good morning!
I am less than a month new to PS, and im looking for a script that can access three remote machines and search their directories for certain indicators of compromise (IOC). I started by compiling all of the IPs, URLs, and files i was searching for in a one-column text document that i placed on the desktop.
Then i ping sweep to identify the infected systems:
for ($1-2; $i -le 254; $i++)
{
ping -n 1 -w 5 10.10.10.$i
}
i discovered the three ip addresses: 10.10.10.56, .83, and .107, the username/password is the same for all systems (Student/P@ssw0rd1), i then created :
$IOC = Get-Content - Path “C:\Users\DCI Student\Desktop\IOC.txt”
Start-Service winrm
Set-Item WSMan:\localhost\Client\TrustedHosts -Value *
$password1 = ConvertTo-SecureString “P@ssword1” -AsPlainText -Force
$Cred1 = New-Object System.Management.Automation.PSCredential (“Student”, $password1)
$Cred2 = New-Object System.Management.Automation.PSCredential (“Student”, $password1)
$Cred3 = New-Object System.Management.Automation.PSCredential (“Student”, $password1)
$session1 = New-PSSession -ComputerName 10.10.10.56 [System.Management.Automation.PSCredential]$Credential1)
$session2 = New-PSSession -ComputerName 10.10.10.83 [System.Management.Automation.PSCredential]$Credential2)
$session3 = New-PSSession -ComputerName 10.10.10.107 [System.Management.Automation.PSCredential]$Credential3)
Invoke-Command -Session $session1 {Get-ChildItem -Recurse $IOC}
Invoke-Command -Session $session2 {Get-ChildItem -Recurse $IOC}
Invoke-Command -Session $session3 {Get-ChildItem -Recurse $IOC}
The script was completing but i just got extra arrows next to my prompt “PS C:\Users\Student\Desktop>>>”
Ideally, id love for the outputs to be saved to a .txt document on the desktop, i.e. “IOC scan results 1.txt”, “IOC scan results 2.txt”
if anyone could take look at my script and give me feedback i would love you forever! (o.O)