Powershell Fun :P

carnageX · Sep 2, 2015

S0ULphIRE said:
Dissing powershell behind my back eeyyy carnage?

@Luke, you mentioned this is for students - will it be run inside an AD environment?

Not dissing PowerShell at all actually

. Just saying use the right tool for the right job

.

luke127 said:
Indeed it will be S0UL. A lot of the group policy objects that restricted things like Command prompt have been removed after we switched from Roaming Profiles to Mandatory profiles. Folder redirection to the H:\ drive was enabled, and so if I open powershell the default directory is H:\. I can bypass the Execution Policy using a batch script to execute the Ps file.

Amusingly if I do Win+R and execute cmd from there, it brings up Doman\Username, but won't let me "cd H:\" xD Anyways.

The IT's reasoning was that we're not admins, so there's really no need to have all those restrictions slowing down logins. Fair enough, (for most users. But I'm not most users xD I love screwing with their ****, trying to find a glitch that'll give me access to stuff I shouldn't have xD)

Now..that throws up a red flag to me that you shouldn't be trying to get around restrictions put in place by your schools IT department since you're a student and not an technician.

S0ULphIRE · Sep 2, 2015

carnageX said:
Not dissing PowerShell at all actually .

carnageX said:
Syntax is pretty weird and I constantly have to look up how to do things if I want to do anything in PowerShell. It's not very intuitive to actually use / program with

=_=

carnageX said:
Now..that throws up a red flag to me that you shouldn't be trying to get around restrictions put in place by your schools IT department since you're a student and not an technician.

Yeaaah sorry Luke, I thought you were part of the schools IT staff XD what's the end goal you're really trying to accomplish here? If it's non-nefarious I might still be able to help you

carnageX · Sep 2, 2015

S0ULphIRE said:
=_=

Yeah but I was also recommending it for automation / IT administration tasks

.

Just saying it's not really a "general purpose" language like Python, C++, Java, or C#.

S0ULphIRE · Sep 2, 2015

Hahaha yeah I know I know, I just <3 me some PS ^^

carnageX · Sep 2, 2015

Really? I couldn't tell you like PowerShell.

luke127 · Sep 2, 2015

It's not nefarious I can assure you haha. All I meant by that is that a batch script seems to have a bypass execution policy method. I read that somewhere, I'll see if I can find the article.

As for what I'm trying to achieve, is a similar script to my batch one CarnageX and I worked on. The difference here, is that the password for it won't be stored in plaintext. (Hopefully). If the password is in cleartext, I'll convert the ps1 script to an exe to prevent people snooping on it.

The old batch script made use of ICACLS to deny people access to a folder using the following parameters:

ICACLS "Directory" /deny everyone:F

Most of the script was simply a password verification system, with the occasional IF statement. That's what I'm trying to achieve in powershell, however the possibilities with what can be done in powershell are much more than what was capable in batch.

I like to think I'm a white-hat in a way. If I find any glitches I report them.

luke127 · Sep 7, 2015

No one going to respond?

carnageX · Sep 7, 2015

Well if you're trying to get around / interfere with IT policies... We can't help you out with that stuff.

S0ULphIRE · Sep 8, 2015

Fiiiine

though all I'll help with is theoretically 'password protecting' something.

For what you're trying to do, you've already mentioned the easiest secure method (external txt file w/ encryption).

That said, we don't need the solution to be something that experienced crypto nerds couldn't break - all it *really* needs to be is something reasonably complicated enough that high school students couldn't figure it out (i.e. not very complicated at all

), and removes you storing the password in plain text in your script.

To that end, you could just do something like the below:
(password in this case is "abc")

Code:

[decimal]$compute = 0
$compare = [System.Text.Encoding]::UTF8
$pwString = Read-Host 'Enter Password'
start-sleep -m 333
$compare.GetBytes($pwString) | %{$compute += ([math]::Sqrt([math]::Log($_)))}
if ($compute -eq 6.42373418302805){
write-host "yay"
}else {
write-host "nay"
}

Not really secure at all

but convert that to an exe and see who can get in! It's a step up from having the password literally in plain text anyway (which, even if you compiled to exe, is NOT secure at all - and actually something I could see students with a hex editor being able to easily bypass)

setishock · Sep 8, 2015

luke127 said:
Indeed it will be S0UL. A lot of the group policy objects that restricted things like Command prompt have been removed after we switched from Roaming Profiles to Mandatory profiles. Folder redirection to the H:\ drive was enabled, and so if I open powershell the default directory is H:\. I can bypass the Execution Policy using a batch script to execute the Ps file.

Amusingly if I do Win+R and execute cmd from there, it brings up Doman\Username, but won't let me "cd H:\" xD Anyways.

The IT's reasoning was that we're not admins, so there's really no need to have all those restrictions slowing down logins. Fair enough, (for most users. But I'm not most users xD I love screwing with their ****, trying to find a glitch that'll give me access to stuff I shouldn't have xD)

You know you can be suspended or expelled for your actions.

But I'm not most users xD I love screwing with their ****, trying to find a glitch that'll give me access to stuff I shouldn't have xD)

Powershell Fun :P

carnageX

Private Joker,

S0ULphIRE

Golden Master

carnageX

Private Joker,

S0ULphIRE

Golden Master

carnageX

Private Joker,

luke127

The Ghost

luke127

The Ghost

carnageX

Private Joker,

S0ULphIRE

Golden Master

setishock

Wizard of Wires

Similar threads