Penetration Testing: Re: Pen test, tcp/1404 found - advice needed

[Sekurity Shaman <sekurityshaman () yahoo com>]

Hailing from the bustling halls of Valhalla i present
ye with the following. Please note the orginal Wizard
who created these magical spells to be cast upon those
that are seen fit to taste their wrath. 

http://www.cqure.net/tools/citrix_pa.zip - Location of
said spells

<start of copy and paste spell>
Unix tools contain citrix-pa-scan.pl and
citrix-pa-proxy.pl.
These tools uses blocking sockets with alarm so they
will probably fail in a win32 environment.
Win32 tools contain pas.pl.

Citrix-pa-scan
==============
This tool should be used to enumerate Citrix published
applications.

Usage:
citrix-pa-scan.pl {IP | file | - | random } [timeout]
where IP is one IP or
file is a one file containing a list with IP or
- is to read IP from standard input or
random to read IP from /dev/urandom.
timeout is the timeout in seconds.

The output if in the following format:
SCANNED IP1|MASTER BROWSER IP1|NO
PROXY?|Application1;Application2
SCANNED IP2|MASTER BROWSER IP2|NO
PROXY?|Application3;Application4

If the output is redirected to a file called pas.wri
it could be supplied to pas.pl.


Citrix-pa-proxy
===============
This tool should be used to enumerate and connect to a
published application with the Citrix client when the
master browser is non-public.

Usage:
citrix-pa-proxy.pl IP_to_proxy_to [Local_IP]
Where IP_to_proxy_to is the remote Citrix server.
Local_IP is default 127.0.0.1. Change it to the local
IP when running the proxy on a remote host (When
running the Citrix client on one host and the proxy on
another). 


Pas
===
This tool should be used to connect to the
applications reported by citrix-pa-scan.pl.

pas.pl requires the output from citrix-pa-scan.pl to
be called pas.wri.
pas.pl asks how the connection went and writes the
output to pas_results.wri.

To enable 128 bit encryption add following row under
the Published Application section in the template.ica
file:
EncryptionLevelSession=EncRC5-128


INFO
====
download my Defcon presentation here
citrix-pa-scan.pl, citrix-pa-proxy.pl and pas.pl is
written by Ian Vitek.
ian.vitek () ixsecurity com

<end of copy and paste spell>

If those spells do not cast properly, you may be
forced to consult an oracle on citrix. 

http://www.google.com/intl/xx-hacker/
http://sh0dan.org/files/hackingcitrix.txt


I will no doubt see you at Ragnarok!!

May Odin be with you in all your journeys!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------