-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSSLVPNAuth.ps1
126 lines (110 loc) · 4.03 KB
/
SSLVPNAuth.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Configuration file path
$configPath = Join-Path $env:USERPROFILE "vpn_config.xml"
function Get-EncryptedString {
param([string]$plainText)
$secureString = ConvertTo-SecureString -String $plainText -AsPlainText -Force
$encrypted = ConvertFrom-SecureString $secureString
return $encrypted
}
function Get-DecryptedString {
param([string]$encryptedString)
$secureString = ConvertTo-SecureString $encryptedString
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureString)
$plainText = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
return $plainText
}
function Get-StoredCredentials {
if (Test-Path $configPath) {
try {
$config = Import-Clixml -Path $configPath
$username = Get-DecryptedString $config.Username
$vpnAuth = Get-DecryptedString $config.VPNAuth
$uri = Get-DecryptedString $config.URI
return @{
Username = $username
VPNAuth = $vpnAuth
URI = $uri
}
}
catch {
Write-Host "Error reading stored credentials. Will prompt for new ones." -ForegroundColor Yellow
return $null
}
}
return $null
}
function Save-Credentials {
param(
[string]$username,
[string]$vpnAuth,
[string]$uri
)
$config = @{
Username = Get-EncryptedString $username
VPNAuth = Get-EncryptedString $vpnAuth
URI = Get-EncryptedString $uri
}
Export-Clixml -Path $configPath -InputObject $config -Force
Write-Host "Credentials saved securely to $configPath" -ForegroundColor Green
}
# Try to get stored credentials
$stored = Get-StoredCredentials
$baseUri = ""
if ($stored) {
$useStored = Read-Host "Found stored credentials. Use them? (Y/N)"
if ($useStored.ToUpper() -eq 'Y') {
$username = $stored.Username
$vpnAuth = $stored.VPNAuth
$baseUri = $stored.URI
}
}
# If no stored credentials or user wants new ones, prompt
if (-not $stored -or $useStored.ToUpper() -ne 'Y') {
$userentered = Read-Host "Enter username"
$username = $userentered.ToLower()
$vpnAuth = Read-Host "Enter pre-shared key"
$baseUri = Read-Host "Enter request URL (e.g., https://vpn-auth.organization.workers.dev)"
$saveCredentials = Read-Host "Save credentials for future use? (Y/N)"
if ($saveCredentials.ToUpper() -eq 'Y') {
Save-Credentials -username $username -vpnAuth $vpnAuth -uri $baseUri
}
}
# Create SHA256 hash of username
$sha256 = New-Object System.Security.Cryptography.SHA256CryptoServiceProvider
$utf8 = New-Object System.Text.UTF8Encoding
$hash = [System.BitConverter]::ToString(
$sha256.ComputeHash($utf8.GetBytes($username))
).Replace("-", "").ToLower()
# Prepare the request
$uri = "$baseUri/$hash"
$headers = @{
"VPNAuth" = $vpnAuth
}
# Force TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
try {
# Make the request using curl with IPv4 flag
$response = curl.exe -4 -s -w "%{http_code}" -H "VPNAuth: $vpnAuth" $uri
if ($LASTEXITCODE -eq 0) {
Write-Host "Success! Please wait up to 2 minutes before connecting to the SSLVPN. Your session will be valid for 8 hours." -ForegroundColor Green
Read-Host -Prompt "Press ENTER to exit."
} else {
throw "Curl request failed with exit code $LASTEXITCODE"
}
}
catch {
# Check if the error message contains common HTTP status codes
if ($response -match "401") {
Write-Host "Authentication failed. Invalid pre-shared key." -ForegroundColor Red
}
elseif ($response -match "429") {
Write-Host "Rate limit exceeded. Successful requests are valid for 8 hours." -ForegroundColor Yellow
}
elseif ($response -match "404") {
Write-Host "Invalid username hash or key not found." -ForegroundColor Red
}
else {
Write-Host "Error occurred: $($_.Exception.Message)" -ForegroundColor Red
}
Read-Host -Prompt "Press ENTER to exit."
}