Penetration Testing mailing list archives
RE: Tool to Brute Force Citrix?
From: "Brett Moore" <brett.moore () insomniasec com>
Date: Mon, 23 Feb 2009 19:52:10 +1300
Brute force against the NFuse Classic web interface then any web forms brute forcer will work. Brute force through the XML service would require a different tool, and not sure if there is a public one available. ? The stuff published on the gnucitizen blog, can be used to brute force direct to the app server, through TCP/UDP/SSLRelay. If CSG is in place then this may not work. ? Don't overlook apps with anonymous access. The stuff at gnucitizen can help there. But the old tools still work against the IMA Service over UDP or the XML service over TCP. Last time I checked, you needed to install the optional PNAgent component of the Ica Client to get the gnucitizen tools to run. I ran a presentation at last years Kiwicon conference on hacking Citrix, and am doing it again at Auscert. Hopefully get round to writing it up into a releasable (ie;readable) format. Hope that helps. Brett -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Lode Vanstechelman Sent: Saturday, 21 February 2009 5:10 a.m. To: jond Cc: pen-test () securityfocus com Subject: Re: Tool to Brute Force Citrix? Hi Jon, You can find some information about hacking Citrix on PDP's website (gnucitizen.org): CITRIX: Owning the Legitimate Backdoor | http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ Hacking CITRIX - the forceful way | http://www.gnucitizen.org/blog/hacking-citrix-the-forceful-way/ Regards, Lode 2009/2/16 jond <x () jond com>
I'm wondering how everyone else Brute Forces Citrix? Is there anything like TSGrinder for Citrix? Thanks in advance, Jon .
Current thread:
- Tool to Brute Force Citrix? jond (Feb 18)
- Re: Tool to Brute Force Citrix? Lode Vanstechelman (Feb 22)
- RE: Tool to Brute Force Citrix? Brett Moore (Feb 26)
- Message not available
- Re: Tool to Brute Force Citrix? jond (Feb 26)
- Re: Tool to Brute Force Citrix? Lode Vanstechelman (Feb 22)