-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCrowdstrike-Deploy.ps1
84 lines (68 loc) · 4.97 KB
/
Crowdstrike-Deploy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Crowdstrike-Deploy Banner
#region
Write-Output ""
Write-Output " ██████╗██████╗ ██████╗ ██╗ ██╗██████╗ ███████╗████████╗██████╗ ██╗██╗ ██╗███████╗"
Write-Output " ██╔════╝██╔══██╗██╔═══██╗██║ ██║██╔══██╗██╔════╝╚══██╔══╝██╔══██╗██║██║ ██╔╝██╔════╝"
Write-Output " ██║ ██████╔╝██║ ██║██║ █╗ ██║██║ ██║███████╗ ██║ ██████╔╝██║█████╔╝ █████╗"
Write-Output " ██║ ██╔══██╗██║ ██║██║███╗██║██║ ██║╚════██║ ██║ ██╔══██╗██║██╔═██╗ ██╔══╝"
Write-Output " ╚██████╗██║ ██║╚██████╔╝╚███╔███╔╝██████╔╝███████║ ██║ ██║ ██║██║██║ ██╗███████╗"
Write-Output " ╚═════╝╚═╝ ╚═╝ ╚═════╝ ╚══╝╚══╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═╝╚══════╝"
Write-Output ""
Write-Output " ██████╗ ███████╗██████╗ ██╗ ██████╗ ██╗ ██╗"
Write-Output " ██╔══██╗██╔════╝██╔══██╗██║ ██╔═══██╗╚██╗ ██╔╝"
Write-Output " ██║ ██║█████╗ ██████╔╝██║ ██║ ██║ ╚████╔╝"
Write-Output " ██║ ██║██╔══╝ ██╔═══╝ ██║ ██║ ██║ ╚██╔╝"
Write-Output " ██████╔╝███████╗██║ ███████╗╚██████╔╝ ██║"
Write-Output " ╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝"
Write-Output ""
Write-Output " Created & Maintained by: Eilay Yosfan"
Write-Output " GitHub.com/YosfanEilay"
Write-Output " Version: 1.0"
Write-Output ""
#endregion
###### Please Paste Your Information in Here ######
$SensorLink = "" # Crowdstrike Sensor Download Link
$SensorSig1 = "" # Crowdstrike Sensor Hash (SHA256)
$TenantCID = "" # Crowdstrike Tenant CID
$TenantName = "" # Crowdstrike Tenant Name
###################################################
# Prerequisite Variable Load
$Hostname = hostname
$RunPath = Get-Location
$DstPath = "$RunPath\CrowdstrikeSensor.exe"
# Test if Host is Connected to the internet
$PingStatus = Test-Connection -ComputerName 8.8.8.8 -Count 2 -ErrorAction SilentlyContinue | Select-Object -Property *
if ($PingStatus) {
Write-Output "[+] Host is connected to the internet."
}
else {
Write-Output "[!] Host is not connected to the internet."
exit
}
# Test Connection to OneDrive
$PingStatus = Test-Connection -ComputerName "onedrive.live.com" -Count 2 -ErrorAction SilentlyContinue | Select-Object -Property *
if ($PingStatus) {
Write-Output "[+] OneDrive is reachable."
}
else {
Write-Output "[!] OneDrive is not reachable, might be related to host network or organization policy. Deploy might fail."
}
# Download Crowdstrike Sensor
Write-Output "[+] Download has started. The time required will depend on the host's bandwidth."
(New-Object System.Net.WebClient).DownloadFile($SensorLink, $DstPath)
# Check if the Downloaded Sensor File is Corrupted
$SensorSig2 = (Get-FileHash -Algorithm SHA256 -Path $DstPath).hash
if ($SensorSig1 -eq $SensorSig2) {
Write-Output "[+] Crowdstrike sensor was successfully downloaded. Sensor installtion started."
}
else {
Write-Output "[!] The sensor file is corrupted, likely due to an interrupted download. you can try again."
Remove-Item -Path $DstPath -Force -ErrorAction SilentlyContinue | Out-Null
exit
}
# Start Crowdstrike Installation Process
.$DstPath /install /quiet CID=$TenantCID
Start-Sleep -Seconds 60
# Print Success Message
Write-Output "[+] Done. $Hostname will be available on host management under the tenant $TenantName in 5-10 minutes."
Write-Output ""