This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bp ShellExecuteEx | |
// Repeat as needed for the Executed files which can be more than one. The file that is going to be executed is put | |
// in the log, so you can inspect it | |
mov $addr,[esp+4]+0x10 // Address of SHELLEXECUTEINFOA | |
mov $path, ReadDword($addr) // lpFile | |
mov $param, ReadDword($addr+4) // lpParameters | |
log "Executing: {s:0} {s:1}", $path, $param |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Based on https://cyberwatch.fr/cve/cve-2021-44228-log4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-log4j/ | |
## Added "deep" function to scan for the problematic class in each JAR file | |
## | |
## WARNING: the scan is pretty CPU/disk intensive (beware if you scan huge disks), especially the "deep" function. | |
## For critical servers, run it off-hours or in maintenace window | |
$param1=$args[0] | |
Write-Output "Starting..." | |
$jar = @() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lookup = [ 90,132,6,69,174,203,232,243,87,254,166,61,94,65,8,208,51, | |
34,33,129,32,221,0,160,35,175,113,4,139,245,24,29,225,15, | |
101,9,206,66,120,62,195,55,202,143,100,50,224,172,222,145, | |
124,42,192,7,244,149,159,64,83,229,103,182,122,82,78,63,131, | |
75,201,130,114,46,118,28,241,30,204,183,215,199,138,16,121,26, | |
77,25,53,22,125,67,43,205,134,171,68,146,212,14,152,20,185, | |
155,167,36,27,60,226,58,211,240,253,79,119,209,163,12,72,128, | |
106,218,189,216,71,91,250,150,11,236,207,73,217,17,127,177,39, | |
231,197,178,99,230,40,54,179,93,251,220,168,112,37,246,176,156, | |
165,95,184,57,228,133,169,252,19,2,81,48,242,105,255,116,191,89, |