00101: Cracking Citrix
(15 May 1998) Concept by Pat Adams and Ryan Day Copyright 1998 Digital DarknessIntroduction
This is our first foray into the world of cryptography, so bear with us if we're not using the correct terminology.
While sniffing the network connection of a Citrix Winframe server, we noticed that the data was hashed in what appeared to be one of four ways. So typing the character 'a', there was one of four ways it could appear.
For example: The first time 'a' is sent, '1234' was sniffed, the next time '7493' might appear, etc. The characters did not appear in any discernable pattern, and were not sequential.
While reading some of Citrix's documentation on Winframe security, we saw that they have a patch that would up the security to a 40, 56, or 128 bit encryption scheme, leading us to believe that the current scheme uses a key of less then 40, which could be partially saved into some sort of database that could be checked to crack the encrypted text.
How it works
The character caught from sniffing is put into a file. We know what the character is, because we create the network traffic on the client end. We then put the encrypted text into our database of possibilities for that character. We then continue through the rest of the possible characters and generate a full set of possibilities for each character.
What it Proves
Using an encryption scheme such as this is not secure. It is protection on a very elementary level. This is merely a concept however, to prove that decryption of the scheme is possible. However, real life situations would make this much more difficult.
This is our first foray into the world of cryptography, so bear with us if we're not using the correct terminology.
While sniffing the network connection of a Citrix Winframe server, we noticed that the data was hashed in what appeared to be one of four ways. So typing the character 'a', there was one of four ways it could appear.
For example: The first time 'a' is sent, '1234' was sniffed, the next time '7493' might appear, etc. The characters did not appear in any discernable pattern, and were not sequential.
While reading some of Citrix's documentation on Winframe security, we saw that they have a patch that would up the security to a 40, 56, or 128 bit encryption scheme, leading us to believe that the current scheme uses a key of less then 40, which could be partially saved into some sort of database that could be checked to crack the encrypted text.
How it works
The character caught from sniffing is put into a file. We know what the character is, because we create the network traffic on the client end. We then put the encrypted text into our database of possibilities for that character. We then continue through the rest of the possible characters and generate a full set of possibilities for each character.
What it Proves
Using an encryption scheme such as this is not secure. It is protection on a very elementary level. This is merely a concept however, to prove that decryption of the scheme is possible. However, real life situations would make this much more difficult.
Back Next
