关联漏洞
POC 描述
Script to check for IOC's created by ProxyNotShell (CVE-2022-41040 & CVE-2022-41082)
介绍
# proxynotshell-IOC-Checker
Powershell script used to check for IOC's for CVE-2022-41040 and CVE-2022-41082 based on community research and Microsoft:
* [GTESC](https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html)
* [The Sec Master](https://thesecmaster.com/how-to-mitigate-cve-2022-41040-a-0-day-ssrf-vulnerability-in-microsoft-exchange-server/)
* [Double Puslar](https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9)
* [Microsoft Security Resource Center](https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/)
* [Microsoft Security Blog](https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/)
The script may be updated to include more IOC's as more information is made available.
## :arrow_down: Download
```
git clone https://github.com/rjsudlow/proxynotshell-IOC-Checker
```
## :rocket: Usage
Run the following command in an elevated PS shell from the affected server:
```
.\proxynotshell-IOC-Checker.ps1 'Path\to\Logs\'
```
文件快照
[4.0K] /data/pocs/ad2b70055b65582a9ab686a84926d8cccc9ceaa1
├── [ 11K] LICENSE
├── [5.7K] proxynotshell-IOC.ps1
└── [1.2K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。