Kiosk hacking

Have you ever found yourself trapped in a internet Kiosk? those machine with customized software (most of them with windows) that only allows you to browse the net, print and maybe save a file in a thumbrive? I always had my kiosk cheatsheet, but now Paul Craig had released I-KAT, a website that pretend to hack a kiosk in under 120 seconds. I read his presentation at HITB and i really liked some of his tricks, really he found lots of security bypasses on the most used kiosks around the world.

Some of the tricks:

Invoking a command line, without executing cmd.exe:

-command.com
-loadfix.com start.exe
-win.com
-start loadfix.com cmd.exe
-%COMPSEC%
-sc create testsvc binpath "cmd /K start" type= own type interact

There a many combinations of these and he found 17 cmd.exe detours.

Another cool trick is embedding a cmd.exe inside an Office document (doc,docx, xls, xlsb, xlsm, xlsx), and then when you open the file the "Open package Contents" will popup.

Most of the bypasses are because the use of Black lists, the people still doesn't get it that black lists are dangerous...

I recommend to check the Ikat site and Paul Craig presentation to get all the tricks:

HITB presentation
I-KAT website
Portable tool

-CMM

1 comentarios:

chris said...

can you post your cheat sheet?