Patching some English and README

[Ranily57]

This pull request updates the existing script to improve the clarity and functionality of the brute force attack detection. The changes include fixing translation errors and reworking the README file for better guidance.

Script Changes

1. Translation Corrections:
   All string texts in the script have been correctly translated to English. This ensures that notifications and messages are clear for an English-speaking audience.

2. Error Fixes:
   Fixed errors in the script to ensure that the IP address extraction and notification work as intended.

Updated Script

- $ipAdresse = $event.Message -replace ".+Adresse réseau source :\s+(\S+).+", "`$1"
+ $ipAddress = $event.Message -replace ".+Source Network Address:\s+(\S+).+", "`$1"

# Retrieve the latest failed logon event (EventID 4625)
$event = Get-WinEvent -LogName Security -FilterXPath "*[System[EventID=4625]]" -MaxEvents 1

# Extract the attacker's IP address from the event message
$ipAddress = $event.Message -replace ".+Source Network Address:\s+(\S+).+", "`$1"

# Load the necessary assemblies to display a dialog box
Add-Type -AssemblyName PresentationCore, PresentationFramework

# Define the alert message and the dialog box title
$message = "Brute Force attack detected.`nIP Address of the attacking PC: $ipAddress"
$title = "Security Alert"

# Display the dialog box with the alert message
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show($message, $title, [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Exclamation)

Reworked README

Bruteforcer Alert

Detect failed connection attempts and get notified with the IP address of the person trying to hack/connect to your PC. This script works only on Windows.

How to Set Up

Step 1: Download and Extract Files

1. Download and extract the Bruteforcer_Alert package.
2. Locate bruteforcealert.ps1 and bruteforcealert.bat in the ps1_file/English or ps1_file/French directory.

Step 2: Modify the .bat File

1. Edit the bruteforcealert.bat file to add the path to your bruteforcealert.ps1 file.

   

Step 3: Configure Local Group Policy

1. Open the Local Group Policy Editor (Win + R > gpedit.msc).
2. Navigate to: Windows settings > Security settings > Advanced Audit Policy Configuration > System Audit Policies > Logon/Logoff.
3. Double-click on Audit Logon and configure it as follows:
   • Select "Configure the following audit events:"
   • Check both "Success" and "Failure".

Step 4: Set Up Task Scheduler

1. Open Task Scheduler and click on "Create Task".
2. Follow the steps below to configure the task:

General Tab

• Ensure the name is filled in both circled areas.

Triggers Tab

1. Click "New".

2. Configure it as follows:

   • Begin the task: "On an event".
   • Log: "Security".
   • Source: "Microsoft Windows security auditing".
   • Event ID: 4625.

   

Actions Tab

1. Click "New".

2. Configure it as follows:

   • Action: "Start a program".
   • Program/script: Browse to C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.
   • Add arguments: Add the path to your bruteforcealert.bat file.

   

Testing

To test the setup:

1. Enable Remote Desktop Connection in settings.
2. From another PC, use the Remote Desktop Connection app to attempt a connection with the correct username but an incorrect password.
3. Both PCs must be on the same network.

Enjoy!

If you encounter any issues or have suggestions for improvement, feel free to open an issue on GitHub.

---

<3