SlideShare a Scribd company logo

Got citrix hack it

Sujith Rasnayake
Sujith Rasnayake

This document discusses vulnerabilities in Citrix systems that could allow unauthorized access. It begins with background on the speaker and their company. It then outlines several demonstrations of attacks on Citrix, including exploiting the kiosk mode, gaining unauthenticated access through brute force or exploits, using hidden hotkeys, restricting desktop access, and attacking Microsoft Office files. The document concludes with discussing the difficulty of fully remediating Citrix systems due to the large number of registry settings involved.

Education
1 of 18
Download to read offline
Got Citrix? Hack IT! Shanit Gupta February 16, 2008
Who Am I? ►Senior Security Consultant – Foundstone Professional Services ►Code Review / Threat Modeling / Application Security ►Masters from Carnegie Mellon www.foundstone.com
Company Overview ► Founded in 1999 (Acquired by McAfee Inc. in 2004) ► Foundstone Professional Services Offices ■ Mission Viejo, CA ■ Washington, DC ■ New York City, NY ■ Atlanta, GA ■ Dallas, TX ■ Seattle, WA ■ Footprint World Wide via McAfee (now) ► Customers: ■ Fortune 500 focused ■ Financial Services, Insurance, Technology, Telecomm, Government, etc. ► Core Proposition ■ Foundstone offers a unique combination of software, services, and education to help companies continuously and measurably protect the most important assets from critical threats www.foundstone.com
Agenda ► Background ► Demo 1: Kiosk Mode ► Demo 2: Unauthenticated Access ► Demo 3: (Un)Hidden Hotkeys ► Demo 4: Restricted Desktop Access ► Demo 5: Attack Microsoft Office ► Remediation Measures www.foundstone.com
What / How do I know about Citrix? www.foundstone.com
False Sense of Security www.foundstone.com
Demo1: Kiosk Mode www.foundstone.com
Demo1: Kiosk Mode (Attack Vectors) ► Ctrl + h – View History ► Ctrl + n – New Browser ► Shift + Left Click – New Browser ► Ctrl + o – Internet Address (browse feature) ► Ctrl + p – Print (to file) ► Right Click (Shift + F10) ■ Save Image As ■ View Source ► F1 – Jump to URL… ► Browse to http://download.insecure.org/nmap/dist/nmap-4.53- setup.exe www.foundstone.com
I Hope You Are Patching ☺ *Source: http://secunia.com www.foundstone.com
Demo 2: Unauthenticated Access ► 9 publicly accessible exploits 2007 – 08 ► Particularly interesting ■ Citrix Presentation Server IMA Service Buffer Overflow Vulnerability ■ Social Engineering: Malicious ICA files www.foundstone.com
Demo 2: Unauthenticated Access ► Good Old Brute Force ■ One account is all you need ■ I am sure you are using 2 factor authentication ;-) www.foundstone.com
Demo3: (Un)Hidden Hotkeys ► SHIFT+F1: Local Task List ► SHIFT+F2: Toggle Title Bar ► SHIFT+F3: Close Remote Application ► CTRL+F1: Displays Windows Security Desktop – Ctrl+Alt+Del ► CTRL+F2: Remote Task List ► CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC ► ALT+F2: Cycle through programs ► ALT+PLUS: Alt+TAB ► ALT+MINUS: ALT+SHIFT+TAB www.foundstone.com
Demo4: Restricted Desktop www.foundstone.com
Demo4: Restricted Desktop ►Shortcut to C: ►Create Batch File ■ CMD.exe ►Host Scripting File (filename.vbs) ■ Set objApp = CreateObject("WScript.Shell") ■ objApp.Run “CMD C:“ www.foundstone.com
Demo5: Attack Microsoft Office ►File->Save As ■ Browse Files and Launch CMD.exe ►Press F1 ■ Search Microsoft ■ Click Suites Home Page ► Macros ■ Remote Shell ■ Privilege Escalation www.foundstone.com
Remediation Strategies ►1300 different registry settings ►It is HARD! www.foundstone.com
Remediation Strategies ►Lock Down Tools ■ Commercial ■ Freeware ■ http://updates.zdnet.com/tags/lockdown.html www.foundstone.com
Questions or Concerns? www.foundstone.com

Recommended

How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
Denis Gundarev
 
Spo2 w22
Spo2 w22Spo2 w22
Spo2 w22
SelectedPresentations
 
Ethical hacking (2)
Ethical hacking (2)Ethical hacking (2)
Ethical hacking (2)
Raviteja Chowdary Adusumalli
 
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnDEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
Felipe Prado
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
Ht r32
Ht r32Ht r32
Ht r32
SelectedPresentations
 
Exp r35
Exp r35Exp r35
Exp r35
SelectedPresentations
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
Yash Diwakar
 

Recommended

How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
Denis Gundarev
 
Spo2 w22
Spo2 w22Spo2 w22
Spo2 w22
SelectedPresentations
 
Ethical hacking (2)
Ethical hacking (2)Ethical hacking (2)
Ethical hacking (2)
Raviteja Chowdary Adusumalli
 
