Saturday, September 11, 2010

Powershell Wake-OnLan Function

Me and my colleague were discussing just before the left for the weekend and at one point he said he said; "I always switch off my PC before the weekend and it's always switched on when I come back on Monday. It didn't used to do that so they (the desktop operations team) must have deployed Wake-on-Lan". This triggered a thought in my head, how does Wake-on-Lan work. So after my colleague left I googled around a bit and found this piece of java code. After seeing how easy it is to send a Wake-on-Lan magic packet I couldn't stop myself from spending another half an hour at work to build a powershell Wake-on-Lan function.

To wake a PC up just run the following:

PS C:\PS> Wake-OnLan -BroadCastAddress -MacAddress 32:2D:F4:32:7D:E5

Where -BroadCastAddress is the IP Address subnet address and where -MacAddress is the mac address of the computer to wake up. The -MacAddress parameter takes the address in either the colon (32:24:F4:32:7D:E5) or the dash (32-24-F4-32-7D-E5) format. Here is the function...

Function Wake-OnLan {
  [string]$BroadCastAddress=$(throw "Mandatory -Parameter -BroadCastAddress missing, for example"),
  [string]$MacAddress=$(throw "Mandatory -Parameter -MacAddress missing, for example 32:2D:F4:32:7D:E5 or 32-2D-F4-32-7D-E5")
  $udpClient = new-object System.Net.Sockets.UdpClient
  $endPoint = new-object System.Net.IPEndPoint $([System.Net.IPAddress]::Parse($BroadCastAddress)),10000

  $MacAddress = $MacAddress.Replace(":","-")
  [byte[]]$macBytes = $macAddress.split("-") | %{[byte]"0x$_"}
  [byte[]]$bytes = new-object "byte[]" $(6 + 16 * $($macBytes.length))
  for ($i = 0; $i -lt 6; $i++) {
    $bytes[$i] = [byte] 0xff
  for ($i = 6; $i -lt $bytes.length; $i += $macBytes.length) {
    for($j = 0; $j -lt $macBytes.length; $j++){
      $bytes[$i + $j] = $macBytes[$j]
  Write-Host "Magic packet has been sent"

Please enjoy!

Friday, September 10, 2010

Get Certificate Chain from any port with Powershell

Some time back I needed to dump the certificate chain from an LDAP server. I cobbled together a small function to connect to any SSL/TLS port and download the certificate chain.

The function takes 3 parameters, -Server, -Port and -ToBase64. I think all of them are self describing. Without the -ToBase64 the function returns a X509Certificate2 object from which you can get the Subject, Issuer, Thumbprint (...) fields.

Sample execution:

PS C:\> Get-CertificateChain -server lon001 -Port 636 -ToBase64 > c:\cert.cer

I used the function to collect all certificates from all our Domain Controller in our Active Directory domain, lo and behold, we had a few Domain Controllers with old certs. So it was very useful. Here's the function...

Function Get-CertificateChain {
[string]$server=$(throw "Mandatory parameter -Server is missing."),
[int]$port=$(throw "Mandatory parameter -Port is missing."),
using System;
using System.Collections;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Threading;
namespace CosmosKey.Powershell
  public class SslUtility
    private static byte[] CertChain;
    private static object Lock = new object();
    private static Hashtable certificateErrors = new Hashtable();
    public static bool ValidateServerCertificate(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors)
      byte[] data = certificate.Export(X509ContentType.Cert);
      lock (Lock)
        CertChain = data;
      return true;
    public static byte[] GetCertificate(string serverName, int port)
      TcpClient client = new TcpClient(serverName,port);
          SslStream sslStream = new SslStream(
          new RemoteCertificateValidationCallback (ValidateServerCertificate),
        lock (Lock)
          bool didTimeout = Monitor.Wait(Lock);
      return CertChain;
  Add-Type $code
  [byte[]]$certData = [CosmosKey.Powershell.SslUtility]::GetCertificate($server,$port)
  } else {
    $cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

Please enjoy!