Receba mensagem de alerta quando houver um ataque de ransomware em servidor Windows 2016, a mensagem chega em seu e-mail e no seu Telegram via powershell

in alertaransomware •  4 years ago  (edited)

Hello pessoal, segue o código completo:

$SMTPServer = "smtp.gmail.com"
$SMTPPort = "587"
$Username = "seu e-mail"
$Password = "sua senha"
$data = Get-Date -format "dd/MM/yyyy HH:mm:ss"

$to = "seu e-mail"
#$cc = "[email protected]"
#$bcc = "[email protected]"
$subject = "Mensagem do e-mail"
$body = "Este e-mail foi enviado automaticamente, usando PowerShell.

Att,
Jack Bauer "

#Caso queira indicar caminho da imagem:

$attachment = "C:\Scripts\ataque.jpg"

#############################

$message = New-Object System.Net.Mail.MailMessage
$message.subject = $subject
$message.from = $username
$message.to.add($to)
#$message.cc.add($cc)
#$message.cc.add($bcc)
$message.attachments.add($attachment)

#$attachment1 = new-object Net.Mail.Attachment($anexo1)
#$attachment2 = new-object Net.Mail.Attachment($anexo2)
#$message.attachments.add($attachment1)

$message.body = $body

$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password);
$smtp.send($message)
write-host "E-mail Enviado!"

##################################################################################################################################

Script envio de mensagem pelo Telegram usando o Powershell - Créditos Gabriel Luiz - www.gabrielluiz.com

$BotKey = "3216549887:RFPP2Ilkslkd9KJsdoxsdfomx92slmjwislmsoi9x" # Coloque aqui o código token API gerado. Exemplo: 6933339977:AAE4Kn_u9kuoi2ZBBliD-6o9LDjuUkiXhCo
$GetChatID = Invoke-WebRequest -Uri "https://api.telegram.org/bot$BotKey/getUpdates"
(ConvertFrom-Json $GetChatID.Content).result.message.chat.id

function Send-TeleMessage([string] $BotKey , [array] $ChatIDs , [string] $Message)
{
$sendMsgLink = "https://api.telegram.org/bot$BotKey/sendMessage"
foreach ($ID in $ChatIDs)
{
try
{

        $ExecuteInvokeWeb = Invoke-WebRequest -Uri "$sendMsgLink" -Method Post -ContentType "application/json;charset=utf-8" -Body (ConvertTo-Json -Compress -InputObject @{chat_id=$ID; text="$Message"}) -ErrorAction SilentlyContinue
        $Status = (ConvertFrom-Json -InputObject $ExecuteInvokeWeb.Content)
        if($Status.ok){Write-Host "Message successfully sent to Chat ID : $ID (Type : $($Status.result.chat.type))" -ForegroundColor Green}
    }
    catch [Exception]
    {
        $exception = $_.Exception.ToString().Split(".")[2]
        Write-Host "Message failed to send at Chat ID : $ID ($exception)" -ForegroundColor Red
    }
}

}

Send-TeleMessage -BotKey "3216549887:RFPP2Ilkslkd9KJsdoxsdfomx92slmjwislmsoi9x" -ChatIDs "-1001258596235" -Message "Alerta Evento 29292 - Crítico! Servidor TS foi invadido por Ransom!!! " # No campo -BotKey repita o código token gerado pela API. Já o campo -ChatIDs copie o código gerado no Chat ID, exemplo: 795591150. # Já o campo -Message escreve a mensagem de alerta.

alertaransomware caso
4 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.02
  • Past Payouts $0.02
  • - Author $0.01
  • - Curators $0.01
3 votes
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!