Re: Pentesting a Citrix Network

From: DrobyX (droby10@onebox.com)
Date: 03/05/02 

Date: Tue, 05 Mar 2002 11:53:03 -0600
From: "DrobyX" <droby10@onebox.com>
To: Franklin DeMatto <franklin.lists@qDefense.com>

---- Franklin DeMatto <franklin.lists@qDefense.com> wrote:
> They also listen on the 1494 port (which is designated for citrix)
>
> I was unable to get it to respond to any HTTP request, by hand or with
> a
> browser....
>

the ica protocol is not human-language based, so you'll be hard-pressed
to get anything out of it with http commands. it uses (if unspecified
at install) the system-default encryption level - which is typically
56-bit on freshly staged machines. for the most part, the protocol itself
is fairly secure, maybe you should try another route? more recently
it's come to focus that the client-side is somewhat vulnerable. you've
already identified a web-service. considering it's used to distribute
an ica configuration to the citrix client, what routes are available
through compromising it. have you looked at the ica(err. ini file)-file?
 it's plain-text. does it allow for other types of attacks/manipulations
(ie. hostname/ip => dns poisoning/route modifications).

for what it's worth, here's a somewhat-outdated link with some information
on a few citrix command-line utilities used for querying against a master
browser.

http://lists.insecure.org/pen-test/2000/Oct/0141.html

> Franklin DeMatto
> Senior Analyst, qDefense Penetration Testing
> http://qDefense.com
> qDefense: Making Security Accessible
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Pentesting a Citrix Network
    ... Subject: Pentesting a Citrix Network ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)