what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

citrix-pa-scan.c

citrix-pa-scan.c
Posted Nov 16, 2002

Defcon 10 Presentation: citrix-pa-scan

SHA-256 | e03f75db2296b2730cc2c74234d6769c73a0633d3d08d9edeeab64f1f2159778

citrix-pa-scan.c

Change Mirror Download
/* Citrix Published Application Scanner */
/* By Ian.Vitek@ixsecurity.com */
/* citrix-pa-scan [option] */
/* Where option is: */
/* IP to test IP */
/* - to read IPs from STDIN */
/* file to read IPs from file */
/* random to read IPs from /dev/urandom */

#include <sys/socket.h>
#include <netinet/in.h>
#include <stdio.h>
#include <signal.h>
#include <string.h>
static int sockfd;

int scan (char *ctarget,int timeout) {
int n,i,newHost=1,flag1,loop=1;
struct sockaddr_in servaddr;
unsigned char recvline[10000];
unsigned char sendline[] =
"\x2a\x00\x01\x32\x02\xfd"
"\xa8\xe3\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x21\x00"
"\x02\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00"
;

int hi,ch;
int ch1,ch2,ch3,ch4;
char target[512];
FILE *inputfd=NULL;
FILE *urand;

if (!strcmp(ctarget, "-")) {
inputfd = stdin;
newHost=2;
} else {
if( (inputfd = fopen(ctarget, "r") ) != NULL) {
newHost=2;
}
}

if(!strcmp(ctarget,"random")) {
newHost=3;
if( (urand=fopen("/dev/urandom", "rb") ) == NULL) {
printf("Cant open /dev/urandom\n\n");
exit(1);
}
}

while(loop==1) {
if(inputfd && newHost==2) {
loop=0;
hi=0;
target[0]=0x00;
while((ch=getc(inputfd)) != EOF) {
if(ch==' ' || ch=='\n' || ch=='\t' || ch=='\0') {
break;
}
if (hi<511) {
loop=1;
target[hi++] = (char) ch;
} else {
printf("One of the host_specifications from your input file
is too long (> %d chars)\n\n", sizeof(target));
exit(1);
}
}
target[hi] = '\0';
} else if(newHost==1 && strlen(ctarget)<511) {
strcpy(target, ctarget);
loop=0;
} else if(newHost==3) {
loop=1;
do {
ch1=getc(urand);
} while (ch1<1 || ch1>254);
ch2=getc(urand);
ch3=getc(urand);
do {
ch4=getc(urand);
} while (ch4<1 || ch4>254);
sprintf(target,"%d.%d.%d.%d", ch1, ch2, ch3, ch4);
} else {
printf("Nothing to do? Right input file or IP adress?\n\n");
exit(1);
}
if(target[0]==0x00) { printf("\n"); exit(1); }

sockfd=socket(AF_INET,SOCK_DGRAM,0);

bzero(&servaddr,sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr=inet_addr(target);
servaddr.sin_port=htons(1604);

alarm(timeout);
sendto(sockfd,sendline,sizeof(sendline),0,
(struct sockaddr *)&servaddr,sizeof(servaddr));
n=recvfrom(sockfd,recvline,10000,0,NULL,NULL);
close(sockfd);
recvline[n]=0;
alarm(0);
flag1=0;
if(n>37) {
for(i=40; i<n; i++) {
if(recvline[i] != 0x00) {
if(flag1==0) {
printf("\n\n%15s: ",target);
flag1=1;
}
printf("%c",recvline[i]);
} else {
printf("\n ");
}
}
if(recvline[38] == 0xe4 && recvline[39] == 0x04) {
printf("\n\n%15s: No Published Application\n",target);
}
}
}
}

void gotAlarm () {
close(sockfd);
}


int main(int argc, char**argv)
{
int t=1;
printf("\nCitrix Published Application Scanner version 1.0\n");
printf("By Ian Vitek, ian.vitek@ixsecurity.com\n");
if (argc < 2)
{
printf("usage: %s { IP | file | - | random } [timeout sec]\n\n",argv[0]);
exit(1);
}

if(argv[2]) t=atoi(argv[2]);
signal (SIGALRM, gotAlarm);
scan(argv[1],t);

printf("\n");

}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close