Code Snippets

Exchange CVE-2022-41040

Exchange CVE-2022-41040

PS C:\Users\kschweiger> Invoke-WebRequest https://mail.domain.com/autodiscover/autodiscover.json?@evil.com/powershell$Email=autodiscover/autodiscover.json%3f@evil.com  Invoke-WebRequest : Der Remoteserver hat einen Fehler zurückgegeben: (403) Unzulässig. In Zeile:1 Zeichen:1 + Invoke-WebRequest https://mail.domain.com/autodiscover/autodis … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc eption + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Ansible Custom Facts Playbook

Ansible Custom Facts Playbook

– name: GATHER FACTS TESTING hosts: all gather_facts: no – name: GATHER Facts Windows setup: fact_path: C:\ProgramData\A8N\CustomFacts\A8N_CustomFacts01.ps1 gather_timeout: 15 gather_subset: – ‚!hardware‘ – ‚!network‘ – ‚!ohai‘ – ‚!facter‘ register: hosts_windows

Ansible Custom Facts Powershell Script

Ansible Custom Facts Powershell Script

### Get all Windows Roles & Services $winFeatures = Get-WindowsFeature -ErrorAction SilentlyContinue ### CHECK for installed WINDOWS ROLES $Services = @() if(($winFeatures | Where-Object{$_.Name -like "AD-Domain-Services"}).InstallState -eq "Installed"){$Services += "Domain Controller"} if(($winFeatures | Where-Object{$_.Name -like "AD-Certificate"}).InstallState -eq "Installed"){$Services += "Certificate Authority"} if(($winFeatures | Where-Object{$_.Name -like "DHCP"}).InstallState -eq "Installed"){$Services += "DHCP"} if(($winFeatures | Where-Object{$_.Name -like "Print-Services"}).InstallState...

Exchange Cloud Archive – User

Exchange Cloud Archive – User

[PS] C:\Windows\system32>Get-Mailbox benutzer01 | fl *Archive* ArchiveDatabase : ArchiveGuid : f5ebf781-7dbd-468b-9640-ad63098b3fa0 ArchiveName : {Archiv – Benutzer01} JournalArchiveAddress : ArchiveQuota : 20 GB (21,474,836,480 bytes) ArchiveWarningQuota : 18 GB (19,327,352,832 bytes) ArchiveDomain : O365Organisation.mail.onmicrosoft.com ArchiveStatus : Active ArchiveState : HostedProvisioned AutoExpandingArchiveEnabled : False DisabledArchiveDatabase : DisabledArchiveGuid : 00000000-0000-0000-0000-000000000000 ArchiveRelease :

Exchange-GetMSOLServicePrincipal

Exchange-GetMSOLServicePrincipal

PS C:Userskschweiger> Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames https://autodiscover.schweigerstechblog.de https://exchange.schweigerstechblog.de 00000002-0000-0ff1-ce00-000000000000/exchange.schweigerstechblog.de 00000002-0000-0ff1-ce00-000000000000/autodiscover.schweigerstechblog.de 00000002-0000-0ff1-ce00-000000000000/schweigerstechblog.de

Exchange-SetAuthServerOAuth

Exchange-SetAuthServerOAuth

Get-AuthServer | where {$_.Name -like "EvoSts*"} | ft name,enabled Name Enabled —- ——- EvoSts – 467a7284-2sa1-468c-a793-978ad2f9fc49 True ### Enable evoSTS and OAuth Set-AuthServer -Identity "EvoSts – 467a7284-2sa1-468c-a793-978ad2f9fc49" -IsDefaultAuthorizationEndpoint $true Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Exchange-GetVirtualDirectoriesOAuth

Exchange-GetVirtualDirectoriesOAuth

Get-MapiVirtualDirectory | FL server,*url*,*auth* Get-WebServicesVirtualDirectory | FL server,*url*,*oauth* Get-OABVirtualDirectory | FL server,*url*,*oauth* Get-AutoDiscoverVirtualDirectory | FL server,*oauth* ### EXAMPLE: Get-MapiVirtualDirectory | fl server,*url*,*auth* Server : EX1 InternalUrl : https://exchange.schweigerstechblog.de/mapi ExternalUrl : https://exchange.schweigerstechblog.de/mapi IISAuthenticationMethods : {Ntlm, OAuth, Negotiate} InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate} ExternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}

Exchange-SetMSOLServicePrincipal

Exchange-SetMSOLServicePrincipal

$x= Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 $x.ServicePrincipalnames.Add("https://exchange.schweigerstechblog.de/") $x.ServicePrincipalnames.Add("https://autodiscover.schweigerstechblog.de/") Set-MSOLServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 -ServicePrincipalNames $x.ServicePrincipalNames

Exchange-GetServiceURLs

Exchange-GetServiceURLs

Get-MapiVirtualDirectory | FL server,*url* Get-WebServicesVirtualDirectory | FL server,*url* Get-ClientAccessServer | fl Name, AutodiscoverServiceInternalUri Get-OABVirtualDirectory | FL server,*url* Get-AutodiscoverVirtualDirectory | FL server,*url* Get-OutlookAnywhere | FL server,*hostname*

Set-MsolDomainAuthentication

Set-MsolDomainAuthentication

PS C:\Users\kschweiger> Connect-MsolService PS C:\Users\kschweiger> Get-MsolDomain Name Status Authentication —- —— ————– customer.mail.onmicrosoft.com Verified Managed customer.onmicrosoft.com Verified Managed customer.at Verified Federated PS C:\Users\kschweiger> Set-MsolDomainAuthentication -DomainName customer.at -Authentication Managed PS C:\Users\kschweiger> Get-MsolDomain Name Status Authentication —- —— ————– customer.mail.onmicrosoft.com Verified Managed customer.onmicrosoft.com Verified Managed customer.at Verified Managed