FYI -----Original Message----- From: wirepair [mailto:wirepair@xxxxxxxxxxxxx]=20 Sent: Tuesday, October 01, 2002 7:33 PM To: bugtraq@xxxxxxxxxxxxxxxxx; vuln-dev@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; com@xxxxxxxxxxxxxxxxx; vulnwatch@xxxxxxxxxxxxx; pen-test@xxxxxxxxxxxxxxxxx Subject: Citrix Published Application Brute Forcer This is a new design flaw that I discovered when trying to=20 break the 'only allow published applications' option. This=20 will attempt to brute force the application names that are=20 published by looking for a specific return datagram. All=20 other details are in the README. This file can be=20 downloaded at http://sh0dan.org/files/pubappbrute.tar.gz It also includes a template pubapp file which contains=20 common published applications. Enjoy. -wire _____________________________ For the best comics, toys, movies, and more, please visit <http://www.tfaw.com/?qt=3Dwmf> ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm