[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <DA9966FCC637E843AC66318C53B744221A7E0E19FB@whau.smb2go.net>
Date: Wed, 27 May 2009 21:01:33 +1200
From: Paul Craig <paul.craig@...urity-assessment.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
"pen-test@...urityfocus.com" <pen-test@...urityfocus.com>
Subject: iKAT - The Interactive Kiosk Attack Tool v2.0
Released - http://ikat.ha.cked.net
Last year at Defcon 16 I released iKAT v1.0, the Interactive Kiosk Attack tool.
Those who went to Defcon and saw the hacked kiosks at the riverra, may realize just how effective iKAT was on the day.
(http://www.mr337.com/blog/wp-content/uploads/2008/08/terminalhacking.jpg)
The concept is very simple, iKAT is a website you visit from a Kiosk terminal.
iKAT's sole purpose is to pop shell on the Kiosk, using every possible technology.
What you do with the shell, is up to you...
It works, it works really well, and it works very fast.
I have been developing a new version of iKAT (v2) which I plan to demo at ShakaCon next month!
However I have released it publically today at : http://ikat.ha.cked.net
Multiple Kiosk vendors have taken to directly blocking the iKAT URL in new versions of their software.
To combat this I have also setup the alias domain: http://ikat2.ha.cked.net
iKAT v2.0 is now multi-platform, and supports Linux, Windows and some OSX based Kiosks.
It also supports FireFox and Safari based Kiosks (not just IE anymore!)
I have been busy writing tools, and more Kiosk specific exploitation tricks.
V2.0 represents a much faster and smoother Kiosk hacking experience.
If you are coming to ShakaCon 2k9 make sure you come see my talk, or at least buy me a beer.
On a final note, the 'iKAT Girl' as some people call her ( the iKAT logo) , is a common point of contention people like to email me about.
Apparently a "half naked girl plucking a thong out of her ass" is not acceptable when your hacking a Kiosk in public (or an airport)..
I would just like to remind everyone that iKAT was not designed to hack public Kiosks, or Kiosks in hotels.
Thanks,
Paul Craig
Principal Security Consultant
Security-Assessment.com
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists