Hosting Provided By

Citrix pentesting ideas

From: Gareth Bromley <gbromley(at)intstar.com>
Date: Sat Feb 08 2003 - 17:02:27 EST

As subject:

Got some projects involving Citrix (also I guess MS Terminal server) coming up, and was pondering some ways to subvert the desktop when the file sharing option has been disabled.

So far I've come up with the following ideas:
- Using the clipboard copy feature, copy an archive of exploit(s) to the
local PC clipboard, and then paste onto remot desktop.
- If this dont work due to OLE/Binary transfer issues, how about same
concept as above, but first UUEncode (or another means to turn binary into text) the archive, then copy and paste and UUDecode the other end?

Any got any experience of either of these? Or other means?

As an aside, how about ways to interrupt running spawned scripts, say runing a perl script through inetd, that just dumps data and then closes? I was thinking Ctrl+C, Z etc... ot use telnet's send brk, ip, .... however on testing on Linux and Solaris these dont work as I thought. Any ideas??

Gareth

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Sun Feb 9 10:23:38 2003

This message: [ Message body ]
Next message: wirepair: "Re: Citrix pentesting ideas"
Previous message: Martin Walker: "RE: PBX Security"
Next in thread: wirepair: "Re: Citrix pentesting ideas"
Reply: wirepair: "Re: Citrix pentesting ideas"
Reply: wirepair: "Re: Citrix pentesting ideas"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:32 EDT