• Home

  • Documents

  • Got Citrix? Hack IT! Shanit Gupta February 16, 2008
17
Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Tags:

Embed Size (px)

Citation preview

Page 1: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Got Citrix? Hack IT!

Shanit GuptaFebruary 16, 2008

Page 2: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Who Am I?

► Senior Security Consultant – Foundstone Professional Services► Code Review / Threat Modeling / Application Security► Masters from Carnegie Mellon

Page 3: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Agenda

► Background► Demo 1: Kiosk Mode► Demo 2: Unauthenticated Access ► Demo 3: (Un)Hidden Hotkeys► Demo 4: Restricted Desktop Access► Demo 5: Attack Microsoft Office► Remediation Measures

Page 4: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

What / How do I know about Citrix?

Page 5: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

False Sense of Security

Page 6: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo1: Kiosk Mode

Page 7: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo1: Kiosk Mode (Attack Vectors)

► Ctrl + h – View History► Ctrl + n – New Browser► Shift + Left Click – New Browser ► Ctrl + o – Internet Address (browse feature)► Ctrl + p – Print (to file) ► Right Click (Shift + F10)

Save Image As View Source

► F1 – Jump to URL…► Browse to

http://download.insecure.org/nmap/dist/nmap-4.53-setup.exe

Page 8: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

I Hope You Are Patching

*Source: http://secunia.com

Page 9: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo 2: Unauthenticated Access

► 9 publicly accessible exploits 2007 – 08 ► Particularly interesting

Citrix Presentation Server IMA Service Buffer Overflow Vulnerability

Social Engineering: Malicious ICA files

Page 10: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo 2: Unauthenticated Access

► Good Old Brute Force One account is all you need I am sure you are using 2 factor authentication ;-)

Page 11: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo3: (Un)Hidden Hotkeys

► SHIFT+F1: Local Task List► SHIFT+F2: Toggle Title Bar ► SHIFT+F3: Close Remote Application► CTRL+F1: Displays Windows Security Desktop –

Ctrl+Alt+Del► CTRL+F2: Remote Task List ► CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC► ALT+F2: Cycle through programs ► ALT+PLUS: Alt+TAB► ALT+MINUS: ALT+SHIFT+TAB

Page 12: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo4: Restricted Desktop

Page 13: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo4: Restricted Desktop

► Shortcut to C:\► Create Batch File

CMD.exe

► Host Scripting File (filename.vbs) ■ Set objApp = CreateObject("WScript.Shell")■ objApp.Run “CMD C:\“

Page 14: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Demo5: Attack Microsoft Office

► File->Save As Browse Files and Launch CMD.exe

► Press F1 Search Microsoft Click Suites Home Page

► Macros Remote Shell Privilege Escalation

Page 15: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Remediation Strategies

► 1300 different registry settings► It is HARD!

Page 16: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Remediation Strategies

► Lock Down Tools Commercial Freeware http://updates.zdnet.com/tags/lockdown.html

Page 17: Got Citrix? Hack IT! Shanit Gupta February 16, 2008

Questions or Concerns?


HP LoadRunner Product Availability Matrix...12.x Citrix MPS 4.0, 4.5 13.x Citrix XenApp 5.0 14.x Citrix XenApp 6.0 Citrix XenApp 6.5 Citrix XenDesktop 5.5 * - several Citrix agent

HP LoadRunner Product Availability Matrix...12.x Citrix MPS 4.0, 4.5 13.x Citrix XenApp 5.0 14.x Citrix XenApp 6.0 Citrix XenApp 6.5 Citrix XenDesktop 5.5 * - several Citrix agent

Documents
How to load balance Citrix Director 7.6 using a Citrix ... · CITRIX NETSCALER How to load balance Citrix Director 7.6 using a Citrix NetScaler ByJason SamuelonJune 2, 2015 27 SHARES

How to load balance Citrix Director 7.6 using a Citrix ... · CITRIX NETSCALER How to load balance Citrix Director 7.6 using a Citrix NetScaler ByJason SamuelonJune 2, 2015 27 SHARES

Documents
Hack the hack

Hack the hack

Software
Citrix XenDesktop Citrix Provisioning Server · Citrix XenDesktop Citrix Provisioning Server Oliver Lomberg Manager Systems Engineering Channel Citrix Systems Germany Oliver Lomberg

Citrix XenDesktop Citrix Provisioning Server · Citrix XenDesktop Citrix Provisioning Server Oliver Lomberg Manager Systems Engineering Channel Citrix Systems Germany Oliver Lomberg

