The Internet is full of wide open CITRIX gateways

This one is just frightening. 'Owning Citrix". pdp from Gnucitizen used Google to search for ICA files (Independent Computing Architecture). So just try Google: "ext:ica". The result?

Just by looking into Google, I was able to find 114 wide open CITRIX instances: 10 .gov, 4 .mil, 2027 .com, etc… The research was conducted offline, therefore there might be some false positives. Among the services discovered, there were several critical applications which looked so interesting that I didn’t even dare look at them. With a similar success, attackers can perform just simple port scans for service port 1494. The steps described above apply. .edu,

This was without bruteforcing anything. Just applications that didn't need authentication. In part 2, he demonstrates the concept including bruteforcing with Citrix - The forcefull way. Tools are available on their website. Below is the demo video:


No comments: