[<prev] [next>] [day] [month] [year] [list]
Message-ID: <DA9966FCC637E843AC66318C53B744221F3E5B8C11@whau.smb2go.net>
Date: Sat, 24 Jul 2010 08:36:22 +1200
From: Paul Craig <paul.craig@...urity-assessment.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: iKAT - Interactive Kiosk Attack Tool v3 - Defcon
18 Edition
iKAT - Interactive Kiosk Attack Tool v3
----------------------------------------
http://ikat.ha.cked.net
It is with my great pleasure that i would like to introduce iKAT v3.
iKAT - The Interactive Kiosk Attack Tool is the world's premier
Internet Kiosk/Citrix/Thin-Client hacking tool.
Designed as a SaaS, iKAT features many methods of escaping out of a
browser jailed environment and gaining command execution.
iKAT is a website you visit from a Kiosk, its quick, free, and aims to please.
iKAT is solely developed by myself (Paul Craig) a Kiosk hacking enthusiast from New Zealand.
Defcon 18 Edition:
---------------------
iKAT and Defcon seem to go hand in hand, and when the con is on
Kiosks get 'visited' by iKAT. Traffic to the iKAT website increased by
10x last year during Defcon 17! To celebrate this i have decided to
coincide the new release of iKAT v3 with Defcon 18, and include a limited
edition Defcon skin.
Defcon 18 Action Shots:
----------------------
If you use iKAT during Defcon 18 please send me an action photo!!
Grab your iphone/blackberry and snap a photo of iKAT and the Kiosk you abused.
Flash your hacker gang signs, strike a mean pose and show the world
what you got. Email your photo's to: paul@...cked.net, you can also post your
activity on the "Share Your Pwnage" page of iKAT
Paul, Why The Porn?:
----------------------
By far the most common question i get asked is "Why do you have such
a pornographic image on iKAT?"
The answer to this question is simple, iKAT makes hacking Kiosks easy
(too easy if you ask me). So I wanted to discourage people from rampaging
through the streets owning every Kiosk in sight.
If you want to hack with iKAT, you need to have balls the size of bowling balls,
and the gumption to have a bit of skin on screen. It seems people are more
scared of being accused of looking at porn, than being accused of hacking a Kiosk!
iKAT will always feature eye-catching graphics, designed to test the size of your
man-hood and push the limits of your bravery.
The Defcon 18 edition of iKAT features a Japanese rope bondage inspired logo.
Whats New in iKAT v3:
----------------------
* Signed Code
All iKAT tools, VBScripts, ActiveXs, ClickOnce, SilverLight apps are now signed by a trusted CA!
Four months ago i placed a "Donate Now" button on the front page of iKAT, hoping to
raise money for a code signing certificate
Sadly only two people donated cash (Enrique Exposito Martinez and Gerald Fehringer, you guys rock)
Luckily a Kiosk vendor was willing to come to the party and donate the remaining cash.
Big thanks to Kioware Kiosks, who kindly donated the remaining money.
All iKAT tools are now signed by a trusted CA
* More Tools
iKAT now contains more tools packaged in different containers, file
formats, PDFs, and even silent installers. More Java Applets, More VBScript, More WMI!
* iKAT ActiveX
A newly developed ActiveX which focuses on Windows Shell hacking and
process spawning. The ActiveX is signed and provides a mad amount of functionality.
* iKAT OfficeKAT
Thanks to Didier Stevens who donated his "Excel Spawn CMD in Memory"
trick to the iKAT project
OfficeKAT allows you to pop shell in environments where you can run
Excel, what's more you don't need to write to the file system.
* iKAT SilverLight
SilverLight (and mono) are now supported by iKAT, and provide yet another attack
vector for your pleasure
* Improved URI + File Handler Enumeration
Vastly improved enumeration code, more URI's, more instant "One click magic".
I also added support some of the more interesting Microsoft based URI handler
vulnerabilities released this year.
* Emo Kiosking - Crashing the Kiosk
The fastest way to get out of a browser jail environment is to simply CRASH IT.
Oddly enough this is also the easiest thing to do to a browser, and
Emo-Kiosking has become a personal favourite trick of mine.
iKAT now supports over 60 different methods of crashing a browser, or a browser
add-on This allows you to quickly drop back to the desktop, often with only
one click required.
I would like to thank the following people who have helped by donating money,
time or research to the iKAT project:
---------------------
Mark Burnette, Didier Stevens, Lynn Crumbling, Kioware Kiosks, David Bright,
Gerald Fehringer, Blair Reid, Enrique Exposito Martinez
Nate McFeters, Billy Rios, David Bright, Roberto Suggi, Jason Geffner,
Titon @ Bastardslabs, Petko D. Petkov
---------------------
I hope those going to Defcon 18 enjoy the conference and think of iKAT
whenever you see an internet Kiosk.
And don't forget to send me your action shots: paul@...cked.net !!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists