Re: Pentesting a Citrix Network

From: DrobyX (droby10at_private)
Date: Tue Mar 05 2002 - 09:53:03 PST

Next message: Greg: "RE: Pentesting a Citrix Network"

Previous message: Erlend J. Leiknes: "Re: Pentesting a Citrix Network"
Maybe in reply to: Franklin DeMatto: "Pentesting a Citrix Network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---- Franklin DeMatto <franklin.listsat_private> wrote:
> They also listen on the 1494 port (which is designated for citrix)
> 
> I was unable to get it to respond to any HTTP request, by hand or with
> a 
> browser....
> 

the ica protocol is not human-language based, so you'll be hard-pressed
to get anything out of it with http commands.  it uses (if unspecified
at install) the system-default encryption level - which is typically
56-bit on freshly staged machines.  for the most part, the protocol itself
is fairly secure, maybe you should try another route?  more recently
it's come to focus that the client-side is somewhat vulnerable.  you've
already identified a web-service.  considering it's used to distribute
an ica configuration to the citrix client, what routes are available
through compromising it.  have you looked at the ica(err. ini file)-file?
 it's plain-text.  does it allow for other types of attacks/manipulations
(ie. hostname/ip => dns poisoning/route modifications).

for what it's worth, here's a somewhat-outdated link with some information
on a few citrix command-line utilities used for querying against a master
browser.

http://lists.insecure.org/pen-test/2000/Oct/0141.html

> Franklin DeMatto
> Senior  Analyst, qDefense Penetration Testing
> http://qDefense.com
> qDefense: Making Security Accessible
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/
> 
> 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Greg: "RE: Pentesting a Citrix Network"
Previous message: Erlend J. Leiknes: "Re: Pentesting a Citrix Network"
Maybe in reply to: Franklin DeMatto: "Pentesting a Citrix Network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 17:19:44 PST