Skip to content

mlynchcogent/CVE-2023-4966-POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

exploit.py

exploit.py

 
 

openssl.cnf

openssl.cnf

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

CVE-2023-4966-POC

Proof Of Concept for NetScaler CVE-2023-4966 Vulnerability

Description

This Python script exploits CVE-2023-4966, a critical vulnerability in Citrix ADC instances that allows unauthenticated attackers to leak session tokens. The vulnerability is assigned a CVSS score of 9.4 and is remotely exploitable without user interaction. Citrix NetScaler appliances configured as Gateways (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual servers are vulnerable to this attack.

Usage

$ OPENSSL_CONF=./openssl.cnf python3.10 exploit.py -h

Options

  • -u URL, --url URL Specify the Citrix ADC / Gateway target (e.g., https://192.168.1.200).
  • -f FILE, --file FILE Provide a file containing a list of target URLs (one URL per line).
  • -o OUTPUT, --output OUTPUT Specify the file to save the output results.
  • -v, --verbose Enable verbose mode.
  • --only-valid Only show results with valid session tokens.

How to use

For a single target:

  • $ OPENSSL_CONF=./openssl.cnf python3.10 exploit.py -u https://target.example.com

For multiple targets listed in a file:

  • $ OPENSSL_CONF=./openssl.cnf python3.10 exploit.py -f targets.txt --only-valid

Disclaimer

This script is provided for educational and research purposes only. Use it responsibly and only on systems you have permission to test.

Reference

Senpaisamp, Italy

About

Proof Of Concept for te NetScaler Vuln

Resources

Readme

License

GPL-3.0 license
Activity

Stars

4 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages