Comments on: CITRIX: Owning the Legitimate Backdoor

By: ikkuhqhp

ikkuhqhp — Sun, 18 May 2008 09:57:47 +0000

pdp, I was reading this post but found that the youtube link doesn’t work. Could you explain “escaping windows GUI” again please?

By: Citrix Prezantasyon Sunucusu iÃ§in Yama | VirÃ¼s GÃ¼venlik Haberleri

Citrix Prezantasyon Sunucusu iÃ§in Yama | VirÃ¼s GÃ¼venlik Haberleri — Sat, 15 Dec 2007 10:17:36 +0000

[...] gÃ¼venlik aÃ§Ä±ÄŸÄ± duyurusu: http://www.gnucitizen.org/blog.....-backdoor/ Citrix gÃ¼venlik bÃ¼lteni: [...]

By: TesCitrixOuPas » Blog Archive » Citrix, trou de sÃ©curitÃ© ou mauvaise gestion des administrateurs Citrix ?

Wed, 28 Nov 2007 22:03:02 +0000

[...] le site GNUCITIZEN, un chercheur en sÃ©curitÃ© en faisant une simple recherche sur Google est tombÃ© sur une floppÃ© [...]

By: newKid

newKid — Mon, 19 Nov 2007 03:30:40 +0000

I am not a hacker, just a college kid, studying networking, programming, security, the like. I am researching Citrix for a security paper. I clicked on some of these links, to see what would happen, as the read is seriously intriguing to me. Most of them you can’t actually get to. One came up but gave me an error and did not display. Please explain; are you telling me that by clicking the links that are returned in the search, that you are actually accessing information running on the server? There is no one on the other end that can see or be alerted of the fact that some remote user is actually getting in unauthenticated? I don’t understand. How does this actually work out?

By: pdp

pdp — Tue, 30 Oct 2007 07:21:04 +0000

Intrigued, absolutely!

By: Intrigued

Intrigued — Tue, 30 Oct 2007 00:56:30 +0000

I found it interesting that some of the servers have user names and domain names in the config files. After looking around I found that some of them give you a remote desktop without authentication with full access by using a user name and domain name (could be dead wrong and it just gives you the remote desktop anyways but none the less its still a blatant hole)

By: Network Security Podcast, Episode 81 | securosis.com

Network Security Podcast, Episode 81 | securosis.com — Thu, 18 Oct 2007 16:23:42 +0000

[...] Citrix; Owning the legitimate backdoor [...]

By: Bbb

Bbb — Mon, 15 Oct 2007 15:06:32 +0000

Absolutely very concerning, the fact that you can get Numb-Nut administrators.

As I mentioned above….

http://search.yahoo.com/search…..ension:rdp

http://www.google.com/search?q=ext:rdp

…..you get the same numb-nuts administrating plain old Terminal services as well as any other product.

The first line of your article ‘The Internet is full of wide open CITRIX gateways’ probably put the Sh$ts up many a CITRIX administrator because they implement true CITRIX gateways (that only open for the correct people). I hope people reading this article realise that this is not the way to implement CITRIX for remote access.

I can’t believe the amount of people who don’t follow simple IT Security recommended practices. This is probably why your article should be entitled ‘Beware There are Numb-Nut Administrators everywhere!!’ ;-)

Bbb

By: Citrix holes endanger Government and Military systems - spyware news

Citrix holes endanger Government and Military systems - spyware news — Mon, 15 Oct 2007 14:05:16 +0000

[...] into Citrix GUIs and playing with .ica files. He kindly posted the results of this rampage on his blog. What he did was he tried searching for public .ICAs in google and yahoo and found "tons" [...]

By: The Day Today » Blog Archive » Citrix backdoors easy to find

The Day Today » Blog Archive » Citrix backdoors easy to find — Mon, 15 Oct 2007 13:47:37 +0000

[...] gateways, which are often unsecured - allowing a hacker to get a command prompt on the servers. This article explains how, and includes a video showing how to get a command prompt from the calculator [...]

By: pdp

pdp — Mon, 15 Oct 2007 10:02:50 +0000

Bbb, but it is still concerning isn’t it? which was the point of the post! right?

By: Bbb

Bbb — Mon, 15 Oct 2007 09:58:27 +0000

How about ‘hacking’ Windows Terminal services

http://search.yahoo.com/search.....ension:rdp

http://www.google.com/search?q=ext:rdp

As mentioned above this isn’t a hack just someone who left the front door open for someone to easily walk through

By: pdp

pdp — Mon, 15 Oct 2007 09:34:54 +0000

the videos can be found at the bottom of this post: http://www.gnucitizen.org/blog.....ceful-way/

By: Alan

Alan — Mon, 15 Oct 2007 09:28:33 +0000

Hack is a hack. Doesn’t matter whether you find it sophisticated or not. If you can get to .mil sites with it, that’s obviously something critical.

i didnt see the video btw, can someone fix the link:

This video is no longer available due to a copyright claim by Citrix Systems, Inc.

what copyright? :)

By: stupidisasstupiddoes

stupidisasstupiddoes — Sat, 13 Oct 2007 20:58:21 +0000

Stupid is as stupid does. You can lead a horse, but making it drink is another issue. Secure Gateway and Access Gateway have been available for years. If the Citrix admin is getting away with exposing a Presentation Server in the DMZ, then they deserve to be hacked.

By: Clear | GNUCITIZEN

Clear | GNUCITIZEN — Sat, 13 Oct 2007 12:39:00 +0000

[...] first general misconception is regarding the CITRIX posts. Let’s start with CITRIX: Owning the Legitimate Backdoor, shall we? A lot of GNUCITIZEN’s readers thought that I am showing new attack techniques. No, [...]

By: pdp

pdp — Sat, 13 Oct 2007 08:44:07 +0000

rjhoward, one word: gateways! make sure that you use nfuse or whatever else you want but just never, ever, expose 1494/UDP/TCP on the Internet. Segment as much as possible.

Unfortunately, all this will make your work 100% more intensive. So, there is no space for laziness :)

By: rjhoward

rjhoward — Fri, 12 Oct 2007 19:13:01 +0000

Ok, you have my attention and the attention of everyone in my organization. How can we tighten things up? What is this lazy administrator doing to contribute to the issue and how can I improve?

By: pdp

pdp — Fri, 12 Oct 2007 14:44:09 +0000

Maverick, since it is known for ages…. why didn’t you flagged it then? I am not releasing a new vulnerability!

All I am saying is that there are wide open CITRIX services out there which are susceptible to attack! on government and military facilities btw!!!

BTW, what do you define as hacking? Cuz I am tired of listing to people who define reverse engineering and C exploit writing as hacking. That has nothing to do with hacking. That’s stupid methodology everyone can learn in a month. There is nothing creative about it!

By: Citrix Internet Gateways - Critical need to lock these down - Harry Waldron - My IT Forums Blog

Fri, 12 Oct 2007 13:36:44 +0000

[...] CITRIX: Owning the Legitimate Backdoor http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ Hacking CITRIX - the forceful [...]