I love my nextcloud. It is hosted at my house, and I can upload files from anywhere in the world. It’s very clean, and one of the most awesome features is the file drop. I use scripts to upload the results all the time to the file drop location on my next cloud. A file drop is an upload-only file location. This means the outside world can not see the files inside of it. Only I can do that. I can also password lock this file drop location so only those with the password can get into it. It’s pretty cool.
How to setup a File Drop
I am going to assume you have a nextcloud. Once you log in, click the + icon to create a folder. We will call it PFD for password file drop and click the arrow to create.
Create file drop
Now we will set up the sharing side with the password lock.
Click the PFD folder to open the menu on the right hand side.
Click the sharing icon
Click the share link +.
Click the three dots
Radio check the File Drop (Upload Only)
Check the Password Protect
It will auto generate a password, It’s best to make your own.
Document your password!
Click the arrow to save the password
Click the clip board to copy the link for your new share
In a different browser test your link.
Before Password
After Password
Now you have a safe place for the files to go. It’s time to upload files via PowerShell. You will need a few items. First the URL of your site. example https:\\cloud.bolding.us. Next, you will need the shareID of the folder in question. That can be found in your URL at the end. Example
The URL. For this example we will be using https://cloud.bolding.us
The shareID of the directory in question. It is the last part of the main url that we copied by clicking the clip board. I have bolded it for you in this example: https://cloud.bolding.us/index.php/s/oWHeW4dfWnxwXXX
Next you will need the password.
Those are the three things you will need to create your invoke-restmethod. Lets build the script. Lets declare our variables.
Now the hard part. We need to create the header. This is where we will be placing the passwords and the type of information we are going to be accessing.
The Authorization type is going to be basic. We are going to convert the shareid and the sharepassword into the UTF8 so our nextcloud can understand it. We want all that as a base 64. So we create the string with “$($ShareID):$($SharePassword)” and push that into our System.Text.Encoding UTF8. Using the method GetByes. All that is then put into the System.Convert base of 64 string, aka password.
Next, we tell the site what we are requesting, we are requesting the XML HTTP request. Next, we will create the URL that will be used by the rest method.
Now we have the Header that will be needed for our rest method. We have the URL. now we need the method and the file. We do the file by using the -InFile and select the full name of the file $Item.Fullname. The method will be PUT as we are putting something somewhere.
Invoke-RestMethod -Uri $URLBuild -InFile $Item.Fullname -Headers $Headers -Method Put
Now it’s time to put it all together into a workable function.
WSD is an awesome service for printers. It goes out and finds a printer on the network and adds it accordingly. It does all the IP address stuff for you. Which is awesome. It even tells you that it was set up as a wsd by naming the port wsd and some code. Super friendly. However… What happens when DHCP changes that IP address because someone forgot to do a reservation? How do you get that IP address? Believe it or not, that IP address is stored in the registry for the most part. Its located under the Hardware Local Machine > System > Current Control Set > Enum > SWD > DAFWSDProvider. Each entry has a friendly name and location information. The location information has the IP address like a web page. Powershell can give you this information pretty quickly with a single line as well. Let’s take a look.
Get-childitem is normally used in directories. The registry is a type of directory with files inside of it. So we use the get-childitem and treat the registry as a file path. We navigate to the DAFWSDProvider. Then we look at each file or in this case item property with Get-ItemProperty. We are looking for that FriendlyName and the LocationInformation. The location information will look like https://192.168.2.62/something because it is treating the IP address as a webpage. Still unsure why. The above command will list all of the printers like this. If it has an IP address, it will appear there.
Now we can wrap this up in a nice little function for remote computers.
Passwords can be hard to make for people, especially kids and older users. That’s where Dino Passwords come into play. You can make simple and yet complex passwords using this service. This service also has a simple API to work with. I personally like using the API with new user creation scripts. The API is a single line with the invoke-webrequest command let.
As part of the exchange online hardening process, one must disable the sign-in ability of shared mailboxes. This process is simple. You will need to exchange Online and the MS Online modules. First, we will grab all the shared mailboxes using the exchange online. Then using the user principal name, we grab the user info from MS Online module. From there we search for each MS user who isn’t blocked and set them to be blocked. Finally, we report back on the shared mailboxes that are blocked. Now we have the concept, let us break it down a little more. FYI, this can be done in a single line, but that would make it confusing. So, we will make it into a more functional script. Let us start up our VS code and get started.
First, connect to our need services with connect-exchangeonline and connect-msolservice. We live in the world of MFA, so I will assume you will complete the MFA process for these two commands.
Next, we will grab all the shared mailboxes by filtering the get-mailbox command. We are looking for the Recipient Type Details to be equal to the shared mailbox.
Then we will grab the MS user information from each Shared Mailbox. Once we get the MS user information we only want the user principal name and the block credential.
Now loop through the accounts checking each account to see if the credentials are blocked. If it isn’t, aka false, then we set the block credentials to true with set-MsolUser.
Next, we confirm every shared mailbox is set to true for blocking credentials. We are basically repeating the above command again as a single line. We use Get-Mailbox with the filter for the recipient type details to be equal shared mailbox. Pipe that into Get-MsolUser and then select the user principal name and block credentials.
Passwords, Passwords, and more Passwords. Let’s generate a 16 character password that is complex and random that you will have to save into your password manager because you will never remember it.
Lets break it down and then make a function for easier use. We are going to use the concept of PEMDAS. For this breakdown.
Get-Random -Minimum 32 -Maximum 126
This gives us a random number between 32 and 126. Why is this important. The next part is why. We are grabbing a character of X, [char](x), These are considered password-safe characters of the ASCII set.
1..16 | foreach-object {SomeCode}
This part repeats everything in the “some code” area 16 times. So we are grabbing 16 chars. Each loop occurs separately. This creates 16 characters that take up a different line on the shell prompt each time it runs. That’s where the next part comes into play.
[string]::Join("", array )
This part of the script is a string function that joins each part of the array together. Notice the “” part. This adds items inside the array. So if you want the password to have 7 every join, then place “7” here.
Now when you combine all this together. We create an array of random password-safe characters and join them all together. With their powers combined, we have a potential password.
Here we added a count, so we can make more than one and choose from it. By default, we are setting them to 16 and to 1. This way we have a 16 character password that is done only once.
That’s all folks, let me know if you have any questions or corrections.
One of the things I love to do is add a Dad joke to my reports. Reddit has some good ones. What’s cool about Reddit is they have a JSON backend that can be used and Used I do.
This script is super simple. We are using a rest method to grab the JSON information. Wrapping it in a function with a write-host. Nothing more simple.
The first part is the dad jokes themselves. We are grabbing the top jokes on the subreddit. We use the Invoke-RestMethod because we are grabbing that JSON.
The next line grabs a random Joke from the list. The $DadJoke.Data.Children are an array. We are grabbing a random index from the array where the minimum is 0. The maximum is the number of arrays minus one. We do a minus one because everything starts at 0.
Finally, we write-host out the information. Notice once again, we use the $() structure. This way we can grab the subarrays of each item and displays the information accordingly.
A very simple breakdown of the function, and I hope you all enjoyed it.
