Pentesting a Citrix Network

• Previous message: Mike Shaw: "use of Perlscript to bypass executable restrictions"
• Next in thread: Erlend J. Leiknes: "Re: Pentesting a Citrix Network"
• Reply: Erlend J. Leiknes: "Re: Pentesting a Citrix Network"
• Reply: DrobyX: "Re: Pentesting a Citrix Network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 03 Mar 2002 16:53:33 -0500
To: pen-test@securityfocus.com
From: Franklin DeMatto <franklin.lists@qDefense.com>

I'm pentesting a network that includes two Citrix servers on Win 2k. As I
have no experience whatsoever with Citrix, I thought I'd ask if anyone can
help me out. The servers listen on port 80, with the following banners:

HEAD / HTTP/1.0

HTTP/1.1 400 Bad request
Server: Citrix Web PN Server
Date: xxxx
Connection: Close

They also listen on the 1494 port (which is designated for citrix)

I was unable to get it to respond to any HTTP request, by hand or with a
browser.

I'd appreciate if anyone could help me with some of the following questions
(again, they may be basic, I have never used Citrix):

Which Citrix product is it? Is there a way to fingerprint it?
How do I get it to respond to HTTP requests?
Are there any information disclosure possibilites? How about
vulnerabilities (i.e. buffer overflows, etc.)?

Any help would be very appreciated!

Franklin DeMatto
Senior Analyst, qDefense Penetration Testing
http://qDefense.com
qDefense: Making Security Accessible

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Mike Shaw: "use of Perlscript to bypass executable restrictions"
• Next in thread: Erlend J. Leiknes: "Re: Pentesting a Citrix Network"
• Reply: Erlend J. Leiknes: "Re: Pentesting a Citrix Network"
• Reply: DrobyX: "Re: Pentesting a Citrix Network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages problems with Citrix and SunRay servers ... We have 2 SunRay servers that provide redundant desktops to users. ... connect to 2 Citrix MicroSoft servers to give them access to Outlook, ... Regularly, like now, nobody can get a connection with this Citrix client ... (SunManagers) Unable to create a profile on one of our servers ... Please upgrade to latest Service Pack and check it the ... They are both also Citrix ... MetaFrame XPa servers. ... >"Windows cannot log you on because the profile cannot be ... (microsoft.public.win2000.advanced_server) Re: terminal server on VMware ... I have to disagree with most of the posts here, we are running ESX ... 16 of our 35 Citrix servers split up and running between 2 of our ESX ... addresses shortly by VMWare with the shared resources. ... (microsoft.public.windows.terminal_services) RE: Thin-clients: THE Solution to the Security problem ... from IE on the Metaframe servers. ... IE is a major vector, ... A thin client is an attempt to apply network sandbox security. ... Maybe you can start by serving inidividual application using Citrix, ... (Security-Basics) Very Strange Citrix Problem going on 6 months HELP! ... Is this problem only affecting the thin clients? ... I have nice servers, all HP ... >4- Citrix servers running Office, Lotus, ACT, and BPCS. ... >got major network lag using Citrix, ... (microsoft.public.win2000.termserv.apps)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint