Re: Citrix Remote Desktop

[Daniel Clemens <daniel.clemens () packetninjas net>]

On Jun 2, 2010, at 8:26 AM, The Dead wrote:

> I'm manking a pen-testing from an external network to a target and I
> found a Citrix session (port 1494) opened.
> I have downloaded some tools that perform brute-force login and
> application enumeration.
> Is there something else that I can do about such enviroment?

Half ass response I know, but;

Do you have access to the citrix environment yet?
If so there are tons of things you can do. 
Once in the citrix environment try to see when and where you can get past any restrictions placed on your environment 
through making your own batch files, or tricks to get cmd.exe to launch. 

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851 
"Moments of sorrow are moments of sobriety"












------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------