Run the following (update the list to contain valid KB numbers) to uninstall updates on a local system:
@ECHO OFF
SET list=3133977 3137061 3138612 3138901 3139923
for %%a in (%list%) do (
%windir%\syswow64\wusa.exe /uninstall /kb:%%a /quiet /norestart /log
)
Run the following (update the hosts list with valid hostnames) to get .CSV output of updates on remote systems:
@echo off
SET dFormat=_%date:~-4,4%%date:~-10,2%%date:~-7,2%
SET sCMDparams=qfe get Caption, Description, HotfixID, InstallDate, InstalledBy /format:csv
SET hosts=HOSTNAME1 HOSTNAME2
ECHO %dFormat%
ECHO .
FOR %%f in (%hosts%) DO (
ECHO Processing %%f
ECHO Output file: %%f_%dFormat%.csv
wmic /NODE:%%f /output:%%f_%dFormat%.csv %sCMDparams%
)
ECHO .
ECHO Remember to delete the first blank line
ECHO .
ECHO .
ECHO Finished.
ECHO .
Or you can launch it to all users on a given computer if you don't know the username. Enable verbose mode (/V) and wait for a callback (/W) to get a callback when the user closes it: msg * /V /W /SERVER:WKST-123 This is a test message
Restart Remote Machine (With Warning)
This script is better kept out in a public place and called with the a remote command utility to loop through a list of hostnames. You can just replace the %1 to hardcode a host if you want though.
@echo off
REM shutdown -m \\%1 /a
echo Start Checking %1
ping -n 1 -l 100 %1
IF %ERRORLEVEL%==1 GOTO BAD
shutdown -r -f -m \\%1 -t 300 -d up:125:1 -c "Please SAVE Your work. In 5 minutes, this machine will reboot for a policy updates (Msg time: %time%)"
GOTO GOOD
:BAD
ECHO %1,Failed,%date%,%time% >> BadPCs.txt
GOTO EXIT
:GOOD
ECHO %1,Good,%date%,%time% >> GoodPCs.txt
GOTO EXIT
:EXIT
echo Stop Checking %1
Windows Firewall
Enable Network Discovery
netsh advfirewall firewall set rule "group=\"Network Discovery\"" new enable=Yes
Enable File and Printer Settings
netsh advfirewall firewall set rule "group=\"File and Printer Sharing\"" new enable=Yes
## base64 the username and password and pass the values through telnet
# echo -n "username" | openssl enc -base64
dXNlcm5hbWU=
# echo -n "Welcome1" | openssl enc -base64
V2VsY29tZTE=
# openssl s_client -connect 169.133.88.123:25 -starttls smtp -quiet -crlf
<-- SNIP -->
250 XRDST
# AUTH LOGIN
334 VXNlcm5hbWU6
# Z2R1YXJ0ZUBoZXJzaGV5cy5jb20=
334 UGFzc3dvcmQ6
# V2VsY29tZTE=
535 5.7.3 Authentication unsuccessful << will be successful, if you are able to
# EHLO target.com
# MAIL FROM: victim@target.com
# RCPT TO: <outside@user.com> NOTIFY=success,failure
# DATA
# Subject: Test Email
body of the message
.
EXIT
Comment / Uncomment Lines
When you need to comment out or uncomment out a line, sed makes it pretty easy. Just change the word pattern to something identifiable:
sed -i '/pattern/s/^/#/g' apache2.conf # comment
sed -i '/pattern/s/^#//g' apache2.conf # uncomment
Loops
Reading a File
while read ip; do echo "$ip" done < affected_hosts.txt
Loop an Array
l=( "one" "two" "three" ); for i in "${l[@]}"; do echo $i; done;
for ip in {1..254}; do
for port in {22,80,443,3306,3389}; do
(echo >/dev/tcp/10.1.1.$ip/$port) &> /dev/null && echo "10.1.1.$ip:$port is open";
done;
done;
Network Time Protocol (NTP)
Because setting the clock is fucking painful:
## set our time to match the system time of the DC:
curl -s --stderr - -v <http://sauna.htb> | grep "Date"
timedatectl set-timezone GMT
timedatectl set-time $(curl -s --stderr - -v <http://sauna.htb> | grep "Date" | cut -d ' ' -f 7)
timedatectl && echo "server time:\\n" && curl -s --stderr - -v <http://sauna.htb> | grep "Date"
Local time: Fri 2020-02-21 10:30:39 GMT
Universal time: Fri 2020-02-21 10:30:39 UTC
RTC time: Fri 2020-02-21 10:30:46
Time zone: GMT (GMT, +0000)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
server time:
< Date: Fri, 21 Feb 2020 10:30:47 GMT
