Detect malicious code on Exchange Server which could compromise the system, this after exploitation of Hafnium webshell injection.
The purpose to provide the possibility to quickly identify potentially injection of webshells like hafnium. Detect malicious code on Exchange Server which could compromise the system, this after exploitation of Hafnium webshell injection.
Run on Exchange Server Verion 2013/2016/2019 to Detect Hafnium webshells are present:
On a Windows Server 2012 R2 or 2016/2019 with Exchange Server in PowerShell 3.0 or newer.
PS1 C:\>.\chkwebshell.ps1
This script is intentional developed in not very structured way, so it is simply to modify individual lines or omit them altogether, it should be easily customizable.
chkwebshell.ps1 is licensed under the GNU General Public License v3.0.