Penetration Testing mailing list archives
Citrix pentesting ideas
From: "Gareth Bromley" <gbromley () intstar com>
Date: Sat, 8 Feb 2003 22:02:27 -0000
As subject: Got some projects involving Citrix (also I guess MS Terminal server) coming up, and was pondering some ways to subvert the desktop when the file sharing option has been disabled. So far I've come up with the following ideas: - Using the clipboard copy feature, copy an archive of exploit(s) to the local PC clipboard, and then paste onto remot desktop. - If this dont work due to OLE/Binary transfer issues, how about same concept as above, but first UUEncode (or another means to turn binary into text) the archive, then copy and paste and UUDecode the other end? Any got any experience of either of these? Or other means? As an aside, how about ways to interrupt running spawned scripts, say runing a perl script through inetd, that just dumps data and then closes? I was thinking Ctrl+C, Z etc... ot use telnet's send brk, ip, .... however on testing on Linux and Solaris these dont work as I thought. Any ideas?? Gareth ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Citrix pentesting ideas Gareth Bromley (Feb 09)
- Re: Citrix pentesting ideas wirepair (Feb 09)
- Re: Citrix pentesting ideas wirepair (Feb 09)