Hacking CITRIX – the forceful way
Yesterday I briefly covered how CITIRX hacking works by performing simple enumeration exercises. Today, I will show you how to drill.
As ways, I prepared a video that demonstrates the attack in more visual way. BTW, 90% of test I’ve done are subjected this type of attack. It is insane really.
In case the video does not work, you can download the high-quality version from over here.
I also did some coding as well. The following script can be used to bruteforce the Windows/Netware logon. With a few mods you can make it work for CITRIX SSLs auth as well.
I have another script, which I use to fine tune connections – very suitable when you don’t want to deal with ICA but you want to tryout different citrix communication mechanisms and connection options.
This is it. I hope that you enjoyed the demo.