell script to perform a ping sweep and generate output file similar to previous example, but without localhost IP when hosts reported unreachable
1..255 | %{"192.168.100.$($_): $(Test-Connection -count 1 -comp 192.168.100.$($_) -quiet)"} | Select-String -Simple True | Out-File .\livehosts.txt; Get-Content .\livehosts.txt | %{$_.Split(' ')[0]; } | Foreach {$_.TrimEnd(':')} | Out-File .\livehostsparsed.txt
Powershell command to parse files in directory and change owner on all files to a specific user. Full path names are not displayed so this will only work in the defined directory. For recursive searching and full path display see below.
Get-ChildItem * | %{$_.Name} | % { c:\subinacl.exe /file $_ /setowner=domain\username}
To change permissions you would use /grant instead of /setowner. F, R, W means what you think they do. Subinacl is pretty awesome because you can use it to change permissions on services and registry keys too.
Get-ChildItem * | %{$_.Name} | % { c:\subinacl.exe /file $_ /grant=domain\username=F}
If you want to get really nasty and give a user permissions on everything in a given path, you could run this from the root of C: using -recurse to recurse through all subdirectories. We also have to reference the full path name with FullName once we start recursing. This could irrevocably break things if you revoke the wrong permissions and seriously damage your system security if you grant permissions globally in this fashion. Make sure you really mean to do this!
Get-ChildItem -recurse * | ForEach-Object -process { $_.FullName } | % { c:\subinacl.exe /file $_ /grant=domain\username=F}
To list services installed on a remote computer
Get-WmiObject -computer computername win32_service | sort startmode, displayname | Format-Table -property Displayname -HideTableHeaders
Enumerate services and then modify permissions on all of them granting access for a domain user
Get-WmiObject -computer computername win32_service | sort startmode, displayname | Format-Table -property Displayname -HideTableHeaders | ForEach-Object -process { $_.FullName } | % { "C:\subinacl.exe /service $_ \\computername\$_ /grant=domain\username=F"}
Powershell script to see all files modified in the last 30 days. Useful for post-breach investigation.
$Days30 = (Get-Date).AddDays(-30); Get-ChildItem -recurse * | Where-Object {$_.LastWriteTime -gt $Days30}
Powershell script to parse MAC addresses from screen scraped CAM table lookup on a Cisco switch. This has been useful for detecting rogue devices plugged into the network. typically I run this and then do a lookup at http://www.wireshark.org/tools/oui-lookup.html which will return a list of devices.
Get-Content .\camlist.txt | %{ $_.Split(' ')[5]; } | where {$_ -notmatch "^$" } | where {$_ -notmatch "mac" } | where {$_ -notmatch "address" } | out-file .\maclist.txt
CMD
CMD command to parse files in directory and change owner on all files to a specific user
FOR %i in ("c:\test\"*.doc) do subinacl /file %i /setowner=domain\username
[...] Scripts Scripts page April 24, 2012 By Tony in Uncategorized [...]