Receba mensagem de alerta quando houver um ataque de ransomware em servidor Windows 2016, a mensagem chega em seu e-mail e no seu Telegram via powershell
Hello pessoal, segue o código completo:
$SMTPServer = "smtp.gmail.com"
$SMTPPort = "587"
$Username = "seu e-mail"
$Password = "sua senha"
$data = Get-Date -format "dd/MM/yyyy HH:mm:ss"
$to = "seu e-mail"
#$cc = "[email protected]"
#$bcc = "[email protected]"
$subject = "Mensagem do e-mail"
$body = "Este e-mail foi enviado automaticamente, usando PowerShell.
Att,
Jack Bauer "
#Caso queira indicar caminho da imagem:
$attachment = "C:\Scripts\ataque.jpg"
#############################
$message = New-Object System.Net.Mail.MailMessage
$message.subject = $subject
$message.from = $username
$message.to.add($to)
#$message.cc.add($cc)
#$message.cc.add($bcc)
$message.attachments.add($attachment)
#$attachment1 = new-object Net.Mail.Attachment($anexo1)
#$attachment2 = new-object Net.Mail.Attachment($anexo2)
#$message.attachments.add($attachment1)
$message.body = $body
$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password);
$smtp.send($message)
write-host "E-mail Enviado!"
##################################################################################################################################
Script envio de mensagem pelo Telegram usando o Powershell - Créditos Gabriel Luiz - www.gabrielluiz.com
$BotKey = "3216549887:RFPP2Ilkslkd9KJsdoxsdfomx92slmjwislmsoi9x" # Coloque aqui o código token API gerado. Exemplo: 6933339977:AAE4Kn_u9kuoi2ZBBliD-6o9LDjuUkiXhCo
$GetChatID = Invoke-WebRequest -Uri "https://api.telegram.org/bot$BotKey/getUpdates"
(ConvertFrom-Json $GetChatID.Content).result.message.chat.id
function Send-TeleMessage([string] $BotKey , [array] $ChatIDs , [string] $Message)
{
$sendMsgLink = "https://api.telegram.org/bot$BotKey/sendMessage"
foreach ($ID in $ChatIDs)
{
try
{
$ExecuteInvokeWeb = Invoke-WebRequest -Uri "$sendMsgLink" -Method Post -ContentType "application/json;charset=utf-8" -Body (ConvertTo-Json -Compress -InputObject @{chat_id=$ID; text="$Message"}) -ErrorAction SilentlyContinue
$Status = (ConvertFrom-Json -InputObject $ExecuteInvokeWeb.Content)
if($Status.ok){Write-Host "Message successfully sent to Chat ID : $ID (Type : $($Status.result.chat.type))" -ForegroundColor Green}
}
catch [Exception]
{
$exception = $_.Exception.ToString().Split(".")[2]
Write-Host "Message failed to send at Chat ID : $ID ($exception)" -ForegroundColor Red
}
}
}
Send-TeleMessage -BotKey "3216549887:RFPP2Ilkslkd9KJsdoxsdfomx92slmjwislmsoi9x" -ChatIDs "-1001258596235" -Message "Alerta Evento 29292 - Crítico! Servidor TS foi invadido por Ransom!!! " # No campo -BotKey repita o código token gerado pela API. Já o campo -ChatIDs copie o código gerado no Chat ID, exemplo: 795591150. # Já o campo -Message escreve a mensagem de alerta.