Skip to content
/ chkwebshell.ps1 Public

Detect malicious code on Exchange Server which could compromise the system, this after exploitation of Hafnium webshell injection.

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

unblog/chkwebshell.ps1

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
chkwebshell.ps1
chkwebshell.ps1
 
 

Repository files navigation

chkwebshell.ps1

Detect malicious code on Exchange Server which could compromise the system, this after exploitation of Hafnium webshell injection.

PowerShell Script to Search for Forensic Artifacts.

Preface

The purpose to provide the possibility to quickly identify potentially injection of webshells like hafnium. Detect malicious code on Exchange Server which could compromise the system, this after exploitation of Hafnium webshell injection.

Run on Exchange Server Verion 2013/2016/2019 to Detect Hafnium webshells are present:

Run the Script

On a Windows Server 2012 R2 or 2016/2019 with Exchange Server in PowerShell 3.0 or newer.

PS1 C:\>.\chkwebshell.ps1

Addendum

This script is intentional developed in not very structured way, so it is simply to modify individual lines or omit them altogether, it should be easily customizable.

license

chkwebshell.ps1 is licensed under the GNU General Public License v3.0.

About

Detect malicious code on Exchange Server which could compromise the system, this after exploitation of Hafnium webshell injection.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages