Skip to content

Commit

Permalink
Merge pull request #175 from TrimarcJake/add-ps7-support-to-esc8-dete…
Browse files Browse the repository at this point in the history 
…ctions

PS7 Versions of Detections Never PRed into testing or main. Oops.
  • Loading branch information
@TrimarcJake
TrimarcJake authored Oct 26, 2024
2 parents 0773381 + daa17f7 commit 8b83054
Show file tree
Hide file tree
Showing 3 changed files with 92 additions and 24 deletions.
40 changes: 28 additions & 12 deletions Invoke-Locksmith.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1975,17 +1975,33 @@ function Set-AdditionalCAProperty {

begin {
$CAEnrollmentEndpoint = @()
$code = @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
return true;
}
}
if ($PSVersionTable.PSEdition -eq 'Desktop') {
$code = @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
return true;
}
}
"@
Add-Type -TypeDefinition $code -Language CSharp
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Add-Type -TypeDefinition $code -Language CSharp
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
}
else {
Add-Type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
public class TrustAllCertsPolicy {
public static bool TrustAllCerts(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
return true;
}
}
"@
# Set the ServerCertificateValidationCallback
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [TrustAllCertsPolicy]::TrustAllCerts
}
}

process {
Expand All @@ -2011,7 +2027,7 @@ public class TrustAllCertsPolicy : ICertificatePolicy {
try {
$FullURL = "https$URL"
$Request = [System.Net.WebRequest]::Create($FullURL)

$Request.GetResponse() | Out-Null
$CAEnrollmentEndpoint += @{
'URL' = $FullURL
Expand Down Expand Up @@ -2048,7 +2064,7 @@ public class TrustAllCertsPolicy : ICertificatePolicy {
$CAHostFQDN = (Get-ADObject -Filter { (Name -eq $CAHostName) -and (objectclass -eq 'computer') } -Properties DnsHostname -Server $ForestGC).DnsHostname
}
$ping = Test-Connection -ComputerName $CAHostFQDN -Quiet -Count 1
if ($ping) {
if ($ping) {
try {
if ($Credential) {
$CertutilAudit = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg CA\AuditFilter } -ArgumentList $CAFullName
Expand Down
39 changes: 27 additions & 12 deletions Private/Set-AdditionalCAProperty.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,17 +37,32 @@

begin {
$CAEnrollmentEndpoint = @()
$code= @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
return true;
}
}
if ($PSVersionTable.PSEdition -eq 'Desktop') {
$code= @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
return true;
}
}
"@
Add-Type -TypeDefinition $code -Language CSharp
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Add-Type -TypeDefinition $code -Language CSharp
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
} else {
Add-Type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
public class TrustAllCertsPolicy {
public static bool TrustAllCerts(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
return true;
}
}
"@
# Set the ServerCertificateValidationCallback
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [TrustAllCertsPolicy]::TrustAllCerts
}
}

process {
Expand All @@ -72,7 +87,7 @@ public class TrustAllCertsPolicy : ICertificatePolicy {
try {
$FullURL = "https$URL"
$Request = [System.Net.WebRequest]::Create($FullURL)

$Request.GetResponse() | Out-Null
$CAEnrollmentEndpoint += @{
'URL' = $FullURL
Expand Down Expand Up @@ -106,7 +121,7 @@ public class TrustAllCertsPolicy : ICertificatePolicy {
$CAHostFQDN = (Get-ADObject -Filter { (Name -eq $CAHostName) -and (objectclass -eq 'computer') } -Properties DnsHostname -Server $ForestGC).DnsHostname
}
$ping = Test-Connection -ComputerName $CAHostFQDN -Quiet -Count 1
if ($ping) {
if ($ping) {
try {
if ($Credential) {
$CertutilAudit = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg CA\AuditFilter } -ArgumentList $CAFullName
Expand Down
37 changes: 37 additions & 0 deletions Private/Show-LocksmithLogo.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
function Show-LocksmithLogo {
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
Write-Host '%%%%%%%%%%%%%%%%%#+==============#%%%%%%%%%%%%%%%%%'
Write-Host '%%%%%%%%%%%%%%#=====================#%%%%%%%%%%%%%%'
Write-Host '%%%%%%%%%%%%#=========================#%%%%%%%%%%%%'
Write-Host '%%%%%%%%%%%=============================%%%%%%%%%%%'
Write-Host '%%%%%%%%%#==============+++==============#%%%%%%%%%'
Write-Host '%%%%%%%%#===========#%%%%%%%%%#===========#%%%%%%%%'
Write-Host '%%%%%%%%==========%%%%%%%%%%%%%%%==========%%%%%%%%'
Write-Host '%%%%%%%*=========%%%%%%%%%%%%%%%%%=========*%%%%%%%'
Write-Host '%%%%%%%+========*%%%%%%%%%%%%%%%%%#=========%%%%%%%'
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
Write-Host '%%%%%%%+========#%%%%%%%%%%%%%%%%%#=========%%%%%%%'
Write-Host '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
Write-Host '#=================================================#'
Write-Host '#=================================================#'
Write-Host '#=================+%%%============================#'
Write-Host '#==================%%%%*==========================#'
Write-Host '#===================*%%%%+========================#'
Write-Host '#=====================#%%%%=======================#'
Write-Host '#======================+%%%%#=====================#'
Write-Host '#========================*%%%%*===================#'
Write-Host '#========================+%%%%%===================#'
Write-Host '#======================#%%%%%+====================#'
Write-Host '#===================+%%%%%%=======================#'
Write-Host '#=================#%%%%%+=========================#'
Write-Host '#==============+%%%%%#============================#'
Write-Host '#============*%%%%%+====+%%%%%%%%%%===============#'
Write-Host '#=============%%*========+********+===============#'
Write-Host '#=================================================#'
Write-Host '#=================================================#'
Write-Host '#=================================================#'
}

0 comments on commit 8b83054

Please sign in to comment.