We are starting an interesting week here at Pentura. We are going to be during this week at Infosec where you can find us and ask about our services, some of us will be at BSides London and, last, but not least, the Royal Weeding and holidays for some of us! Lots of places that I’m going to be visiting this week and a new trick I discovered today and I’m going to share with you ?
When we are travelling, visiting some place or just going to the train station we can see some machines offering internet access after paying some money. These machines need to be tested too and here, at Pentura, we already did a couple of test of kiosk or lock down machines.
The tricks usually are trying to get a command shell, navigate outside of allowed pages or copy/extract files from the hard disk. To achieve this we usually only have a limited desktop and a Internet Explorer browser. The good thing is Internet Explorer is very well integrated in the OS so if we write in the address bar a local resource it’ll be (hopefully) displayed. In the other hand, as it’s a Microsoft product, integrated into a Microsoft OS, it has a lot of Local Policies that can be applied to limit the functionality of the browser.
When doing a test like this you have to try many things that can work but today I discovered a website that can be really useful during this kind of test: iKAT
iKAT is a platform for trying to lunch a file explorer using Open File, Save File, Print, etc dialogues, discover of apps installed in the system, or trying to load Flash, Silverlight or Java applets to get access to different. It’s a compilation of a lot of browser tricks that you should be testing in a kiosk audit. Other tricks in these machines use to be dragging and dropping elements of the interface into the IE window to force the Save as dialog to appear.
I hope this help you in your next security audit! I’ll be saving this for my next challenge ?