In Citrix NFuseProtocol, password is encoded, not the one you typed. If you capture the traffic between Citrix Receiver and PNAgent (Now it is called XenApp Service) web site, you will see the typical post data.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd"><NFuseProtocol version="4.6">
<RequestReconnectSessionData>
<Credentials>
<UserName>administrator</UserName>
<Password encoding="ctx1">NFHALEBBMHGCLEBBMDGGKMAJNOHLLKBP</Password>
<Domain type="NT">CONTOSO</Domain>
</Credentials>
<ClientName>REMLAPTOP</ClientName>
<ClientName>REMLAPTOP</ClientName>
<ServerType>win32</ServerType>
<ClientType>ica30</ClientType>
<SessionType>disconnected</SessionType>
<SessionType>active</SessionType>
</RequestReconnectSessionData>
</NFuseProtocol>
Ever wonder what is the original password of the encoded one "NFHALEBBMHGCLEBBMDGGKMAJNOHLLKBP"?
Here is the tool you can try.
For encode, do
citrixpassword.exe encode "password"
It will output the result
hash password = NFHALEBBMHGCLEBBMDGGKMAJNOHLLKBP .
For decode, do
citrixpassword.exe decode NFHALEBBMHGCLEBBMDGGKMAJNOHLLKBP
The result will be,
original password = password .
Don't ask me to publish the source code, I think it is not wise to do that. However the algorithm is very simple, just some XOR operations. You can work it out easily by disassembling my tool.
Reference
Encoding and Decoding Citrix Passwords
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment