关联漏洞
标题:Microsoft Exchange Server 代码问题漏洞 (CVE-2021-26855)描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 安全漏洞。攻击者可构造恶意HTTP请求,并通过Exchange Server进行身份验证。进而扫描内网,获取用户敏感信息。以下产品和版本受到影响:Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange
描述
A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865
介绍
# HAFNIUM-IOC
Hafnium-IOC is a simple PowerShell script that runs on Exchange servers to identify indicators of compromises (IOCs) from the Hafnium activity release by Mircosoft on 2021-03-02 (https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/). The script may be updated to include more IOC as more information is made available.
## License
Hafnium-IOC is under the [MIT license](https://github.com/soteria-security/HAFNIUM-IOC/blob/main/LICENSE) unless explicitly noted otherwise.
## Usage
Due to the nature of Exchange is recommended you run the script on every Exchange server if using a DAG. The script will output findings from both the console and a log file in the current working directory. This setting is also configurable in the variable setting. The script is parameterized to accept the full path of a log file. If no path is provided, a log file will be created in the user's home directory with the name yyyy_MM_dd HH.mm.ss-Hafnium_IOCs.txt.
To execute the script, simply:
```
.\HAFNIUM-Exchange-IOC
```
Or to specify a different log path:
```
.\HAFNIUM-Exchange-IOC -logPath "C:\Temp\Hafnium_Results.log"
```
文件快照
[4.0K] /data/pocs/59897d28739ac08b5f541993caf95eca01789bff
├── [ 12K] HAFNIUM-Exchange-IOC.ps1
├── [1.0K] LICENSE
└── [1.1K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。