Comments on: Kiosk Hacking: When there is nothing else left /blog/kiosk-hacking-when-there-is-nothing-else-left/ Information Security Think Tank Thu, 21 Aug 2008 19:43:31 +0000 http://wordpress.org/?v=2.6.1 By: pdp /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-122708 pdp Sat, 28 Jun 2008 06:08:24 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-122708 Nice one, I have a few tricks for Kiosk hacking maybe we should organize a Kiosk Hacking Challenge just like the Router Hacking <a href="http://www.gnucitizen.org/projects/router-hacking-challenge/" rel="nofollow">one</a>. Nice one, I have a few tricks for Kiosk hacking maybe we should organize a Kiosk Hacking Challenge just like the Router Hacking one.

]]> By: vipera /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-122704 vipera Fri, 27 Jun 2008 23:02:21 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-122704 in response to Awesome AnDrEw yes eu has ALOT of kiosks, best thing is that 80% of them has an usb port "made for uploading pictures", but most often with a few browser commands or exploits, u can get ur own apps running without a hassel. and about webtv, some kiosks provide both "surf" and "tv" (webtv in most cases), and even if they have locked down the surf part of the kiosk, the webtv part can most often be exploited, as they forgett all the fastkey commands many of those have. ex: in germany i was stuck in a small town, needed encrypted vnc access to my box, wifi? none! kiosks, many! but never managed to break it. then i noticed the tv function. and noticed it was streaming over the internet from several "live" channels. a few key clicks and i found out what the player was and got an save prompt, the issue with that player was, the save prompt didnt only take the save file name, pipe it (|) and it would let u type in any *nix prompt commands i usually use. a few seconds later, it was running my ccvnc directly from usb without asking anything. in response to Awesome AnDrEw

yes eu has ALOT of kiosks, best thing is that 80% of them has an usb port “made for uploading pictures”, but most often with a few browser commands or exploits, u can get ur own apps running without a hassel.

and about webtv, some kiosks provide both “surf” and “tv” (webtv in most cases), and even if they have locked down the surf part of the kiosk, the webtv part can most often be exploited, as they forgett all the fastkey commands many of those have.

ex: in germany i was stuck in a small town, needed encrypted vnc access to my box, wifi? none! kiosks, many! but never managed to break it. then i noticed the tv function. and noticed it was streaming over the internet from several “live” channels. a few key clicks and i found out what the player was and got an save prompt, the issue with that player was, the save prompt didnt only take the save file name, pipe it (|) and it would let u type in any *nix prompt commands i usually use. a few seconds later, it was running my ccvnc directly from usb without asking anything.

]]> By: C@puNx /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-121855 C@puNx Wed, 14 May 2008 15:15:02 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-121855 Nice articles unfortunately I have tried this when I was on High school. but its quite nice as a memories Nice articles unfortunately I have tried this when I was on High school. but its quite nice as a memories

]]> By: Thomas /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-119485 Thomas Tue, 22 Apr 2008 19:19:48 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-119485 I used to be the VP of Operations for a Kiosk hardware and software company. They did music downloading kiosks. Doing this required available USB ports for MP3 player and thumb drives. They were open and available on the outside of the machine. The company thought they were safe because there was no keyboard so you were unable to close the kiosk app and get to xp in the background. The problem was all you needed to do was plug a usb keyboard into the available usb port and you had access to over 1.5 TB of Music. I used to be the VP of Operations for a Kiosk hardware and software company. They did music downloading kiosks. Doing this required available USB ports for MP3 player and thumb drives. They were open and available on the outside of the machine. The company thought they were safe because there was no keyboard so you were unable to close the kiosk app and get to xp in the background. The problem was all you needed to do was plug a usb keyboard into the available usb port and you had access to over 1.5 TB of Music.

