Steve, try to email someone from your company a batch file. i am sure that that will fail, mainly because you realize that it is a security risk. right? now try to email a .rdp or .ica file. it works 99% of all the time. second, please read the article. :) no offense, but you are completely missing the point here. 3rd, users does not need to have admin rights, these rights can be obtained with privilege escalations exercise. this is not A to Z attack. you are missing all other letters in between. this is just my humble opinion. cheers, pdp On 10/10/07, Steve Shockley <steve.shockley@xxxxxxxxxxxx> wrote: > pdp (architect) wrote: > > The attack is rather simple. All the bad guys have to do is to compose > > a malicious RDP (for Windows Terminal Services) or ICA (for CITRIX) > > file and send it to the victim. The victim is persuaded to open the > > file by double clicking on it. When the connection is established, the > > user will enter their credentials to login and as such let the hackers > > in. Vicious! > > So, "all you have to do" is persuade the user to run an attachment and > type in credentials. Wouldn't it be simpler to just email the user a > batch file and have them run it? Why not just use the same message from > "Tim from Tech Department" and substitute a web page for the RDP file? > > It's not clear from your article, but I assume you're having the user > connect to their normal Citrix or TS farm to run the program. First, > why in the world would you give users administrative rights on your > servers? Secondly, why wouldn't you use software restriction policies > to whitelist only allowed apps on your server? > > > I will show you how easy it is to compromise a well protected Windows > Terminal or CITRIX server > > No, you showed how to compromise a poorly-configured TS or Citrix server. > > > Security in depth does not exist! > > Sounds more like shallow configurations. > -- pdp (architect) | petko d. petkov http://www.gnucitizen.org
