Bugtraq mailing list archives
Re: Remote Desktop Command Fixation Attacks
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Thu, 11 Oct 2007 01:24:48 +0100
Steve, try to email someone from your company a batch file. i am sure that that will fail, mainly because you realize that it is a security risk. right? now try to email a .rdp or .ica file. it works 99% of all the time. second, please read the article. :) no offense, but you are completely missing the point here. 3rd, users does not need to have admin rights, these rights can be obtained with privilege escalations exercise. this is not A to Z attack. you are missing all other letters in between. this is just my humble opinion. cheers, pdp On 10/10/07, Steve Shockley <steve.shockley () shockley net> wrote:
pdp (architect) wrote:The attack is rather simple. All the bad guys have to do is to compose a malicious RDP (for Windows Terminal Services) or ICA (for CITRIX) file and send it to the victim. The victim is persuaded to open the file by double clicking on it. When the connection is established, the user will enter their credentials to login and as such let the hackers in. Vicious!So, "all you have to do" is persuade the user to run an attachment and type in credentials. Wouldn't it be simpler to just email the user a batch file and have them run it? Why not just use the same message from "Tim from Tech Department" and substitute a web page for the RDP file? It's not clear from your article, but I assume you're having the user connect to their normal Citrix or TS farm to run the program. First, why in the world would you give users administrative rights on your servers? Secondly, why wouldn't you use software restriction policies to whitelist only allowed apps on your server? > I will show you how easy it is to compromise a well protected Windows Terminal or CITRIX server No, you showed how to compromise a poorly-configured TS or Citrix server. > Security in depth does not exist! Sounds more like shallow configurations.
-- pdp (architect) | petko d. petkov http://www.gnucitizen.org
Current thread:
- Remote Desktop Command Fixation Attacks pdp (architect) (Oct 10)
- Re: Remote Desktop Command Fixation Attacks Steve Shockley (Oct 10)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 11)
- RE: Remote Desktop Command Fixation Attacks Thor (Hammer of God) (Oct 10)
- RE: Remote Desktop Command Fixation Attacks M. Burnett (Oct 11)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 11)
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks gboyce (Oct 11)
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks pdp (architect) (Oct 11)
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks gjgowey (Oct 11)
- RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Paul Melson (Oct 11)
- RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Alex Everett (Oct 15)
- RE: Remote Desktop Command Fixation Attacks Jim Harrison (Oct 11)
- Re: Remote Desktop Command Fixation Attacks hvdkooij (Oct 12)
- Re: Remote Desktop Command Fixation Attacks Steve Shockley (Oct 10)