Nmap Development mailing list archives
Re: Citrix scripts
From: Patrik Karlsson <patrik () labb1 com>
Date: Sat, 19 Dec 2009 21:36:47 +0100
Hi Tom, Nice to hear that the scripts are working and that they're retrieving the information they're expected to. The ACL's are particularly interesting when searching for Citrix applications published anonymously. //Patrik On 19 dec 2009, at 15.19, Tom Sellers wrote:
Patrik, Thanks for writing this code. I have recently run it against quite a few server and I really dig the output of published applications and who has rights to them. Excellent for use by a PenTester or System Admin that is looking for improperly secured apps. Kodos! Tom On 12/2/2009 3:19 PM, Patrik Karlsson wrote:Hi all, I have re-worked and documented my Citrix scripts and made some changes and additions. The new scripts target the XML Service rather than the ICA Browser and therefore can do more. As an example the XML versions of the application enumeration script does not only fetch a list of all published applications but also the required user or group memberships needed to access them. It will also find applications published anonymously. The Citrix XML Service usually listens to ports 80, 443 or 8080. It can be identified by the following server header: "Citrix Web PN Server". It can also "share ports" with IIS by running as an ISAP filter. I am attaching a zip file with the lot and a brief explanation of each file. Feedback, suggestions and bug reports are most welcome! The zip contains 6 files: citrix-enum-apps-xml.nse - A script that queries the Citrix XML Service for a list of applications citrix-enum-apps.nse - A script that queries the ICA Browser for a list of applications citrix-enum-servers-xml.nse -A script that queries the Citrix XML Service for a list of Citrix servers citrix-enum-servers.nse - A script that queries the ICA Browser for a list of Citrix servers citrix-brute-xml.nse - A script that attempts to guess usernames and passwords against the Citrix XML service - It allows you to perform password guessing against the local Windows server or the domain citrixxml.lua - The library containing some of the many XML requests and response parsersed at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Citrix scripts Patrik Karlsson (Dec 02)
- Re: Citrix scripts Thomas Buchanan (Dec 03)
- Re: Citrix scripts Patrik Karlsson (Dec 03)
- Re: Citrix scripts David Fifield (Dec 13)
- Re: Citrix scripts Patrik Karlsson (Dec 14)
- Re: Citrix scripts Tom Sellers (Dec 19)
- Re: Citrix scripts Patrik Karlsson (Dec 21)
- Re: Citrix scripts Thomas Buchanan (Dec 03)