POC详情: 5e58295a8539871cbfb79865329752ec998d9983

来源
https://github.com/j81blog/ADC-19781
关联漏洞
标题: Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞 (CVE-2019-19781)
描述:Citrix Systems NetScaler Gateway(Citrix Systems Gateway)和Citrix Application Delivery Controller(ADC)都是美国思杰系统(Citrix Systems)公司的产品。Citrix Systems NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能,以实现用户从任何地点远程访问应用和数据。Citrix Application Delivery Controll
描述
Check ADC for CVE-2019-19781
介绍
# ADC-19781
Several checks for CVE-2019-19781


## Module installation 
Download the two files (ADC-19781.psd1 & ADC-19781.psm1) and put them in one of the following locations:
- C:\Users\\%USERNAME%\Documents\WindowsPowerShell\Modules\ADC-19781
- C:\Program Files\WindowsPowerShell\Modules\ADC-19781

## Import Module
```powershell
Import-Module ADC-19781
```

There are two main functions:
- ADCFindIfHacked
- ADCCheckMitigation

### ADCFindIfHacked
Execute some test to find out if you are possibly hacked, this wil not give 100% certanty.
This is based on currently known facts.

This function requires the use of [Posh-SSH](https://www.powershellgallery.com/packages/Posh-SSH), please install before use.

```powershell
Install-Module Posh-SSH
```

```powershell
SYNTAX
    ADCFindIfHacked [-ManagementURL] <uri> [[-TimeOut] <int>] [-Credential] <pscredential> [[-LogFile] <string>] [-NoLog]
```

```powershell
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local"
```
```powershell
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local" -LogFile C:\Temp\ADCFindIfHacked.log
```
```powershell
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local" -NoLog
```
NOTE: You can optionaly specify the -Credential <Credential> parameter, if not credential will be asked.
NOTE: You can change the logfile location with the -LogFile Parameter or -NoLog if you don't want a logfile. By default a logfile "ADCFindIfHacked_yyyyMMdd-HHmmss.txt" will be created.
NOTE: If you have TimeOut issues you can specify the -TimeOut parameter, default value 300.

### ADCCheckMitigation
Check the Citrix ADC / NetScaler to verify if the mitigation is in place

```powershell
SYNTAX
    ADCCheckMitigation [-ManagementURL] <uri> [-Credential] <pscredential>
```

```powershell
EXAMPLE
    PS C:\> ADCCheckMitigation -ManagementURL "https://cns001.domain.local"
```
NOTE: You can optionaly specify the -Credential <Credential> parameter, if not credential will be asked.

### Unable to load Renci.SshNet
If you might receive the following error "Could not load file or assembly 'Renci.SshNet'" you can try to execute the following lines and restart your PowerShell Session.

```powershell
[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
$publish = New-Object System.EnterpriseServices.Internal.Publish
$publish.GacInstall("C:\Program Files\WindowsPowerShell\Modules\Posh-SSH\2.2\Assembly\Renci.SshNet.dll");
```
文件快照

 [4.0K]  /data/pocs/5e58295a8539871cbfb79865329752ec998d9983
├── [7.9K]  ADC-19781.psd1
├── [ 70K]  ADC-19781.psm1
├── [ 34K]  LICENSE
└── [2.5K]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。