Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pentesting a Citrix Network
From: "DrobyX" <droby10 () onebox com>
Date: Tue, 05 Mar 2002 11:53:03 -0600

---- Franklin DeMatto <franklin.lists () qDefense com> wrote:
They also listen on the 1494 port (which is designated for citrix)

I was unable to get it to respond to any HTTP request, by hand or with
a 
browser....


the ica protocol is not human-language based, so you'll be hard-pressed
to get anything out of it with http commands.  it uses (if unspecified
at install) the system-default encryption level - which is typically
56-bit on freshly staged machines.  for the most part, the protocol itself
is fairly secure, maybe you should try another route?  more recently
it's come to focus that the client-side is somewhat vulnerable.  you've
already identified a web-service.  considering it's used to distribute
an ica configuration to the citrix client, what routes are available
through compromising it.  have you looked at the ica(err. ini file)-file?
 it's plain-text.  does it allow for other types of attacks/manipulations
(ie. hostname/ip => dns poisoning/route modifications).

for what it's worth, here's a somewhat-outdated link with some information
on a few citrix command-line utilities used for querying against a master
browser.

http://lists.insecure.org/pen-test/2000/Oct/0141.html

Franklin DeMatto
Senior  Analyst, qDefense Penetration Testing
http://qDefense.com
qDefense: Making Security Accessible


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault