powershell

Twin Cities PowerShell 09/08: Windows and Containers Resource Links

This week, I presented at Twin Cities PowerShell on Windows Containers! There was a good chunk of content, so I’ve put together a collection of resource linkage.

Resource links to other things that were talked about:

jenkins

Jenkins and PowerShell: Passing Credentials into PowerShell Scripts

With Jenkins, you can use the PowerShell Plugin to have jobs executing PowerShell scripts. You can also use the Credentials Binding Plugin to pass in usernames/passwords, that are stored on Jenkins in an encrypted credential store, to your scripts!

I wanted to make this short post to show how easy it is to take advantage of credentials that can be used by multiple jobs, and only have to change them in the credential store (as opposed to changing their value in every single job).

When the proper plugins are installed on Jenkins, new jobs should have the ability to pass bound credentials into your scripts (be it PowerShell, bash, etc.) as environmental variables. Your jobs will have a Use secret text(s) or file(s) checkbox that, when checked, provides the ability to select the types of bindings you are using. In my case in the screenshot below, I pass the Username and Password (separated) credential option, as to provide two separate environmental variables into the script:

PassingCredentialsInJenkins2Now your scripts can have credential objects passed to them, if they have -Credential parameters that can take the appropriate object types. You would create credential objects as so:

$SrvPassword = ConvertTo-SecureString "$($ENV:SrvPassword)" -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ("$ENV:SrvUser", $SrvPassword)
Invoke-Command -ComputerName node1 -Credential $Credential -ScriptBlock {Get-Process}

With that, you should be able to start utilizing credentials in your jobs that need to pass them into scripts. Special thanks to Ken, from DevOpsLibrary, for helping me out on this!

Cyber Skull

[DefCon 23 Debrief Series] Horrifying Vulnerabilities in the Death/Birth Certificate System

Premise: Death and birth certificates can be filed online, with practically no oversight.
DefCon Response: Let’s show the world how easy it is to kill anyone, and/or profit from the birthing/killing of virtual…babies?

This is one blog article in a series titled the DefCon 23 Debrief Series. This year was my first year at DefCon in Vegas, and it was awesome. If you ever have the opportunity to get your work to ship you there? Take it. If you ever get the opportunity to ship yourself? Don’t think. Go.

Read More »

DefCon23-Rifle

[DefCon 23 Debrief Series] When IoT Attacks: Hacking a Linux-Powered Rifle

Premise: Let’s place a computer on a gun, and give it WiFi.
DefCon Response: Let’s hijack it, and install our own malicious updates.

This is the first article in a series titled the DefCon 23 Debrief Series. I may be doing one or more further articles, given time. This year was my first year at DefCon in Vegas, and it was awesome. If you ever have the opportunity to get your work to ship you there? Take it. If you ever get the opportunity to ship yourself? Don’t think. Go.

Read More »

Screenshot from 2015-07-17 20:16:45

Querying Unix Attributes from Active Directory with PowerShell

This is just a quick blurb, but you may have wanted a nice way to query the Unix Attributes tab of AD accounts. Using PowerShell, and the ActiveDirectory Module, you can pull these values quite easily. The AD property names are listed above each box in this example:

UnixAtrributes

You can use the following PowerShell code:

Import-Module ActiveDirectory
Get-ADUser john.doe -Properties *
  | select SamAccountName,msSFU30NisDomain,unixHomeDirectory,loginShell,uidNumber,gidnumber,
  @{Label='PrimaryGroupDN';Expression={(Get-ADGroup -Filter {GIDNUMBER -eq $_.gidnumber}).DistinguishedName}}

You will get the properties to appear as so:

Unix-PoSH-Output

My custom expression for PrimaryGroupDN will also resolve to the Distinguished Name tied to the gidnumber found.