Compass Security Event 2005 - Terminal Server Application Break-Out
Citrix MetaFrame and Terminal Server technology is often used as a component in protecting critical applications. The main feature is its capability for protocol conversion which allows access to an application by means of keyboard and screen output only.
One application of these technologies is their use in graphical firewalls for safely surfing the internet without the risk of infecting the user’s computer with malware. Another is to implement extranet access for employees and business partners. In all these scenarios the users are not granted full desktop access and can use particular applications only. But the restrictions are often implemented poorly and allow a malicious user to easily escape the context of the application and gain desktop access or in the end Intranet access.
At the Compass Security Event in 2005 I demonstrated how a malicious user can escape the context of the application using standard Windows short-cuts and using Office macro and copy-paste functionality to transfer arbitrary malicious software onto and binary data out of the terminal server. As a bonus I demonstrated the QRCode FTP utility I have written for my diploma thesis which allows transferring files out of the terminal server by animated 2D matrix codes. For more details see the slides which are available in German or English. A demonstration video of QRCode FTP is available for download as well (15 MB).