Documents
To install Citrix Receiver for Mac OS X - Augusta University · Install Citrix Receiver Citrix Receiver Uninstall Citrix Receiver Uninstall Citrix Receiver wants to make changes

To install Citrix Receiver for Mac OS X - Augusta University · Install Citrix Receiver Citrix Receiver Uninstall Citrix Receiver Uninstall Citrix Receiver wants to make changes

Documents
Customize citrix web interface | Citrix NetScaler Access Gateway

Customize citrix web interface | Citrix NetScaler Access Gateway

Technology
Citrix Provisioning 1903 PowerShell with Object Programmer’s Guide · Citrix Application Firewall, Citrix Application Gateway, Citrix Provisioning Services, Citrix Streaming Profiler,

Citrix Provisioning 1903 PowerShell with Object Programmer’s Guide · Citrix Application Firewall, Citrix Application Gateway, Citrix Provisioning Services, Citrix Streaming Profiler,

Documents
Monitoring & Asset Management · Citrix 10 Citrix GoToMeeting 10 Citrix Password Manager 10 Citrix Receiver 10 Citrix Single Sign-On 10 Citrix Workspace App 10 Delivery Controller

Monitoring & Asset Management · Citrix 10 Citrix GoToMeeting 10 Citrix Password Manager 10 Citrix Receiver 10 Citrix Single Sign-On 10 Citrix Workspace App 10 Delivery Controller

Documents
Citrix NetScaler Application Firewall Datasheet - … · Citrix NetScaler AppFirewall Datasheet Citrix NetScaler Application Firewall Citrix ® NetScaler AppFirewall ™ is a comprehensive

Citrix NetScaler Application Firewall Datasheet - … · Citrix NetScaler AppFirewall Datasheet Citrix NetScaler Application Firewall Citrix ® NetScaler AppFirewall ™ is a comprehensive

Documents
Hack the hack vivatech

Hack the hack vivatech

Technology
Citrix ADM HA Deployment Guide · Citrix SD-WAN SE Citrix SD-WAN 9.3.0 and later Citrix ADM 12.0.53.8 and later Citrix SD-WAN EE Citrix SD-WAN 9.3.0 and later Citrix ADM 12.0.53.8

Citrix ADM HA Deployment Guide · Citrix SD-WAN SE Citrix SD-WAN 9.3.0 and later Citrix ADM 12.0.53.8 and later Citrix SD-WAN EE Citrix SD-WAN 9.3.0 and later Citrix ADM 12.0.53.8

Documents
Citrix Provisioning Services 7 - Product Documentation Citrix Application Firewall, Citrix Application Gateway, Citrix Provisioning Services, Citrix Streaming Profiler, Citrix Streaming

Citrix Provisioning Services 7 - Product Documentation Citrix Application Firewall, Citrix Application Gateway, Citrix Provisioning Services, Citrix Streaming Profiler, Citrix Streaming

Documents
Abacus Hack Day Singapore - Winning hack

Abacus Hack Day Singapore - Winning hack

Technology
Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index

Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index

Documents
Installing the Citrix Citrix Receiver 3.3 from Citrix Web Interface …visionloss.ny.gov/connect/projupdt/Upgrading to Citrix Receiver for... · Filename: Upgrading to Citrix Receiver

Installing the Citrix Citrix Receiver 3.3 from Citrix Web Interface …visionloss.ny.gov/connect/projupdt/Upgrading to Citrix Receiver for... · Filename: Upgrading to Citrix Receiver

Documents
Wyse Datacenter for Citrix® XenDesktop® …i.dell.com/.../solutions/...for-citrix-reference-architecture-13g.pdf4.4 Citrix CloudBridge ... Citrix XenDesktop 7.6 support (including

Wyse Datacenter for Citrix® XenDesktop® …i.dell.com/.../solutions/...for-citrix-reference-architecture-13g.pdf4.4 Citrix CloudBridge ... Citrix XenDesktop 7.6 support (including

Documents
Citrix Partner Update The Citrix Delivery Centre

Citrix Partner Update The Citrix Delivery Centre

Documents
Citrix Access Essentials Microsoft and Citrix Our Newest Product – Citrix Access Essentials Carlos Rosal Sales Manager Switzerland Citrix Systems GmbH

Citrix Access Essentials Microsoft and Citrix Our Newest Product – Citrix Access Essentials Carlos Rosal Sales Manager Switzerland Citrix Systems GmbH

