Hacking CITRIX - the forceful way

Fri, 05 Oct 2007 15:39:03 GMT

Yesterday I briefly covered how CITIRX hacking works by performing simple enumeration exercises. Today, I will show you how to drill.

As ways, I prepared a video that demonstrates the attack in more visual way. BTW, 90% of test I've done are subjected this type of attack. It is insane really.

In case the video does not work, you can download the high-quality version from over here.

I also did some coding as well. The following script can be used to bruteforce the Windows/Netware logon. With a few mods you can make it work for CITRIX SSLs auth as well.


I have [another script](http://www.gnucitizen.org/static/blog/2007/10/connect.js), which I use to fine tune connections - very suitable when you don't want to deal with ICA but you want to tryout different citrix communication mechanisms and connection options.


This is it. I hope that you enjoyed the demo.

Comments Powered ByDisqus