Got citrix hack it
Upcoming SlideShare
Loading in...5
×
 

Got citrix hack it

on

  • 1,132 views

 

Statistics

Views

Total Views
1,132
Views on SlideShare
1,132
Embed Views
0

Actions

Likes
1
Downloads
11
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Got citrix hack it Got citrix hack it Presentation Transcript

  • Got Citrix? Hack IT! Shanit Gupta February 16, 2008
  • Who Am I? ►Senior Security Consultant – Foundstone Professional Services ►Code Review / Threat Modeling / Application Security ►Masters from Carnegie Mellon www.foundstone.com
  • Company Overview ► Founded in 1999 (Acquired by McAfee Inc. in 2004) ► Foundstone Professional Services Offices ■ Mission Viejo, CA ■ Washington, DC ■ New York City, NY ■ Atlanta, GA ■ Dallas, TX ■ Seattle, WA ■ Footprint World Wide via McAfee (now) ► Customers: ■ Fortune 500 focused ■ Financial Services, Insurance, Technology, Telecomm, Government, etc. ► Core Proposition ■ Foundstone offers a unique combination of software, services, and education to help companies continuously and measurably protect the most important assets from critical threats www.foundstone.com View slide
  • Agenda ► Background ► Demo 1: Kiosk Mode ► Demo 2: Unauthenticated Access ► Demo 3: (Un)Hidden Hotkeys ► Demo 4: Restricted Desktop Access ► Demo 5: Attack Microsoft Office ► Remediation Measures www.foundstone.com View slide
  • What / How do I know about Citrix? www.foundstone.com
  • False Sense of Security www.foundstone.com
  • Demo1: Kiosk Mode www.foundstone.com
  • Demo1: Kiosk Mode (Attack Vectors) ► Ctrl + h – View History ► Ctrl + n – New Browser ► Shift + Left Click – New Browser ► Ctrl + o – Internet Address (browse feature) ► Ctrl + p – Print (to file) ► Right Click (Shift + F10) ■ Save Image As ■ View Source ► F1 – Jump to URL… ► Browse to http://download.insecure.org/nmap/dist/nmap-4.53- setup.exe www.foundstone.com
  • I Hope You Are Patching ☺ *Source: http://secunia.com www.foundstone.com
  • Demo 2: Unauthenticated Access ► 9 publicly accessible exploits 2007 – 08 ► Particularly interesting ■ Citrix Presentation Server IMA Service Buffer Overflow Vulnerability ■ Social Engineering: Malicious ICA files www.foundstone.com
  • Demo 2: Unauthenticated Access ► Good Old Brute Force ■ One account is all you need ■ I am sure you are using 2 factor authentication ;-) www.foundstone.com
  • Demo3: (Un)Hidden Hotkeys ► SHIFT+F1: Local Task List ► SHIFT+F2: Toggle Title Bar ► SHIFT+F3: Close Remote Application ► CTRL+F1: Displays Windows Security Desktop – Ctrl+Alt+Del ► CTRL+F2: Remote Task List ► CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC ► ALT+F2: Cycle through programs ► ALT+PLUS: Alt+TAB ► ALT+MINUS: ALT+SHIFT+TAB www.foundstone.com
  • Demo4: Restricted Desktop www.foundstone.com
  • Demo4: Restricted Desktop ►Shortcut to C: ►Create Batch File ■ CMD.exe ►Host Scripting File (filename.vbs) ■ Set objApp = CreateObject("WScript.Shell") ■ objApp.Run “CMD C:“ www.foundstone.com
  • Demo5: Attack Microsoft Office ►File->Save As ■ Browse Files and Launch CMD.exe ►Press F1 ■ Search Microsoft ■ Click Suites Home Page ► Macros ■ Remote Shell ■ Privilege Escalation www.foundstone.com
  • Remediation Strategies ►1300 different registry settings ►It is HARD! www.foundstone.com
  • Remediation Strategies ►Lock Down Tools ■ Commercial ■ Freeware ■ http://updates.zdnet.com/tags/lockdown.html www.foundstone.com
  • Questions or Concerns? www.foundstone.com