Re: Tool to Brute Force Citrix?

[jond <x () jond com>]

Thanks everyone! Great help!
I ended up using the tools from gnucitizen.org. Works like a charm.



Thanks again,
Jon





On Mon, Feb 23, 2009 at 1:52 AM, Brett Moore
<brett.moore () insomniasec com> wrote:
> Brute force against the NFuse Classic web interface then any
> web forms brute forcer will work.
>
> Brute force through the XML service would require a different
> tool, and not sure if there is a public one available. ?
>
> The stuff published on the gnucitizen blog, can be used to brute force
> direct to the app server, through TCP/UDP/SSLRelay. If CSG is in place
> then this may not work. ?
>
> Don't overlook apps with anonymous access.
> The stuff at gnucitizen can help there. But the old tools still work
> against the IMA Service over UDP or the XML service over TCP.
>
> Last time I checked, you needed to install the optional PNAgent
> component of the Ica Client to get the gnucitizen tools to run.
>
> I ran a presentation at last years Kiwicon conference on hacking
> Citrix, and am doing it again at Auscert. Hopefully get round to
> writing it up into a releasable (ie;readable) format.
>
> Hope that helps.
>
> Brett
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Lode Vanstechelman
> Sent: Saturday, 21 February 2009 5:10 a.m.
> To: jond
> Cc: pen-test () securityfocus com
> Subject: Re: Tool to Brute Force Citrix?
>
> Hi Jon,
>
> You can find some information about hacking Citrix on PDP's website
> (gnucitizen.org):
>
> CITRIX: Owning the Legitimate Backdoor |
> http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
> Hacking CITRIX - the forceful way |
> http://www.gnucitizen.org/blog/hacking-citrix-the-forceful-way/
>
> Regards,
>
> Lode
>
> 2009/2/16 jond <x () jond com>
> > I'm wondering how everyone else Brute Forces Citrix?
> > Is there anything like TSGrinder for Citrix?
> >
> >
> >
> >
> > Thanks in advance,
> > Jon
> >
> >
> >
> > .