Documents
Become a Citrix- Expert - Digicomp€¦ · Citrix Virtualization 8 Citrix Cloud 10 Citrix XenServer 11 Citrix ADC (Networking) 12 Citrix Endpoint Management 15 Citrix Content Collaboration

Become a Citrix- Expert - Digicomp€¦ · Citrix Virtualization 8 Citrix Cloud 10 Citrix XenServer 11 Citrix ADC (Networking) 12 Citrix Endpoint Management 15 Citrix Content Collaboration

Documents
Seattle Central’s Citrix Manualtintin.seattlecentral.edu/it-services/citrix/citrix-manual.pdfSeattle Central’s Citrix Manual . ... The first step is to activate your account. 1

Seattle Central’s Citrix Manualtintin.seattlecentral.edu/it-services/citrix/citrix-manual.pdfSeattle Central’s Citrix Manual . ... The first step is to activate your account. 1

Documents
LoadRunner Product Availability Matrix Citrix XenApp 5.5, 5.6, 6.0, 6.5. 7.0,7.5 Citrix XenDesktop 7.0 Citrix XenDesktop 7.5 Citrix XenDesktop 7.6 Citrix Access Gateway (with Receiver

LoadRunner Product Availability Matrix Citrix XenApp 5.5, 5.6, 6.0, 6.5. 7.0,7.5 Citrix XenDesktop 7.0 Citrix XenDesktop 7.5 Citrix XenDesktop 7.6 Citrix Access Gateway (with Receiver

Documents
Citrix Basics PPT - What is Citrix Products?

Citrix Basics PPT - What is Citrix Products?

Technology
Citrix XenDesktop Product Overview - ADNmedia.adn.de/media/DE/DocLib/citrix-xendesktop-product-overview.… · Citrix XenDesktop Product Overview ... Combined with Citrix CloudBridge™,

Citrix XenDesktop Product Overview - ADNmedia.adn.de/media/DE/DocLib/citrix-xendesktop-product-overview.… · Citrix XenDesktop Product Overview ... Combined with Citrix CloudBridge™,

Documents
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citrix CloudPortal and Citrix CloudBridge

An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citrix CloudPortal and Citrix CloudBridge

Technology
Citrix XenServer on IBM Hardware - Citrix Ready … ·  · 2017-08-10... Citrix XenServer Citrix XenDesktop on XenServer ... storage area networks, and the Citrix XenDesktop Platinum

Citrix XenServer on IBM Hardware - Citrix Ready … ·  · 2017-08-10... Citrix XenServer Citrix XenDesktop on XenServer ... storage area networks, and the Citrix XenDesktop Platinum

Documents
Summer Interns...Julia Ellis-Kahana Mary Francispillai Sheila Gokul Monica Gray Akshay Gupta Garrett J Hack Laura Huang Nathan Iyer Anthony Kashou Christopher ... Chandrasekaran Sambamurthy

Summer Interns...Julia Ellis-Kahana Mary Francispillai Sheila Gokul Monica Gray Akshay Gupta Garrett J Hack Laura Huang Nathan Iyer Anthony Kashou Christopher ... Chandrasekaran Sambamurthy

Documents
Got Citrix? Hack IT!Got Citrix? Hack IT! · Got Citrix? Hack IT!Got Citrix? Hack IT! Shanit Gupta August 7th, 2008

Got Citrix? Hack IT!Got Citrix? Hack IT! · Got Citrix? Hack IT!Got Citrix? Hack IT! Shanit Gupta August 7th, 2008

Documents
Launching Citrix Apps using Citrix receiver Citrix Apps using Citrix receiver...LAUNCHING CITRIX APPS USING CITRIX RECEIVER . Previous version of the Citrix Plugin loaded the Citrix

Launching Citrix Apps using Citrix receiver Citrix Apps using Citrix receiver...LAUNCHING CITRIX APPS USING CITRIX RECEIVER . Previous version of the Citrix Plugin loaded the Citrix

Documents
Citrix XenApp 7 - · PDF file1 Windows 10 End-point client with Citrix Receiver 2 Windows Server 2012 R2 Citrix ... WatchGuard Terminal ... Set Up Citrix XenApp Publish Apps on Citrix

Citrix XenApp 7 - · PDF file1 Windows 10 End-point client with Citrix Receiver 2 Windows Server 2012 R2 Citrix ... WatchGuard Terminal ... Set Up Citrix XenApp Publish Apps on Citrix

Documents
Got Citrix? Hack IT!Got Citrix? Hack IT!

Got Citrix? Hack IT!Got Citrix? Hack IT!

Documents