hack.lu Part #3

Last presentation of today, Joffrey Czarny presented how to go outside a Citrix context. As a pen-tester and maintainer of the Elsenet project, he explained how a pen-test was performed against a Citrix environment. First, it looked very easy to get a list of published applications! Amazing! Then ICA files were also easy to change by using the InitialProgram parameter to get a cmd.exe. In the same way, Internet Explorer or Notepad can be easily launched from Help Viewer. Citrix allows access to your local computer file system: just browse to “\\your_ip_address”. Joffrey also showed that Microsoft Office can be very useful during pen-tests: From VBA (macros), you can create socket! (port scans, telnet, …) or execute commands via a VB launcher. Finally, SQL queries can be executed from Excel. Have a look at the following site: http://www.cqure.net/wp/hedgehog/. I’ll never see Office like in previously, what a wonderful tool! :-]

That’s all for today, see you tomorrow for more presentations…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.