Powershell – Scripte signieren , Böse IPs mit neuem HOST FILE http://winhelp2002.mvps.org/hosts.htm nach LOCALHOST umleiten !

Windows PowerShell Scripte signieren…..

Download
https://developer.microsoft.com/de-de/windows/downloads/windows-10-sdk
Run the sdksetup.exe and install App Certification Kit
to get the makecert.exe in directory like C:\Program Files (x86)\Windows Kits\10\bin\x64

Set up to view the Certificates by running
PS C:> mmc.exe
and adding the Certificates snap-in

PS C:> makecert.exe -n „CN=PowerShell Local Certificate Root“ -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
This will create the trusted root certificate authority: see it in the Certificates snap-in

PS C:> makecert -pe -n „CN=PowerShell User“ -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
There will now be a certificate in the Personal store: see it in the Certificates snap-in

PS C: > Get-ChildItem cert:CurrentUserMy -codesign

you can now delete the two temporary files root.pvk and root.cer in your working directory.
The certificate info is stored with that of others, in „C:\Documents and Settings\[username]\Application Data\Microsoft\SystemCertificates\My\“.

PS C:> Set-ExecutionPolicy AllSigned

Now sign the script:

PS C:> Set-AuthenticodeSignature c:\foo.ps1 @(Get-ChildItem cert:\CurrentUser\My -codesign)[0]

After the script is signed, it looks like this:

param ( [string] $You = $(read-host „Enter your first name“) )
write-host „$You so totally rocks“

# SIG # Begin signature block
# MIIEMwYJKoZIhvcNAQcCoIIEJDCCBCACAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQU6vQAn5sf2qIxQqwWUDwTZnJj
…snip…
# m5ugggI9MIICOTCCAaagAwIBAgIQyLeyGZcGA4ZOGqK7VF45GDAJBgUrDgMCHQUA
# Dxoj+2keS9sRR6XPl/ASs68LeF8o9cM=
# SIG # End signature block

Execute the script once again:

PS C:> .\foo.ps1
Do you want to run software from this untrusted publisher?

The file C:\foo.ps1 is published by CN=PowerShell User. This publisher is not trusted on your system. Only run scripts from trusted publishers.

[V] Never run [D] Do not run [R] Run once [A] Always run [?] Help (default is „D“):

Answer „A“ and the script proceeds to run, and runs without prompting thereafter. A new certificate is also created in the Trusted Publishers container:
Signed scripts can be transported by exporting (from original computer) and importing (to the new computer) the Powershell certificates
found in the Trusted Root Certification Authorities container.
Optionally, the Trusted Publishers can also be moved to prevent the first-time prompt.

From the Current User certificate store, go to the Trusted Root Certification Authorities container and locate the PowerShell Local Certificate Root certificate.
Right-click on it and click All Tasks, Export:

Leave the format at the default DER and click Next:
Enter your desired path and name of the exported certificate, and click Next:
Click Finish and close out the wizard:

Login on the target machine as the user under which scripts will be running.
Open MMC and add the Certificates snap-in for the current user, locating the Trusted Root Certification Authorities container.

Expand the container to find the Certificates store. Right-click on it and select All Tasks, Import:
Read the security warning and click Yes to install the certificate:

Your signed script should now run on the new computer.
Note that Powershell will prompt you the first time it’s run unless you also import the Trusted Publishers certificate.

——————————————————————————————————————————————————

IF YOU HAVE ALREADY CHANGE DEFAULT HOST – FILE YOU MUST CHANGE SOMETHING IN THIS SCRIPT !


HOST File Updater for Windows in Aufgabenverwaltung Event management for automatic Update the magic of localhost !

http://winhelp2002.mvps.org/hosts.htm send EVIL-IPs to localhost !

In the Event-management AS action:
powershell.exe -Command „& „c:\MyFolder\HostFile-Updater.ps1“

POWERSHELL SCRIPT ( HostFile-Updater.ps1 ):


Add-Type -AssemblyName PresentationCore,PresentationFramework

# DEZIP function

function Expand-ZIPFile($file, $destination)
{
$shell = new-object -com shell.application
$zip = $shell.NameSpace($file)
foreach($item in $zip.items())
{
$shell.Namespace($destination).copyhere($item)
}
}

wget http://winhelp2002.mvps.org/hosts.htm -OutFile C:\Users\MYName\Downloads\host.htm

$neu = select-string -path C:\Users\MyName\Downloads\host.htm -pattern „Updated“ |%{$_ -replace „Updated“, „x“} |%{$_.split(„x“)[1]} |%{$_.split(„<„)[0]} |%{$_ -replace “ „, „“}
$ist = select-string -path C:\Windows\System32\drivers\etc\HOSTS -pattern „updated“ |%{$_ -replace “ „, „x“} |%{$_.split(„#“)[1]} |%{$_.split(„:“)[1]} |%{$_.split(„x“)[1]}

if ($neu -ne $ist)
{
$nachricht = „Neue Datei = „,$neu , „`r`rVorhanden = „,$ist

$Result = [System.Windows.MessageBox]::Show($nachricht,“Install NEW HOST – FILE ?“,4,[System.Windows.MessageBoxImage]::Warning)
if ($Result -eq „Yes“)
{
wget http://winhelp2002.mvps.org/hosts.zip -OutFile C:\Users\MyName\Downloads\host.zip
Expand-ZIPFile –File “C:\Users\MyName\Downloadshost.zip” –Destination “C:\Users\MyName\Downloads”
C:\Users\MyName\Downloads\mvps.bat
# echo “ END “
}
}


 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.