Yesterday I briefly covered how CITIRX hacking works by performing simple enumeration exercises. Today, I will show you how to drill.

As ways, I prepared a video that demonstrates the attack in more visual way. BTW, 90% of test I’ve done are subjected this type of attack. It is insane really.

In case the video does not work, you can download the high-quality version from over here.

I also did some coding as well. The following script can be used to bruteforce the Windows/Netware logon. With a few mods you can make it work for CITRIX SSLs auth as well.

http://www.gnucitizen.org/static/blog/2007/10/bforce.js

I have another script, which I use to fine tune connections – very suitable when you don’t want to deal with ICA but you want to tryout different citrix communication mechanisms and connection options.

http://www.gnucitizen.org/static/blog/2007/10/connect.js

This is it. I hope that you enjoyed the demo.