Sunday, May 19, 2024
HomePowershellMonitoring with PowerShell: Detecting Log4J information
Powershell

Monitoring with PowerShell: Detecting Log4J information

superadmin
By superadmin
0
137


Hey all, so it is a fairly fast one, so as to add onto the already many scripts launched for this. On this script we’re making an attempt to get all of the information that may endure from the Log4J concern in CVE-2021-44228. I’m saying may, as a result of the script detects a category that can be utilized in different merchandise, Therefore it’d find yourself with some minor false positives.

The script makes use of “Every little thing” by Voidtools which is a speedy search device that may index all information on Home windows a lot quicker than the rest. I counsel you host the transportable model someplace your self so you’ll be able to management precisely which model get’s put in, and you are able to do your due diligence on there.

As at all times, I assume you’re executing this script as system, out of your RMM tooling.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

$PortableEverythingURL = "https://www.voidtools.com/Every little thing-1.4.1.1009.x64.zip"

Set-PSRepository -Identify 'PSGallery' -InstallationPolicy Trusted
Invoke-WebRequest -UseBasicParsing -Uri $PortableEverythingURL -OutFile "$($ENV:TEMP)Every little thing.zip"
Broaden-Archive "$($ENV:TEMP)Every little thing.zip" -DestinationPath $($ENV:Temp) -Pressure
if (!(Get-Service "Every little thing Shopper" -ErrorAction SilentlyContinue)) {
& "$($ENV:TEMP)every thing.exe" -install-client-service
& "$($ENV:TEMP)every thing.exe" -reindex
start-sleep 3
Set up-Module PSEverything
}
else {
& "$($ENV:TEMP)every thing.exe" -reindex
Set up-Module PSEverything

}
$ScanResults = search-everything -global -extension jar
if ($ScanResults) {
Write-Host "Potential susceptible JAR information discovered. Please examine:"
Write-Host "all Outcomes:"
$scanresults
    Write-Host "All Outcomes with susceptible class:"
($ScanResults | ForEach-Object { Choose-String "JndiLookup.class" $_ }).path
}
else {
Write-Host "Didn't discover any susceptible information."
}

you may simply implement this script in most RMM methods, and get a fast overview of locations you may have log4j lively. This is only one of many options, Additionally try another options by one in every of my associates, Prejay Shah right here. This one makes use of Search-Every little thing, however fails again to get-childitem if that’s not working.

As at all times, Joyful PowerShelling,.

Previous articleRuby on Rails Ideas and Methods
Next articleEmber 3.15 “Octane” Launched
superadmin
superadminhttps://thedevnews.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Load more

Recent Comments

ABOUT US

Thedevnews is your web development website. We provide you with the latest breaking news and videos straight from the web development industry.

POPULAR POSTS

POPULAR CATEGORY

Copyright 2022© thedevnews.com. All rights reserved.