---- Franklin DeMatto <franklin.lists_at_qDefense.com> wrote:
> They also listen on the 1494 port (which is designated for citrix)
>
> I was unable to get it to respond to any HTTP request, by hand or with
> a
> browser....
>
the ica protocol is not human-language based, so you'll be hard-pressed
to get anything out of it with http commands. it uses (if unspecified
at install) the system-default encryption level - which is typically
56-bit on freshly staged machines. for the most part, the protocol itself
is fairly secure, maybe you should try another route? more recently
it's come to focus that the client-side is somewhat vulnerable. you've
already identified a web-service. considering it's used to distribute
an ica configuration to the citrix client, what routes are available
through compromising it. have you looked at the ica(err. ini file)-file?
it's plain-text. does it allow for other types of attacks/manipulations
(ie. hostname/ip => dns poisoning/route modifications).
for what it's worth, here's a somewhat-outdated link with some information
on a few citrix command-line utilities used for querying against a master
browser.
http://lists.insecure.org/pen-test/2000/Oct/0141.html
> Franklin DeMatto
> Senior Analyst, qDefense Penetration Testing
> http://qDefense.com
> qDefense: Making Security Accessible
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Mar 06 2002
Intro
