Scripts and Notes
PowerShell Scripts
MSOfficeInstall
Installs MS Office
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/MSOfficeInstall.ps1'))
ProfileMigrate
Copies data from C:\Users\CurrentUser\Documents, Desktop, Pictures to selected path
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/ProfileMigrate.ps1'))
ChocoInstall
Installs https://chocolatey.org/
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/ChocoInstall.ps1'))
RemoveOldProfiles
Remove old user profiles with prompts and confirmations
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/RemoveOldProfiles.ps1'))
LogonStartUpTask
PowerShell logon or startup task creator
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/LogonStartUpTask.ps1'))
DriverSearch
Google search with system model for drivers in default browser
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/DriverSearch.ps1'))
AutoLogin
Setup Windows auto login and display current
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/AutoLogin.ps1'))
ZabbixAgentSetup
Setup Windows Zabbix agent with PSK auth
Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/powershell/ZabbixAgentSetup.ps1'))
Bash Scripts
Ubuntu template setup script
sudo bash -c "$(wget -qLO - https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/bash/setup_server.sh)"
Zabbix Agent 2 passive and active with PSK auth setup script
sudo bash -c "$(wget -qLO - https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/bash/zabbixAgentSetup.sh)"
Automatically expands disk and LVM partitions to utilize all available space on Ubuntu systems
sudo bash -c "$(wget -qLO - https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/bash/autoExpandLVM.sh)"
Docker install script
sudo bash -c "$(wget -qLO - https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/bash/installDocker.sh)"
Automates SSH key generation, sets permissions, updates authorized_keys, and configures SSH daemon securely
sudo bash -c "$(wget -qLO - https://raw.githubusercontent.com/Ad3t0/Ad3t0/master/bash/SshAuthConfigurator.sh)"
Windows Notes
Convert Windows Server 2019 Evaluation to Standard
DISM /online /Set-Edition:ServerStandard /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEula
Convert Windows Server 2019 Evaluation to Datacenter
DISM /online /Set-Edition:ServerDatacenter /ProductKey:WMDGN-G9PQG-XVVXX-R3X43-63DFG /AcceptEula
Convert Windows Server 2022 Evaluation to Datacenter
DISM /online /Set-Edition:ServerDatacenter /ProductKey:WX4NM-KYWYW-QJJR4-XV3QB-6VM33 /AcceptEula
Transfer all FSMO Roles
Move-ADDirectoryServerOperationMasterRole "DC1" -OperationMasterRole 0,1,2,3,4
Seize all FSMO Roles
Move-ADDirectoryServerOperationMasterRole "DC1" -OperationMasterRole 0,1,2,3,4 -Force
Reset Domain Admin Password Error 4000, 4007
netdom resetpwd /server:PDC.domain.com /userd:Domain\domain_admin /passwordd:*
Restore Deleted AD Object
Get-ADObject -Filter {displayName -eq 'Full Name'} -IncludeDeletedObjects | Restore-ADObject
Set time server to domain hierarchy
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\VMICTimeProvider" -Name "Enabled" -Value 0
w32tm /query /source
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync
Set time server
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\VMICTimeProvider" -Name "Enabled" -Value 0
w32tm /config /manualpeerlist:time.nist.gov,0x1 /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
w32tm /resync /force
w32tm /query /configuration
Generate and export .pfx cert
$notafter = (Get-date).AddYears(10)
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname test.com -NotAfter $notafter
$pwd = ConvertTo-SecureString -String '12345678' -Force -AsPlainText
$path = 'cert:\localMachine\my\' + $cert.thumbprint
Export-PfxCertificate -cert $path -FilePath c:\cert.pfx -Password $pwd
Ubuntu/Debian Notes
Set Timezone
sudo timedatectl set-timezone America/Denver
Edit Crontab
sudo crontab -e
sudo service cron reload
Sysbench Benchmark
#Install if needed
apt install sysbench
#Run Benchmarks
sysbench cpu run
sysbench memory run
sysbench fileio --file-test-mode=seqwr run
sysbench fileio cleanup
Expand Disk Size
df -h
sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
Ubuntu 22.04 Zabbix Agent Install
sudo apt update
sudo apt upgrade -y
wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-4+ubuntu22.04_all.deb
