EH-Net
May 25, 2013, 07:30:38 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
EH-Net > Ethical Hacking Discussions and Related Certifications > Network Pen Testing (Moderator: don) > Citrix pen testing
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Citrix pen testing  (Read 8068 times)
0 Members and 1 Guest are viewing this topic.
toggmeister
Guest
« on: September 25, 2008, 04:04:39 PM »
Hi all,

Been putting together a Citrix specific help guide to include in the next version of the Penetration Test Framework.

Its not linked from my site yet, but heres a 1st heads up for the Ethical Hacker Community (All links hopefully work  Wink)

It is available from:

http://www.vulnerabilityassessment.co.uk/test/Citrix.html

Would like any comments and especially any extra input (even if its minor points - all appreciated) that you think might help me (and everyone) out

PM me or post with your thoughts, good or bad

Kev Orrey
Logged
geekyone
Full Member
***
Offline Offline

Posts: 180



View Profile
« Reply #1 on: September 25, 2008, 06:33:15 PM »
Wow perfect timing my company is about to start a big project to evaluate our Citrix setup!  I'll let you know how it works out.  Thanks!
Logged
CISSP, CEH, GPEN, GCIH, GCFA
toggmeister
Guest
« Reply #2 on: September 26, 2008, 01:53:00 AM »
Quote from: geekyone on September 25, 2008, 06:33:15 PM
Wow perfect timing my company is about to start a big project to evaluate our Citrix setup!  I'll let you know how it works out.  Thanks!

No probs, happy to help, when you test if you find any other information that could be useful, please PM or post and I'll add it in

If you have locked down boxes with just browser capability how about also trying to navigate to:

http://ikat.ha.cked.net/

Lots of custom, vbs, vbe, swf et al mini scripts to try and defeat lockdowns, I forgot to add this in to the exploitation phase but will be added on the final iteration.

Cool talk I attended at Defcon and thought apart from Kiosks may also help breaking out of Citrix user jails

Rgds

Kev Orrey
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #3 on: September 27, 2008, 02:04:30 AM »
There was a great presentation at Shmoocon 2008 on hacking Citrix.   They were all really simple hacks as well.   I believe the 2008 videos are down, maybe some one has a copy.   

The hacks were all post-authentication.  Everyone already knows how to hack web-based authentication.  The presentation focused on breaching the "isolation" environment citrix is supposed to offer.

One example was hitting F1 after launching an application for help.  You can then navigate to another url within the help menu, such file://%systemroot%\system32\cmd.exe.   

There are also various short-cut keys that allow you to bring up task manager and such.
Logged
~~~~~~~~~~~~~~
Ketchup
toggmeister
Guest
« Reply #4 on: September 28, 2008, 02:51:30 PM »
Hi,

I was a little bored this sunday and decided to do a little more.  The guys at Security-database.com reminded me I was a little remiss in not adding in scanning esp Nessus so I have revamped the page and almost doublked the original content.  Some new Google dorks (I think the ghdb is a little old for Citrix) and a few other new things added.

What do you think

Kev
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.105 seconds with 20 queries.