|
|
BugTraq
Remote Desktop Command Fixation Attacks Oct 10 2007 11:14AM pdp (architect) (pdp gnucitizen googlemail com) (2 replies) RE: Remote Desktop Command Fixation Attacks Oct 10 2007 10:11PM Thor (Hammer of God) (thor hammerofgod com) (2 replies) Re: Remote Desktop Command Fixation Attacks Oct 11 2007 12:17AM pdp (architect) (pdp gnucitizen googlemail com) (3 replies) RE: Remote Desktop Command Fixation Attacks Oct 12 2007 04:32PM Thor (Hammer of God) (thor hammerofgod com) (1 replies) Re: Remote Desktop Command Fixation Attacks Oct 13 2007 12:51PM pdp (architect) (pdp gnucitizen googlemail com) |
|
Privacy Statement |
> The attack is rather simple. All the bad guys have to do is to compose
> a malicious RDP (for Windows Terminal Services) or ICA (for CITRIX)
> file and send it to the victim. The victim is persuaded to open the
> file by double clicking on it. When the connection is established, the
> user will enter their credentials to login and as such let the hackers
> in. Vicious!
So, "all you have to do" is persuade the user to run an attachment and
type in credentials. Wouldn't it be simpler to just email the user a
batch file and have them run it? Why not just use the same message from
"Tim from Tech Department" and substitute a web page for the RDP file?
It's not clear from your article, but I assume you're having the user
connect to their normal Citrix or TS farm to run the program. First,
why in the world would you give users administrative rights on your
servers? Secondly, why wouldn't you use software restriction policies
to whitelist only allowed apps on your server?
> I will show you how easy it is to compromise a well protected Windows
Terminal or CITRIX server
No, you showed how to compromise a poorly-configured TS or Citrix server.
> Security in depth does not exist!
Sounds more like shallow configurations.
[ reply ]