lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 27 May 2009 21:01:33 +1200
From: Paul Craig <paul.craig@...urity-assessment.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	"pen-test@...urityfocus.com" <pen-test@...urityfocus.com>
Subject: iKAT - The Interactive Kiosk Attack Tool v2.0
 Released - http://ikat.ha.cked.net

Last year at Defcon 16 I released iKAT v1.0, the Interactive Kiosk Attack tool.
Those who went to Defcon and saw the hacked kiosks at the riverra, may realize just how effective iKAT was on the day.
(http://www.mr337.com/blog/wp-content/uploads/2008/08/terminalhacking.jpg)

The concept is very simple, iKAT is a website you visit from a Kiosk terminal.
iKAT's sole purpose is to pop shell on the Kiosk, using every possible technology.
What you do with the shell, is up to you...

It works, it works really well, and it works very fast.

I have been developing a new version of iKAT (v2) which I plan to demo at ShakaCon next month!
However I have released it publically today at : http://ikat.ha.cked.net
Multiple Kiosk vendors have taken to directly blocking the iKAT URL in new versions of their software.
To combat this I have also setup the alias domain: http://ikat2.ha.cked.net

iKAT v2.0 is now multi-platform, and supports Linux, Windows and some OSX based Kiosks.
It also supports FireFox and Safari based Kiosks (not just IE anymore!)
I have been busy writing tools, and more Kiosk specific exploitation tricks.
V2.0 represents a much faster and smoother Kiosk hacking experience.

If you are coming to ShakaCon 2k9 make sure you come see my talk, or at least buy me a beer.

On a final note, the 'iKAT Girl' as some people call her ( the iKAT logo) , is a common point of contention people like to email me about.
Apparently a "half naked girl plucking a thong out of her ass" is not acceptable when your hacking a Kiosk in public (or an airport)..
I would just like to remind everyone that iKAT was not designed to hack public Kiosks, or Kiosks in hotels.


Thanks,


Paul Craig
Principal Security Consultant
Security-Assessment.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