漏洞平台

POC详情： 312c130873f055c6d28cb559ddbd216b3254d797

来源

https://github.com/jmussmann/cve-2023-4966-iocs

关联漏洞

标题： Citrix Systems NetScaler ADC和NetScaler Gateway 安全漏洞 (CVE-2023-4966)
描述：Citrix Systems Citrix NetScaler Gateway（Citrix Systems Gateway）和Citrix Systems NetScaler ADC都是美国思杰系统（Citrix Systems）公司的产品。Citrix NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能，以实现用户从任何地点远程访问应用和数据。Citrix Systems NetScaler ADC是一个应用程序交付和安全平台。 NetScale

描述

Python script to search Citrix NetScaler logs for possible CVE-2023-4966 exploitation.

介绍

# Scan for CVE-2023-4966 IoCs

## Script: check-cve-2023-4966.py

The script searches the Citrix NetScaler logs for possible CVE-2023-4966 exploitation.

### Usage

```
usage: check-cve-2023-4966.py [-h] [--nologline] logdir_path

Python script to check CitrixNetScaler logs for possible CVE-2023-4966 exploitation

positional arguments:
  logdir_path  path to NetScaler log files (located on the NetScaler in the directory /mnt/temp/log/)

options:
  -h, --help   show this help message and exit
  --nologline  do not print the logline
```

### Example

```bash
$ python check-cve-2023-4966.py NetScaler/log/mnt/temp/log/ --nologline
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
Logpath NetScaler/log/mnt/temp/log/ns.log.4.gz User: user1 Client_ip: XXX.XXX.XXX.XXX Source_ip YYY.YYY.YYY.YYY Session_id: 12345
```

## Citrix XenDesk/XenApp Monitoring Database

Citrix XenDesk and XenApp sessions are logged in the monitoring database.
With this monitoring database it is possible to find the sessions and worker machines which might be used after successful exploitation.

The helper directory contains sql queries to check the monitoring database.

### machines.sql

Script to get the machine id, name and ip address.

## last-sessions.sql

Query to get sessions from a specific machine (MachineId).

## session query

Query to get additionl sessions information for a specific machine (MachineId) and user.

文件快照


 [4.0K]  /data/pocs/312c130873f055c6d28cb559ddbd216b3254d797
├── [3.0K]  check-cve-2023-4966.py
├── [4.0K]  helper
│   ├── [ 275]  last-sessions.sql
│   ├── [  89]  machines.sql
│   └── [ 604]  session-query.sql
├── [1.0K]  LICENCE
└── [2.5K]  README.md

1 directory, 6 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。