Penetration Testing mailing list archives
Re: [PEN-TEST] Citrix (and other remote-terminal madness)
From: "Kevin J. Menard, Jr." <kmenard () WPI EDU>
Date: Tue, 10 Oct 2000 15:46:44 -0400
Or if you get really motivated, VNC is open source, and you could probably add any feature your little heart desires. -Kevin ----- Original Message ----- From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, October 10, 2000 12:03 PM Subject: Re: [PEN-TEST] Citrix (and other remote-terminal madness)
If you're looking for a graphical remote-interface, you might try VNC.
The
Client is cross platform (Even works on MacOS and WinCE). The server
works
on all windows platforms, And source is available for UNIX Platforms, with binaries available for almost all popular flavors. It only allows keyboard and mouse. No file transfers or anything. On
Win*,
there can only one user at a time. On UNIX, VNC creates extended virtual
X
Window System Desktops, so multiple users can be logged into the same
server
at the same time... :0, :1, :2, etc... For silly things like Netscape, this will probably work fine. the Windows VNC client even supports "Full Screen Mode" where "windows" goes into the background, and the remote machine seems to be local. It works okay over a T1, and there have been multible enhancements to the VNC protocol that allow for encryption, higher levels
of
compression, etc... and VNC works great through a VPN or SSH tunnel. VNC can be grabbed from http://www.uk.research.att.com/vnc/, This version has no encryption that I know of... Do a search and you can probably find others... I typically just shove the protocol through OpenSSH. -----Original Message----- From: Peter Van Epp [mailto:vanepp () SFU CA] Sent: Tuesday, October 10, 2000 10:45 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: CitrixOn Mon, 9 Oct 2000, Beauregard, Claude Q wrote:Has anyone done any penetration regarding Citrix and Internet access
as
provided by the Citrix servers to internal network resources. Eventhoughthey are now using 128bit encryption for the client the hole in thefirewallis there waiting to be exploited.Can you elaborate what you see as a hole? Hugo.While I'm not the original poster, I was (and to some extent still am) looking at this as a way to get "web" access in to a secure network. My concern is that as I feared the link between the client and server is apparantly a full service link (i.e. it allows drive mounting from the server by the client for instance). The application I'm interested in (and which sounds like what this person is doing) is to have the server out on the net, subject
to
being broken in to like all NT devices but having nothing except video commands going in and key strokes coming out from the secure network. Thus a
breakin
on the server doesn't compromise the internal secure network (as long as confidential data is kept off of the Citrix server at least). The attacker can draw obcsene images on a single screen inside the secure network, but
likely
(modulo bugs in the video drawing routines on the client side of course) can't take over the client machine and compromise the internal network. It looks to me from what little I have found out about the Citrix protocol that you would need an application proxy type firewall to filter out all protocol
elements
other than screen draw commands in and key strokes out before you could do this safely. With things like file system mounting possible I expect that
a
compromise of the server could also result in a compromise of the secure network that the client is part of by subverting the client. This of course may not be possible if the protocol gets unhappy about not being able to talk to the client except with video drawing commands. Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada
Current thread:
- Re: [PEN-TEST] Citrix (and other remote-terminal madness) Dunker, Noah (Oct 10)
- Re: [PEN-TEST] Citrix (and other remote-terminal madness) Kevin J. Menard, Jr. (Oct 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Citrix (and other remote-terminal madness) Jay Mobley (Oct 10)
- Re: [PEN-TEST] Citrix (and other remote-terminal madness) Beauregard, Claude Q (Oct 11)