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnDEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
Felipe Prado
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
Ht r32
Ht r32Ht r32
Ht r32
SelectedPresentations
 
Exp r35
Exp r35Exp r35
Exp r35
SelectedPresentations
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
Yash Diwakar
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Lane Huff
 
Tech w23
Tech w23Tech w23
Tech w23
SelectedPresentations
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
Greg Foss
 
Practical Encryption Tips and Tools
Practical Encryption Tips and ToolsPractical Encryption Tips and Tools
Practical Encryption Tips and Tools
Heidi Alexander
 
Stu t19 a
Stu t19 aStu t19 a
Stu t19 a
SelectedPresentations
 
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
GangSeok Lee
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurity
George Boobyer
 
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Derbycon 2017: Hunting Lateral Movement For Fun & ProfitDerbycon 2017: Hunting Lateral Movement For Fun & Profit
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Mauricio Velazco
 
Cyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptxCyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptx
DrMajidMumtaz
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
David Busby, CISSP
 
Spo2 t19 spo2-t19
Spo2 t19 spo2-t19Spo2 t19 spo2-t19
Spo2 t19 spo2-t19
SelectedPresentations
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
Sumedt Jitpukdebodin
 
Ht t19
Ht t19Ht t19
Ht t19
SelectedPresentations
 
Hands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourHands-On Security - ES Guided Tour
Hands-On Security - ES Guided Tour
Splunk
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
fangjiafu
 
Hacking and cracking
Hacking and crackingHacking and cracking
Hacking and cracking
Deepak kumar
 
Bsides NYC 2018 - Hunting for Lateral Movement
Bsides NYC 2018 - Hunting for Lateral MovementBsides NYC 2018 - Hunting for Lateral Movement
Bsides NYC 2018 - Hunting for Lateral Movement
Mauricio Velazco
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
Stu w23 b
Stu w23 bStu w23 b
Stu w23 b
SelectedPresentations
 
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
shreyassri1208
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record ProperlyAccounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
TechSoup
 

More Related Content

Similar to Got citrix hack it

Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Lane Huff
 
Tech w23
Tech w23Tech w23
Tech w23
SelectedPresentations
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
Greg Foss
 
Practical Encryption Tips and Tools
Practical Encryption Tips and ToolsPractical Encryption Tips and Tools
Practical Encryption Tips and Tools
Heidi Alexander
 
Stu t19 a
Stu t19 aStu t19 a
Stu t19 a
SelectedPresentations
 
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
GangSeok Lee
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurity
George Boobyer
 
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Derbycon 2017: Hunting Lateral Movement For Fun & ProfitDerbycon 2017: Hunting Lateral Movement For Fun & Profit
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Mauricio Velazco
 
Cyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptxCyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptx
DrMajidMumtaz
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
David Busby, CISSP
 
Spo2 t19 spo2-t19
Spo2 t19 spo2-t19Spo2 t19 spo2-t19
Spo2 t19 spo2-t19
SelectedPresentations
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
Sumedt Jitpukdebodin
 
Ht t19
Ht t19Ht t19
Ht t19
SelectedPresentations
 
Hands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourHands-On Security - ES Guided Tour
Hands-On Security - ES Guided Tour
Splunk
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
fangjiafu
 
Hacking and cracking
Hacking and crackingHacking and cracking
Hacking and cracking
Deepak kumar
 
Bsides NYC 2018 - Hunting for Lateral Movement
Bsides NYC 2018 - Hunting for Lateral MovementBsides NYC 2018 - Hunting for Lateral Movement
Bsides NYC 2018 - Hunting for Lateral Movement
Mauricio Velazco
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
Stu w23 b
Stu w23 bStu w23 b
Stu w23 b
SelectedPresentations
 

Similar to Got citrix hack it (20)

Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
 
Tech w23
Tech w23Tech w23
Tech w23
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 
Practical Encryption Tips and Tools
Practical Encryption Tips and ToolsPractical Encryption Tips and Tools
Practical Encryption Tips and Tools
 
Stu t19 a
Stu t19 aStu t19 a
Stu t19 a
 
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurity
 
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Derbycon 2017: Hunting Lateral Movement For Fun & ProfitDerbycon 2017: Hunting Lateral Movement For Fun & Profit
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
 
Cyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptxCyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptx
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
 
Spo2 t19 spo2-t19
Spo2 t19 spo2-t19Spo2 t19 spo2-t19
Spo2 t19 spo2-t19
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
 
Ht t19
Ht t19Ht t19
Ht t19
 
Hands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourHands-On Security - ES Guided Tour
Hands-On Security - ES Guided Tour
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Hacking and cracking
Hacking and crackingHacking and cracking
Hacking and cracking
 
