Dailydave mailing list archives
Re: Owning Citrix & Terminal Services Clients
From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 28 Feb 2008 14:32:49 -0000
On 27 February 2008 18:18, DSquare Security wrote:
There are at least two interesting ways to access client data 1) Spying his session to get passwords from a published application 2) Accessing his local drives if they are mapped in the session
Not to mention the IPC$ share and all those pipes you can't get at (because of RestrictAnonymous=1 these days) without being authenticated. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Owning Citrix & Terminal Services Clients DSquare Security (Feb 27)
- Re: Owning Citrix & Terminal Services Clients Dave Korn (Feb 28)
- <Possible follow-ups>
- Re: Owning Citrix & Terminal Services Clients Hamid . K (Mar 05)