Dailydave mailing list archives
Re: Owning Citrix & Terminal Services Clients
From: "Hamid . K" <elite_netbios () yahoo com>
Date: Tue, 4 Mar 2008 08:42:02 -0800 (PST)
I`ve posted some notes about this case ,following previous works on my blog few days ago . Though it may be interesting for some of list members. ,feel free to replay on list ,or drop some comments , specially about 'attack-1' . Here`s the link http://hkashfi.blogspot.com/2008/03/citrix-terminal-service-and-some-dirty.html regards Hamid ----- Original Message ---- From: DSquare Security <info () d2sec com> To: dailydave () lists immunitysec com Sent: Wednesday, February 27, 2008 9:47:32 PM Subject: [Dailydave] Owning Citrix & Terminal Services Clients Several vulnerabilities can help you to compromise a Citrix server or a Terminal Services server. So the question is: what can you do when you have a privileged access on these Citrix and Terminal Services servers? The answer is simple: try to compromise Citrix and TS clients. There are at least two interesting ways to access client data 1) Spying his session to get passwords from a published application 2) Accessing his local drives if they are mapped in the session D2CiTerm is designed to help you in this kind of work. Here are two demonstrations of this tool: 1) From a remote SYSTEM access after the exploitation of Citrix MPS 4.0 IMA Service Heap overflow: http://www.d2sec.com/d2citerm_1.htm 2) From a privileged Citrix session: http://www.d2sec.com/d2citerm_2.htm This tool will be released in the next update of D2 Exploitation Pack. -- DSquare Security, LLC http://www.d2sec.com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Owning Citrix & Terminal Services Clients DSquare Security (Feb 27)
- Re: Owning Citrix & Terminal Services Clients Dave Korn (Feb 28)
- <Possible follow-ups>
- Re: Owning Citrix & Terminal Services Clients Hamid . K (Mar 05)