Bsides NYC 2018 - Hunting for Lateral Movement
Bsides NYC 2018 - Hunting for Lateral MovementBsides NYC 2018 - Hunting for Lateral Movement
Bsides NYC 2018 - Hunting for Lateral Movement
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Stu w23 b
Stu w23 bStu w23 b
Stu w23 b
 

Recently uploaded

KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
shreyassri1208
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record ProperlyAccounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
TechSoup
 
220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology
Kalna College
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
sonukumargpnirsadhan
 
How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17
Celine George
 
SWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptxSWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptx
zuzanka
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
deepaannamalai16
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapitolTechU
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
Celine George
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
Ch-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdfCh-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdf
lakshayrojroj
 
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
ShwetaGawande8
 
220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science
Kalna College
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
Prof. Dr. K. Adisesha
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
ImMuslim
 
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
Kalna College
 
How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17
Celine George
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
blueshagoo1
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
nitinpv4ai
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
Kalna College
 

Recently uploaded (20)

KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record ProperlyAccounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
 
220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
 
How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17
 
SWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptxSWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptx
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
Ch-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdfCh-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdf
 
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
 
220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
 
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
 
How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
 

Got citrix hack it

  • 1. Got Citrix? Hack IT! Shanit Gupta February 16, 2008
  • 2. Who Am I? ►Senior Security Consultant – Foundstone Professional Services ►Code Review / Threat Modeling / Application Security ►Masters from Carnegie Mellon www.foundstone.com
  • 3. Company Overview ► Founded in 1999 (Acquired by McAfee Inc. in 2004) ► Foundstone Professional Services Offices ■ Mission Viejo, CA ■ Washington, DC ■ New York City, NY ■ Atlanta, GA ■ Dallas, TX ■ Seattle, WA ■ Footprint World Wide via McAfee (now) ► Customers: ■ Fortune 500 focused ■ Financial Services, Insurance, Technology, Telecomm, Government, etc. ► Core Proposition ■ Foundstone offers a unique combination of software, services, and education to help companies continuously and measurably protect the most important assets from critical threats www.foundstone.com
  • 4. Agenda ► Background ► Demo 1: Kiosk Mode ► Demo 2: Unauthenticated Access ► Demo 3: (Un)Hidden Hotkeys ► Demo 4: Restricted Desktop Access ► Demo 5: Attack Microsoft Office ► Remediation Measures www.foundstone.com
  • 5. What / How do I know about Citrix? www.foundstone.com
  • 6. False Sense of Security www.foundstone.com
  • 7. Demo1: Kiosk Mode www.foundstone.com
  • 8. Demo1: Kiosk Mode (Attack Vectors) ► Ctrl + h – View History ► Ctrl + n – New Browser ► Shift + Left Click – New Browser ► Ctrl + o – Internet Address (browse feature) ► Ctrl + p – Print (to file) ► Right Click (Shift + F10) ■ Save Image As ■ View Source ► F1 – Jump to URL… ► Browse to http://download.insecure.org/nmap/dist/nmap-4.53- setup.exe www.foundstone.com
  • 9. I Hope You Are Patching ☺ *Source: http://secunia.com www.foundstone.com
  • 10. Demo 2: Unauthenticated Access ► 9 publicly accessible exploits 2007 – 08 ► Particularly interesting ■ Citrix Presentation Server IMA Service Buffer Overflow Vulnerability ■ Social Engineering: Malicious ICA files www.foundstone.com
  • 11. Demo 2: Unauthenticated Access ► Good Old Brute Force ■ One account is all you need ■ I am sure you are using 2 factor authentication ;-) www.foundstone.com
  • 12. Demo3: (Un)Hidden Hotkeys ► SHIFT+F1: Local Task List ► SHIFT+F2: Toggle Title Bar ► SHIFT+F3: Close Remote Application ► CTRL+F1: Displays Windows Security Desktop – Ctrl+Alt+Del ► CTRL+F2: Remote Task List ► CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC ► ALT+F2: Cycle through programs ► ALT+PLUS: Alt+TAB ► ALT+MINUS: ALT+SHIFT+TAB www.foundstone.com
  • 13. Demo4: Restricted Desktop www.foundstone.com
  • 14. Demo4: Restricted Desktop ►Shortcut to C: ►Create Batch File ■ CMD.exe ►Host Scripting File (filename.vbs) ■ Set objApp = CreateObject("WScript.Shell") ■ objApp.Run “CMD C:“ www.foundstone.com
  • 15. Demo5: Attack Microsoft Office ►File->Save As ■ Browse Files and Launch CMD.exe ►Press F1 ■ Search Microsoft ■ Click Suites Home Page ► Macros ■ Remote Shell ■ Privilege Escalation www.foundstone.com
  • 16. Remediation Strategies ►1300 different registry settings ►It is HARD! www.foundstone.com
  • 17. Remediation Strategies ►Lock Down Tools ■ Commercial ■ Freeware ■ http://updates.zdnet.com/tags/lockdown.html www.foundstone.com
  • 18. Questions or Concerns? www.foundstone.com