In controlled environments, it’s useful to know when outbound connectivity is not restricted to a predefined list of required hosts, as many standards like PCI require. Here’s a helpful one-liner that will query your Active Directory instance for computer accounts that are enabled, and then for each of them try to connect to a site from that machine, as orchestrated by WinRM. If you use this script, just know that you will probably see a sea of errors for machines that connect be reached from your source host via WinRM. My go-to site for testing non-secure HTTP is asdf.com, but you could use anything target and port you desire based on what should not be allowed in your environment. I have changed the snippet below to example.com (which will not work) so I don’t spam the poor soul who runs asdf.com, but you should replace that with google.com or whatever host to which you wish to verify connectivity.
\nInvoke-Command -ComputerName (Get-ADComputer -Filter {Enabled -eq \"True\"}\n -Property Name,Enabled | foreach { $_.Name }) -ScriptBlock\n { Test-NetConnection -Port 80 \"example.com\" | Select TcpTestSucceeded }\nThe output will be dropped into look something like this:
\nTcpTestSucceeded PSComputerName RunspaceId \n ---------------- -------------- ---------- \n True YOUR-HOST-1 d5fd044c-c268-460e-a274-d3253adc8ce2 \n True YOUR-HOST-2 98206f71-80c1-4e7e-a467-fec489c542ee \n False YOUR-HOST-3 d0b6cf57-e833-44a6-a7bb-aebd4d854b5c \n True YOUR-HOST-4 14af618b-1ca7-4c1f-bb56-ce58dbd4af94\n
It’s a great sanity check before an audit or after major changes to your network architecture or security controls. Enjoy!
\n\n
\n
\n", "date_published": "2017-06-24T23:35:28+00:00", "url": "https://blog.seanmcelroy.com/2017/06/24/powershell-oneliner-to-find-outbound.html", "tags": ["Security","Programming","Aside"] } ] }