Penetration Testing mailing list archives
Re: (citrix testing)
From: ed.rolison () itc alstom com
Date: Wed, 13 Feb 2002 08:35:55 +0000
I don't think that script will be hugely useful for pen-testing. Basically what it does is replay a packet dump of the initial server discovery handshake. Broadcast on port 1604, replays the packet, waits for the response and greps for 'key' strings. (Wahey netcat) It works well enough to grab a list of published applications on the citrix server, which is ideal for system monitoring. Cheers Ed Rolison Sam Bracke <sam () crashdot be> on 12/02/2002 16:03:30 To: pen-test () securityfocus com cc: dhavanmehta () hotmail com Subject: Re: There's a citrix monitoring script available for the Big Brother (BB4) monitoring system: http://www.bb4.com http://www.deadcat.net/cgi-bin/download.pl?section=1&file=bb-citrix.sh Hope this helps cheers -Sam On Thursday 01 January 1970 00:59, wrote:
Received: (qmail 31313 invoked from network); 11 Feb 2002 19:26:47 -0000 Sender: root () atstake com Message-ID: <3C681B5E.9B1D0F71 () atstake com> Date: Mon, 11 Feb 2002 14:28:30 -0500 From: Dave Aitel <daitel () atstake com> X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Dhavan Mehta <dhavanmehta () hotmail com> Cc: pen-test () securityfocus com Subject: Re: citrix systems audit program/Minimum Baseline Standards References: <F137BnccYTjr8cU6xfP00010649 () hotmail com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Nopes. But there's a citrix fuzzer built into SPIKE at spike.sourceforge.net. (new version out real soon now with an even-more-useless halflife fuzzer. :>) -dave Dhavan Mehta wrote:Hi Folks, Does anybody have an audit program/MBS for reviewing citrix systems? Any help will be greatly appreciated. Thanks in advance Dhavan _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
-------------------------------------------------------------------------
--- This list is provided by the SecurityFocus Security Intelligence
Alert
(SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilitiesplease see:https://alerts.securityfocus.com/
---------------------------------------------------------------------------
- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ CONFIDENTIALITY: This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: (citrix testing) ed . rolison (Feb 13)