sudo dpkg -i zabbix-release_6.0-4+ubuntu22.04_all.deb
sudo apt update
sudo apt install zabbix-agent2 -y
sudo sed -i 's/Server=127.0.0.1/Server=0.0.0.0\/0/' /etc/zabbix/zabbix_agent2.conf
sudo systemctl enable zabbix-agent2
sudo systemctl restart zabbix-agent2
Ubuntu 20.04 Zabbix Agent Install
sudo apt update
sudo apt upgrade -y
wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-4+ubuntu20.04_all.deb
sudo dpkg -i zabbix-release_6.0-4+ubuntu20.04_all.deb
sudo apt update
sudo apt install zabbix-agent2 -y
sudo sed -i 's/Server=127.0.0.1/Server=0.0.0.0\/0/' /etc/zabbix/zabbix_agent2.conf
sudo systemctl enable zabbix-agent2
sudo systemctl restart zabbix-agent2
Montor network interface bandwidth
tcptrack -i eno1
Install QEMU Guest Agent
sudo apt install qemu-guest-agent
sudo systemctl start qemu-guest-agent
Set Network Config
sudo nano /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
ens160:
dhcp4: 'no'
addresses:
- 192.168.250.10/24
gateway4: 192.168.250.1
nameservers:
search:
- TEST.lan
addresses:
- 192.168.250.2
- 192.168.250.1
sudo netplan apply
Disk Speed Test
hdparm -Tt /dev/sda
MacOS Notes
Mac Setup
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/admin/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"
sudo softwareupdate --install-rosetta
brew install --cask google-chrome ringcentral appcleaner adobe-acrobat-reader adobe-creative-cloud microsoft-office
sudo dscl . create /Users/admin IsHidden 1
Proxmox Notes
Proxmox Helper Scripts VE 7 Post Install https://tteck.github.io/Proxmox/
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
Proxmox Script VE 8 Upgrade https://tteck.github.io/Proxmox/
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/pve8-upgrade.sh)"
Change IP in
nano /etc/network/interfaces
nano /etc/hosts
Proxmox Dark Theme https://tteck.github.io/Proxmox/
bash <(curl -s https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh ) install
Remove Node From Cluster
#Set to new number of nodes
pvecm expected 1
#Remove node2
pvecm delnode node2
Zabbix Setup
wget https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu20.04_all.deb
dpkg -i zabbix-release_6.4-1+ubuntu20.04_all.deb
apt update
apt install zabbix-agent2 zabbix-agent2-plugin-*
sed -i 's/Server=127.0.0.1/Server=192.168.250.10/' /etc/zabbix/zabbix_agent2.conf
systemctl restart zabbix-agent2
systemctl enable zabbix-agent2
ZFS Set Volsize
zfs set volsize=120G rpool/data/vm-<VM ID>-disk-<DISK ID>
Install QEMU Guest Agent
sudo apt install qemu-guest-agent
sudo systemctl start qemu-guest-agent
Set dedicated network interface for replication
echo "migration: insecure,network=172.17.93.0/24" >> /etc/pve/datacenter.cfg
Manually Remove Snapshot
nano /etc/pve/qemu-server/<vmid>.conf
zfs list
zfs destroy
Microsoft Download Links
Windows Server ISOs
Microsoft Office Installers
BIOS Keys
| Manufacturer | Key |
| Acer | Del or F2 |
| ASRock | F2 |
| Asus | Del, F10 or F9 |
| Biostar | Del |
| Dell | F2 or F12 |
| EVGA | Del |
| Gigabyte | Del |
| HP | F10 |
| Lenovo | F2, Fn + F2, F1 or Enter then F1 |
| Intel | F2 |
| MSI | Del |
| Microsoft Surface | Press and hold volume up |
| Origin PC | F2 |
| Samsung | F2 |
| Toshiba | F2 |
| Zotac | Del |
IP BlackLists
| Category | Name | Description | Source | Header/Label |
| Anonymizers | dan.me.uk | This list contains a full list of all TOR nodes | https://www.dan.me.uk/torlist/ | Anon_TOR |
| Anonymizers | MaxMind | MaxMind.com sample list of high-risk IP addresses. | https://www.maxmind.com/en/high-risk-ip-sample-list | Anon_MaxMind |
| Attacks | Talos | TalosIntel.com List of known malicious network threats | http://talosintel.com/feeds/ip-filter.blf | Talos |
| Attacks | BadIPs 15d | Bad IPs in category any with score above 2 and age less than 15d | https://www.badips.com/get/list/any/2?age=15d | BadIPs_15d |
| Attacks | BadIPs 30d | BadIPs.com Bad IPs in category any with score above 2 and age less than 30d | https://www.badips.com/get/list/any/2?age=30d | BadIPs_30d |
| Attacks | Blocklist.de | Blocklist.de IPs that have been detected by fail2ban in the last 48 hours | http://lists.blocklist.de/lists/all.txt | Blocklist.de |
| Attacks | Cyber Crime WHQ | Block IPs | https://cybercrime-tracker.net/fuckerz.php | Cyber_Crime |
| Attacks | ISC_1d | https://isc.sans.edu/api/sources/attacks/1000/1?text | https://cinsarmy.com/list/ci-badguys.txt | |