]]> By: Dd /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118695 Dd Sat, 12 Apr 2008 23:20:44 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118695 A few things I've found while bored in airports: Often he company who owns the site lets you browse the company's site free of charge: try to find pdf's/wmvs other files which may not open in the browser but will run a native app from which you can get an explorer frame. The "about:" address can be extremely useful, as anything you enter after the about will normally be echoed back onto the page. eg "about:<script lang=..." etc. I once found a knoppix kiosk which was slightly locked down but gave a prompt "Would you like to run /bin.bash from it's current location?" when the appropriate path was entered as the address bar. Yes please. U3 drives, autorun explorer/ portable cmd shell. One great, but unpredicatbale thing is when a native app pops up from behind the scene... eg "would you like to update program x? Updating...done. Wanna browse around C:\ to save a log file?" The other great thing about java (with .jar files) is they're not executables, so the OS might have no problem running them. Java usually gets to see all attached drives, and can be used to copy files to the temp directory or others which may be rwx. A few things I’ve found while bored in airports:

Often he company who owns the site lets you browse the company’s site free of charge: try to find pdf’s/wmvs other files which may not open in the browser but will run a native app from which you can get an explorer frame.

The “about:” address can be extremely useful, as anything you enter after the about will normally be echoed back onto the page. eg “about:<script lang=…” etc.

I once found a knoppix kiosk which was slightly locked down but gave a prompt “Would you like to run /bin.bash from it’s current location?” when the appropriate path was entered as the address bar. Yes please.

U3 drives, autorun explorer/ portable cmd shell.

One great, but unpredicatbale thing is when a native app pops up from behind the scene… eg “would you like to update program x? Updating…done. Wanna browse around C:\ to save a log file?”

The other great thing about java (with .jar files) is they’re not executables, so the OS might have no problem running them. Java usually gets to see all attached drives, and can be used to copy files to the temp directory or others which may be rwx.

]]> By: Mike /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118435 Mike Tue, 08 Apr 2008 19:27:21 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118435 *TRY* opening a folder in winblows and try navigating to this: %comspec% There are other places where %comspec% works. Fun, huh? *TRY* opening a folder in winblows and try navigating to this:
%comspec%
There are other places where %comspec% works.
Fun, huh?

]]> By: Awesome AnDrEw /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118395 Awesome AnDrEw Tue, 08 Apr 2008 13:40:33 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118395 Kiosks are far more popular, and widely available across European countries, right? I don't believe I have ever come across one in the U.S. as most hotels, airports, and other places I have visited either had an available Ethernet port, Wi-Fi, or service such as WebTV. I only remember using one once several years ago in a hotel in England where it cost several pounds to go online for an hour unless our definitions of kiosks are different. Kiosks are far more popular, and widely available across European countries, right? I don’t believe I have ever come across one in the U.S. as most hotels, airports, and other places I have visited either had an available Ethernet port, Wi-Fi, or service such as WebTV. I only remember using one once several years ago in a hotel in England where it cost several pounds to go online for an hour unless our definitions of kiosks are different.

]]> By: pdp /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118377 pdp Tue, 08 Apr 2008 10:34:05 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118377 there will be more kiosk hacking related blog posts released soon, some great stuff are coming soon from fellow researchers. there will be more kiosk hacking related blog posts released soon, some great stuff are coming soon from fellow researchers.

]]> By: hackathology /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118361 hackathology Tue, 08 Apr 2008 07:01:31 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118361 Interesting post. I used to play around with kiosk and its pretty crappy when it comes to security. Interesting post. I used to play around with kiosk and its pretty crappy when it comes to security.

]]> By: Jonas /blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118292 Jonas Mon, 07 Apr 2008 17:46:43 +0000 http://www.gnucitizen.org/blog/kiosk-hacking-when-there-is-nothing-else-left/#comment-118292 Thank you for some interesting reading. I'd love to hear more about your adventures in kiosk hacking. I've recently started looking at the possibilities of kiosk hacking, and it's kind of interesting. Thank you for some interesting reading. I’d love to hear more about your adventures in kiosk hacking. I’ve recently started looking at the possibilities of kiosk hacking, and it’s kind of interesting.

]]>