[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Remote Desktop Command Fixation Attacks

To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>, <pdp.gnucitizen@xxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
From: <full-disclosure@xxxxxxxxxxxx>
Date: Wed, 10 Oct 2007 14:05:28 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SHUT UP VLADIS IF ANYONE CARED THEY WOULD JUST FREQUENT YOUR BLOG
GET OFF THIS LIST THIS IS FOR SERIOUS SECURITY MATTERS ONLY

On Wed, 10 Oct 2007 07:14:32 -0400 "pdp (architect)"
<pdp.gnucitizen@xxxxxxxxxxxxxx> wrote:
>http://www.gnucitizen.org/blog/remote-desktop-command-fixation-
>attacks
>
>Security in depth does not exist! No matter what you do, dedicated
>attackers will always be able to penetrate your network.
>Seriously!
>Information security is mostly about risk assessment and crisis
>management.
>
>When it comes to exploitative penetration testing, I relay on
>tactics
>rather then exploits. I've already talked about how insecure
>Remote
>Desktop service could be. In this post I will show you how easy it
>is
>to compromise a well protected Windows Terminal or CITRIX server
>with
>a simple social engineering attack and some knowledge about the
>platform we are about to exploit.
>
>The attack is rather simple. All the bad guys have to do is to
>compose
>a malicious RDP (for Windows Terminal Services) or ICA (for
>CITRIX)
>file and send it to the victim. The victim is persuaded to open
>the
>file by double clicking on it. When the connection is established,
>the
>user will enter their credentials to login and as such let the
>hackers
>in. Vicious!
>
>I have a more detailed explanation about the tactics behind this
>attack. Because I don't want to spam people with tones of text, I
>just
>included a link which you can follow. Hope that this is useful and
>at
>the same time eye opening, not that it is something completely
>amazing. But it does work and it works well.
>
>cheers.
>
>--
>pdp (architect) | petko d. petkov
>http://www.gnucitizen.org
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcNFGgACgkQ+dWaEhErNvS4wwQAj8LqbxzIYoXodiXgspcs/YDG0/a8
oNPk3PsmOKHp7N7jVObIEDPjCgGHMRrPfHIEjys5EBTkVr/wq7/y6XPQLdyzIu5VyFE2
04q7slbdkrfImgByVX2itNYDJ5JlbzqrakxxZ9TVrNqqXtjWhw4IN90jDMo8tLoQT0V4
7xtyuiU=
=mlsP
-----END PGP SIGNATURE-----


--
Click for free info on business schools, $150K/ year potential.
http://tagline.hushmail.com/fc/Ioyw6h4dC6kbhaI6CLIgyWpO60jMWLXpHtbVzuYHwGilHWig7GUYZK/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] Tom Serson Serious Business
Next by Date: Re: [Full-disclosure] 0day: Hacking secured CITRIX from outside
Previous by thread: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
Next by thread: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
Index(es):
- Date
- Thread