Untitled

avatar
unknown
powershell
10 months ago
2.2 kB
10
Indexable
   "& {$j = sajb {$ErrorActionPreference = 'SilentlyContinue';$ErrorActionPreference = 'SilentlyContinue';$jars = $(Get-ChildItem -Path "'C:\*'" -Recurse -Include '*.jar','*.war','*.ear'| Where-Object Attributes -NotLike "*ReparsePoint*"| % {$_.FullName});try{Add-Type -AssemblyName System.IO.Compression.FileSystem;}catch{'no_archive_inspection'};$num_jars_found = 0;$rxp_log4j = '(?:\\|\/)(log4j-?(?:core-?)?(\d[.\d]+)?(?:-?((?:rc|alpha|beta)-?\d*))?\.jar)';$rgx_log4j = [Regex]::new($rxp_log4j);$rxp_class = '(.*JndiLookup.class)?(.*JMSAppender.class)?(.*JdbcAppender.class)?';$rgx_class = [Regex]::new($rxp_class,[System.Text.RegularExpressions.RegexOptions]::IgnoreCase);foreach($jar in $jars){$l4jf = $l4jd = $l4je = $jdlc = $jmsa = $jdbc = $null;$inspect = $true;$num_jars_found++;if($rgx_log4j.IsMatch($jar)){$l4jf=$jar};$jar_open_read = [IO.Compression.ZipFile]::OpenRead($jar);$entries = try{$jar_open_read;}catch{$inspect=$false;};if($inspect){foreach($e in $entries.Entries){$fn = $e.Fullname;if($rgx_class.Match($fn).Groups[1].Value){$jdlc = 'Found'};if($rgx_class.Match($fn).Groups[2].Value){$jmsa = 'Found'};if($rgx_class.Match($fn).Groups[3].Value){$jdbc = 'Found'};if($rgx_log4j.IsMatch($fn)){$l4jd = $fn;$l4jd_zip = [IO.Compression.ZipArchive]::new($e.Open());foreach ($l4jdE in $l4jd_zip.Entries){$le = $l4jdE.FullName;if($rgx_class.Match($le).Groups[1].Value){$jdlc = 'Found'};if($rgx_class.Match($le).Groups[2].Value){$jmsa = 'Found'};if($rgx_class.Match($le).Groups[3].Value){$jdbc = 'Found'};};$l4jd_zip.Dispose();$e.Archive.Dispose();[GC]::Collect();};if(!$jdlc){$jdlc = 'Not Found';};if(!$jmsa){$jmsa = 'Not Found';};if(!$jdbc){$jdbc = 'Not Found';};};if(!$jdlc){$jdlc = 'Unknown';};if(!$jmsa){$jmsa = 'Unknown';};if(!$jdbc){$jdbc = 'Unknown';};};if($l4jf){-join('f|',$l4jf,'|',$jdlc,'|',$jmsa,'|',$jdbc,\"`r\")| Write-Host};if($l4jd){-join('d|',$jar,'|',$l4jd,'|',$jdlc,'|',$jmsa,'|',$jdbc,\"`r\")| Write-Host};if($l4je){-join($l4je,'|',$jdlc,'|',$jmsa,'|',$jdbc,\"`r\")| Write-Host};[GC]::Collect();[System.Threading.Thread]::Sleep(250);};-join('num_jars_found:',$num_jars_found);};$r = wjb $j -Timeout 3600; rcjb $j;}" > C:\Windows\TEMP\nessus_AGJUTSRL.TMP & ren C:\Windows\TEMP\nessus_AGJUTSRL.TMP nessus_AGJUTSRL.TXT
Editor is loading...
Leave a Comment