Posts

Showing posts from February, 2016

Penetration testing of citrix server.

Image
"This was previously published at InfoSec Institute's Resources site."
Here I'll discuss about how I did pentest of a citrix server in lab network.


First let us understand about Windows terminal service.

Windows Terminal Services (or Remote Desktop Services) is a feature of Windows 2003/2008 which allows multiple 'sessions' to be brokered to each enabled server, each running a server desktop or embedded application.

Citrix is layered on top of Terminal Services (2003) or the RDS role (2008) and extend the functionality of this 'session based' access. Additional features such as ICA and it's HDX feature set which provide better application performance for interactive, graphical and WAN based applications, resource metric based load balancing, centralized administration, geographically dispersed 'terminal server farm' design options, application publishing (individual apps as opposed to an app embedded in a desktop session), an…