.

Citrix pen testing

<<

toggmeister

Post Thu Sep 25, 2008 4:04 pm

Citrix pen testing

Hi all,

Been putting together a Citrix specific help guide to include in the next version of the Penetration Test Framework.

Its not linked from my site yet, but heres a 1st heads up for the Ethical Hacker Community (All links hopefully work  ;))

It is available from:

http://www.vulnerabilityassessment.co.u ... itrix.html

Would like any comments and especially any extra input (even if its minor points - all appreciated) that you think might help me (and everyone) out

PM me or post with your thoughts, good or bad

Kev Orrey
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Thu Sep 25, 2008 6:33 pm

Re: Citrix pen testing

Wow perfect timing my company is about to start a big project to evaluate our Citrix setup!  I'll let you know how it works out.  Thanks!
CISSP, CEH, GPEN, GCIH, GCFA
<<

toggmeister

Post Fri Sep 26, 2008 1:53 am

Re: Citrix pen testing

geekyone wrote:Wow perfect timing my company is about to start a big project to evaluate our Citrix setup!  I'll let you know how it works out.  Thanks!


No probs, happy to help, when you test if you find any other information that could be useful, please PM or post and I'll add it in

If you have locked down boxes with just browser capability how about also trying to navigate to:

http://ikat.ha.cked.net/

Lots of custom, vbs, vbe, swf et al mini scripts to try and defeat lockdowns, I forgot to add this in to the exploitation phase but will be added on the final iteration.

Cool talk I attended at Defcon and thought apart from Kiosks may also help breaking out of Citrix user jails

Rgds

Kev Orrey
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sat Sep 27, 2008 2:04 am

Re: Citrix pen testing

There was a great presentation at Shmoocon 2008 on hacking Citrix.  They were all really simple hacks as well.  I believe the 2008 videos are down, maybe some one has a copy. 

The hacks were all post-authentication.  Everyone already knows how to hack web-based authentication.  The presentation focused on breaching the "isolation" environment citrix is supposed to offer.

One example was hitting F1 after launching an application for help.  You can then navigate to another url within the help menu, such file://%systemroot%\system32\cmd.exe. 

There are also various short-cut keys that allow you to bring up task manager and such.
~~~~~~~~~~~~~~
Ketchup
<<

toggmeister

Post Sun Sep 28, 2008 2:51 pm

Re: Citrix pen testing

Hi,

I was a little bored this sunday and decided to do a little more.  The guys at Security-database.com reminded me I was a little remiss in not adding in scanning esp Nessus so I have revamped the page and almost doublked the original content.  Some new Google dorks (I think the ghdb is a little old for Citrix) and a few other new things added.

What do you think

Kev

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software