Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Citrix scripts

From: Patrik Karlsson <patrik () labb1 com>
Date: Sat, 19 Dec 2009 21:36:47 +0100
Hi Tom,

Nice to hear that the scripts are working and that they're retrieving the information they're expected to.
The ACL's are particularly interesting when searching for Citrix applications published anonymously.

//Patrik

On 19 dec 2009, at 15.19, Tom Sellers wrote:


Patrik,

      Thanks for writing this code.  I have recently run it against quite a few server
and I really dig the output of published applications and who has rights to them.  Excellent
for use by a PenTester or System Admin that is looking for improperly secured apps.

Kodos!

Tom

On 12/2/2009 3:19 PM, Patrik Karlsson wrote:

Hi all,

I have re-worked and documented my Citrix scripts and made some changes and additions.
The new scripts target the XML Service rather than the ICA Browser and therefore can do more.

As an example the XML versions of the application enumeration script does not only fetch a list of all published 
applications but also the required user or group memberships needed to access them. It will also find applications 
published anonymously.

The Citrix XML Service usually listens to ports 80, 443 or 8080. It can be identified by the following server 
header: "Citrix Web PN Server". It can also "share ports" with IIS by running as an ISAP filter.

I am attaching a zip file with the lot and a brief explanation of each file.
Feedback, suggestions and bug reports are most welcome!

The zip contains 6 files:

citrix-enum-apps-xml.nse
- A script that queries the Citrix XML Service for a list of applications

citrix-enum-apps.nse
- A script that queries the ICA Browser for a list of applications

citrix-enum-servers-xml.nse
-A script that queries the Citrix XML Service for a list of Citrix servers

citrix-enum-servers.nse
- A script that queries the ICA Browser for a list of Citrix servers

citrix-brute-xml.nse
- A script that attempts to guess usernames and passwords against the Citrix XML service
- It allows you to perform password guessing against the local Windows server or the domain

citrixxml.lua
- The library containing some of the many XML requests and response parsers

ed at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: