Got citrix hack it

1,393 views

Published on

Published in: Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,393
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Got citrix hack it

  1. 1. Got Citrix? Hack IT! Shanit Gupta February 16, 2008
  2. 2. Who Am I? ►Senior Security Consultant – Foundstone Professional Services ►Code Review / Threat Modeling / Application Security ►Masters from Carnegie Mellon www.foundstone.com
  3. 3. Company Overview ► Founded in 1999 (Acquired by McAfee Inc. in 2004) ► Foundstone Professional Services Offices ■ Mission Viejo, CA ■ Washington, DC ■ New York City, NY ■ Atlanta, GA ■ Dallas, TX ■ Seattle, WA ■ Footprint World Wide via McAfee (now) ► Customers: ■ Fortune 500 focused ■ Financial Services, Insurance, Technology, Telecomm, Government, etc. ► Core Proposition ■ Foundstone offers a unique combination of software, services, and education to help companies continuously and measurably protect the most important assets from critical threats www.foundstone.com
  4. 4. Agenda ► Background ► Demo 1: Kiosk Mode ► Demo 2: Unauthenticated Access ► Demo 3: (Un)Hidden Hotkeys ► Demo 4: Restricted Desktop Access ► Demo 5: Attack Microsoft Office ► Remediation Measures www.foundstone.com
  5. 5. What / How do I know about Citrix? www.foundstone.com
  6. 6. False Sense of Security www.foundstone.com
  7. 7. Demo1: Kiosk Mode www.foundstone.com
  8. 8. Demo1: Kiosk Mode (Attack Vectors) ► Ctrl + h – View History ► Ctrl + n – New Browser ► Shift + Left Click – New Browser ► Ctrl + o – Internet Address (browse feature) ► Ctrl + p – Print (to file) ► Right Click (Shift + F10) ■ Save Image As ■ View Source ► F1 – Jump to URL… ► Browse to http://download.insecure.org/nmap/dist/nmap-4.53- setup.exe www.foundstone.com
  9. 9. I Hope You Are Patching ☺ *Source: http://secunia.com www.foundstone.com
  10. 10. Demo 2: Unauthenticated Access ► 9 publicly accessible exploits 2007 – 08 ► Particularly interesting ■ Citrix Presentation Server IMA Service Buffer Overflow Vulnerability ■ Social Engineering: Malicious ICA files www.foundstone.com
  11. 11. Demo 2: Unauthenticated Access ► Good Old Brute Force ■ One account is all you need ■ I am sure you are using 2 factor authentication ;-) www.foundstone.com
  12. 12. Demo3: (Un)Hidden Hotkeys ► SHIFT+F1: Local Task List ► SHIFT+F2: Toggle Title Bar ► SHIFT+F3: Close Remote Application ► CTRL+F1: Displays Windows Security Desktop – Ctrl+Alt+Del ► CTRL+F2: Remote Task List ► CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC ► ALT+F2: Cycle through programs ► ALT+PLUS: Alt+TAB ► ALT+MINUS: ALT+SHIFT+TAB www.foundstone.com
  13. 13. Demo4: Restricted Desktop www.foundstone.com
  14. 14. Demo4: Restricted Desktop ►Shortcut to C: ►Create Batch File ■ CMD.exe ►Host Scripting File (filename.vbs) ■ Set objApp = CreateObject("WScript.Shell") ■ objApp.Run “CMD C:“ www.foundstone.com
  15. 15. Demo5: Attack Microsoft Office ►File->Save As ■ Browse Files and Launch CMD.exe ►Press F1 ■ Search Microsoft ■ Click Suites Home Page ► Macros ■ Remote Shell ■ Privilege Escalation www.foundstone.com
  16. 16. Remediation Strategies ►1300 different registry settings ►It is HARD! www.foundstone.com
  17. 17. Remediation Strategies ►Lock Down Tools ■ Commercial ■ Freeware ■ http://updates.zdnet.com/tags/lockdown.html www.foundstone.com
  18. 18. Questions or Concerns? www.foundstone.com

×