Citrix Breakout

Basic Methodology for break-out:

Gain access to a Dialog Box.
Exploit the Dialog Box to achieve command execution.
Escalate privileges to gain higher levels of access. .ica files are used for logging into restricted environments

Try to get access to such dialogs:

Then enter UNC path: \\127.0.0.1\c$\users\pmorgan

Same technique to access shares: \\10.13.38.95\share

In cases where strict restrictions are imposed on File Explorer, alternative File System Editors like Q-Dir or Explorer++ can be employed as a workaround

Or modify existing shortcut files to cmd.exe path. If no existing shortcuts either transer one or create new using powershell(.lnk)

Write a bat file with cmd in it.

PreviousDLL Injection NextUAC

Last updated 9 months ago

Was this helpful?