/ADC-19781

Check ADC for CVE-2019-19781

Primary LanguagePowerShellGNU General Public License v3.0GPL-3.0

ADC-19781

Several checks for CVE-2019-19781

Module installation

Download the two files (ADC-19781.psd1 & ADC-19781.psm1) and put them in one of the following locations:

  • C:\Users\%USERNAME%\Documents\WindowsPowerShell\Modules\ADC-19781
  • C:\Program Files\WindowsPowerShell\Modules\ADC-19781

Import Module

Import-Module ADC-19781

There are two main functions:

  • ADCFindIfHacked
  • ADCCheckMitigation

ADCFindIfHacked

Execute some test to find out if you are possibly hacked, this wil not give 100% certanty. This is based on currently known facts.

This function requires the use of Posh-SSH, please install before use.

Install-Module Posh-SSH
SYNTAX
    ADCFindIfHacked [-ManagementURL] <uri> [[-TimeOut] <int>] [-Credential] <pscredential> [[-LogFile] <string>] [-NoLog]
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local"
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local" -LogFile C:\Temp\ADCFindIfHacked.log
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local" -NoLog

NOTE: You can optionaly specify the -Credential parameter, if not credential will be asked. NOTE: You can change the logfile location with the -LogFile Parameter or -NoLog if you don't want a logfile. By default a logfile "ADCFindIfHacked_yyyyMMdd-HHmmss.txt" will be created. NOTE: If you have TimeOut issues you can specify the -TimeOut parameter, default value 300.

ADCCheckMitigation

Check the Citrix ADC / NetScaler to verify if the mitigation is in place

SYNTAX
    ADCCheckMitigation [-ManagementURL] <uri> [-Credential] <pscredential>
EXAMPLE
    PS C:\> ADCCheckMitigation -ManagementURL "https://cns001.domain.local"

NOTE: You can optionaly specify the -Credential parameter, if not credential will be asked.

Unable to load Renci.SshNet

If you might receive the following error "Could not load file or assembly 'Renci.SshNet'" you can try to execute the following lines and restart your PowerShell Session.

[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
$publish = New-Object System.EnterpriseServices.Internal.Publish
$publish.GacInstall("C:\Program Files\WindowsPowerShell\Modules\Posh-SSH\2.2\Assembly\Renci.SshNet.dll");