| Attacks | Emerging Threats and DShield - Block IPs | This is combines several lists. At the moment of writing the blocklist contains the following: | ||
| Attacks | Emerging Threats and DShield - Compromised IPs | Compromised IPs | https://rules.emergingthreats.net/blockrules/compromised-ips.txt | ET_Comp_IP |
| Attacks | GreenSnow | GreenSnow.co the blacklisted list of IPs for online servers. | https://blocklist.greensnow.co/greensnow.txt | GreenSnow |
| Attacks | MyIP.ms | Our sites are visited by tens of thousands of people every day. Our unique protection system allows us to easily identify the IP of Unknown Spam Bots / Crawlers and other IP with dangerous software. Below are published in real time our blacklist of such IP's. Hope it will be helpful for you. Read More | https://www.myip.ms/files/blacklist/general/latest_blacklist.txt | MyIP_ms |
| Attacks | Internet Storm Center | IP Block List | https://isc.sans.edu/api/sources/attacks/1000/30?text | ISC_30d |
| Attacks | NormShield | NormShield.com IPs in category attack with severity all | https://iplists.firehol.org/files/normshield_all_attack.ipset | NormShield_All |
| Attacks | Snort IPfilter | Same as TALOS | http://labs.snort.org/feeds/ip-filter.blf | SnortIPfilter |
| Malware | Abuse.ch Feodo | Included in RW. Abuse.ch Feodo tracker trojan includes IPs which are being used by Feodo (also known as Cridex or Bugat) which commits ebanking fraud | https://feodotracker.abuse.ch/blocklist/?download=ipblocklist | Abusech_Feodo |
| Malware | Abuse.ch Ransomware Tracker Feed | Abuse.ch Ransomware Tracker Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. | https://ransomwaretracker.abuse.ch/feeds/csv/ | Abusech_Feed |
| Malware | Abuse.ch Ransomware Tracker RW | Abuse.ch Ransomware Tracker Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. | https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt | Abusech_RW |
| Malware | Abuse.ch SSL Blacklist Agressive | Abuse.ch SSL Blacklist The aggressive version of the SSL IP Blacklist contains all IPs that SSLBL ever detected being associated with a malicious SSL certificate | https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv | Abusech_sslbl |
| Malware | Abuse.ch Zeus | Included in RW. Abuse.ch Zeus tracker standard, contains the same data as the ZeuS IP blocklist (zeus_badips) but with the slight difference that it doesn't exclude hijacked websites (level 2) and free web hosting providers (level 3) | https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist | Abusech_Zeus |
| Malware | Bambenek | Master Feed of known, active and non-sinkholed C&Cs IP addresses | https://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt | Bambenek_All |
| Malware | IBM X-Force | IBM X-Force Exchange Botnet Command and Control Servers | https://iplists.firehol.org/files/xforce_bccs.ipset | IBM_XForce |
| Malware | Malc0de | Malc0de.com malicious IPs of the last 30 days | http://malc0de.com/bl/IP_Blacklist.txt | Malc0de |
| Malware | MalwareDomainList | malwaredomainlist.com list of malware active ip addresses | http://www.malwaredomainlist.com/hostslist/ip.txt | MalwareDomainList |
| Malware | URLVir | URLVir.com Active Malicious IP Addresses Hosting Malware. URLVir is an online security service developed by NoVirusThanks Company Srl that automatically monitors changes of malicious URLs (executable files) | http://www.urlvir.com/export-ip-addresses/ | URLVir |
| Malware | VxVault | VxVault The latest 100 additions of VxVault. | http://vxvault.net/ViriList.php?s=0&m=100 | VxVault |
| Reputation | AlienVault | AlienVault.com IP reputation database | https://reputation.alienvault.com/reputation.generic | AlienVault |
| Reputation | Binary Defense | Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed | https://www.binarydefense.com/banlist.txt | BinaryDefense |
| Reputation | CINS Army | CIArmy.com IPs with poor Rogue Packet score that have not yet been identified as malicious by the community | http://cinsscore.com/list/ci-badguys.txt | CINS_Army |
| Attacks | ISCBlock | https://isc.sans.edu/feeds/block.txt | ||
| Anonymizers | ProxyLists_1d | https://iplists.firehol.org/files/proxylists_1d.ipset | ||
| Malware | Abuse_DYRE | https://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.csv |