From: Sekurity Shaman (sekurityshaman@yahoo.com)
Date: Fri Sep 16 2005 - 14:04:11 EDT
Hailing from the bustling halls of Valhalla i present
ye with the following. Please note the orginal Wizard
who created these magical spells to be cast upon those
that are seen fit to taste their wrath.
http://www.cqure.net/tools/citrix_pa.zip - Location of
said spells
<start of copy and paste spell>
Unix tools contain citrix-pa-scan.pl and
citrix-pa-proxy.pl.
These tools uses blocking sockets with alarm so they
will probably fail in a win32 environment.
Win32 tools contain pas.pl.
Citrix-pa-scan
==============
This tool should be used to enumerate Citrix published
applications.
Usage:
citrix-pa-scan.pl {IP | file | - | random } [timeout]
where IP is one IP or
file is a one file containing a list with IP or
- is to read IP from standard input or
random to read IP from /dev/urandom.
timeout is the timeout in seconds.
The output if in the following format:
SCANNED IP1|MASTER BROWSER IP1|NO
PROXY?|Application1;Application2
SCANNED IP2|MASTER BROWSER IP2|NO
PROXY?|Application3;Application4
If the output is redirected to a file called pas.wri
it could be supplied to pas.pl.
Citrix-pa-proxy
===============
This tool should be used to enumerate and connect to a
published application with the Citrix client when the
master browser is non-public.
Usage:
citrix-pa-proxy.pl IP_to_proxy_to [Local_IP]
Where IP_to_proxy_to is the remote Citrix server.
Local_IP is default 127.0.0.1. Change it to the local
IP when running the proxy on a remote host (When
running the Citrix client on one host and the proxy on
another).
Pas
===
This tool should be used to connect to the
applications reported by citrix-pa-scan.pl.
pas.pl requires the output from citrix-pa-scan.pl to
be called pas.wri.
pas.pl asks how the connection went and writes the
output to pas_results.wri.
To enable 128 bit encryption add following row under
the Published Application section in the template.ica
file:
EncryptionLevelSession=EncRC5-128
INFO
====
download my Defcon presentation here
citrix-pa-scan.pl, citrix-pa-proxy.pl and pas.pl is
written by Ian Vitek.
ian.vitek@ixsecurity.com
<end of copy and paste spell>
If those spells do not cast properly, you may be
forced to consult an oracle on citrix.
http://www.google.com/intl/xx-hacker/
http://sh0dan.org/files/hackingcitrix.txt
I will no doubt see you at Ragnarok!!
May Odin be with you in all your journeys!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT