http://www.gnucitizen.org/blog/remote-desktop-command-fixation-attacks Security in depth does not exist! No matter what you do, dedicated attackers will always be able to penetrate your network. Seriously! Information security is mostly about risk assessment and crisis management. When it comes to exploitative penetration testing, I relay on tactics rather then exploits. I've already talked about how insecure Remote Desktop service could be. In this post I will show you how easy it is to compromise a well protected Windows Terminal or CITRIX server with a simple social engineering attack and some knowledge about the platform we are about to exploit. The attack is rather simple. All the bad guys have to do is to compose a malicious RDP (for Windows Terminal Services) or ICA (for CITRIX) file and send it to the victim. The victim is persuaded to open the file by double clicking on it. When the connection is established, the user will enter their credentials to login and as such let the hackers in. Vicious! I have a more detailed explanation about the tactics behind this attack. Because I don't want to spam people with tones of text, I just included a link which you can follow. Hope that this is useful and at the same time eye opening, not that it is something completely amazing. But it does work and it works well. cheers. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org
