Got Citrix? Hack IT! Shanit Gupta February 16, 2008.
-
Upload
eliana-cran -
Category
Documents
-
view
215 -
download
0
Transcript of Got Citrix? Hack IT! Shanit Gupta February 16, 2008.
![Page 1: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/1.jpg)
Got Citrix? Hack IT!
Shanit GuptaFebruary 16, 2008
![Page 2: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/2.jpg)
Who Am I?
► Senior Security Consultant – Foundstone Professional Services► Code Review / Threat Modeling / Application Security► Masters from Carnegie Mellon
![Page 3: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/3.jpg)
Agenda
► Background► Demo 1: Kiosk Mode► Demo 2: Unauthenticated Access ► Demo 3: (Un)Hidden Hotkeys► Demo 4: Restricted Desktop Access► Demo 5: Attack Microsoft Office► Remediation Measures
![Page 4: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/4.jpg)
What / How do I know about Citrix?
![Page 5: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/5.jpg)
False Sense of Security
![Page 6: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/6.jpg)
Demo1: Kiosk Mode
![Page 7: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/7.jpg)
Demo1: Kiosk Mode (Attack Vectors)
► Ctrl + h – View History► Ctrl + n – New Browser► Shift + Left Click – New Browser ► Ctrl + o – Internet Address (browse feature)► Ctrl + p – Print (to file) ► Right Click (Shift + F10)
Save Image As View Source
► F1 – Jump to URL…► Browse to
http://download.insecure.org/nmap/dist/nmap-4.53-setup.exe
![Page 8: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/8.jpg)
I Hope You Are Patching
*Source: http://secunia.com
![Page 9: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/9.jpg)
Demo 2: Unauthenticated Access
► 9 publicly accessible exploits 2007 – 08 ► Particularly interesting
Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
Social Engineering: Malicious ICA files
![Page 10: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/10.jpg)
Demo 2: Unauthenticated Access
► Good Old Brute Force One account is all you need I am sure you are using 2 factor authentication ;-)
![Page 11: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/11.jpg)
Demo3: (Un)Hidden Hotkeys
► SHIFT+F1: Local Task List► SHIFT+F2: Toggle Title Bar ► SHIFT+F3: Close Remote Application► CTRL+F1: Displays Windows Security Desktop –
Ctrl+Alt+Del► CTRL+F2: Remote Task List ► CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC► ALT+F2: Cycle through programs ► ALT+PLUS: Alt+TAB► ALT+MINUS: ALT+SHIFT+TAB
![Page 12: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/12.jpg)
Demo4: Restricted Desktop
![Page 13: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/13.jpg)
Demo4: Restricted Desktop
► Shortcut to C:\► Create Batch File
CMD.exe
► Host Scripting File (filename.vbs) ■ Set objApp = CreateObject("WScript.Shell")■ objApp.Run “CMD C:\“
![Page 14: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/14.jpg)
Demo5: Attack Microsoft Office
► File->Save As Browse Files and Launch CMD.exe
► Press F1 Search Microsoft Click Suites Home Page
► Macros Remote Shell Privilege Escalation
![Page 15: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/15.jpg)
Remediation Strategies
► 1300 different registry settings► It is HARD!
![Page 16: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/16.jpg)
Remediation Strategies
► Lock Down Tools Commercial Freeware http://updates.zdnet.com/tags/lockdown.html
![Page 17: Got Citrix? Hack IT! Shanit Gupta February 16, 2008.](https://reader030.fdocuments.us/reader030/viewer/2022032701/56649c7b5503460f9492f027/html5/thumbnails/17.jpg)
Questions or Concerns?