Quick noddy breakout tip using Favourites

I did another Citrix breakout job just the other day and as per usual found the effectively cosmetic only lockdown provided for by group policy… remember kids: “Group Policy is not a security boundary”.

So I had a bit more of a play about imagining I had less access than I did. Turns out that while file paths and calls were correctly disabled within the address bar of internet explorer, I could quite happily specify them as a link within the favourites bar by modifying a pre-existing favourite and then clicking it.

“Right click, add toolbar, links”
Why on earth does this method work if paths are disabled in IE?!

Clicking the abused favourite link would then pop explorer (or tbh anything you like, its effectively a .lnk at this point).

Yes… classic armadillo security – Crunchy on the outside, gooey on the inside. #DimeBar

Not world-destroying by any means but yet another method of breakout worth considering. Not sure why i’ve not used this before now but meh, its one to remember for next time 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.