[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] iKAT - The Interactive Kiosk Attack Tool v2.0 Released - http://ikat.ha.cked.net



Last year at Defcon 16 I released iKAT v1.0, the Interactive Kiosk Attack tool.
Those who went to Defcon and saw the hacked kiosks at the riverra, may realize 
just how effective iKAT was on the day.
(http://www.mr337.com/blog/wp-content/uploads/2008/08/terminalhacking.jpg)

The concept is very simple, iKAT is a website you visit from a Kiosk terminal.
iKAT's sole purpose is to pop shell on the Kiosk, using every possible 
technology.
What you do with the shell, is up to you...

It works, it works really well, and it works very fast.

I have been developing a new version of iKAT (v2) which I plan to demo at 
ShakaCon next month!
However I have released it publically today at : http://ikat.ha.cked.net
Multiple Kiosk vendors have taken to directly blocking the iKAT URL in new 
versions of their software.
To combat this I have also setup the alias domain: http://ikat2.ha.cked.net

iKAT v2.0 is now multi-platform, and supports Linux, Windows and some OSX based 
Kiosks.
It also supports FireFox and Safari based Kiosks (not just IE anymore!)
I have been busy writing tools, and more Kiosk specific exploitation tricks.
V2.0 represents a much faster and smoother Kiosk hacking experience.

If you are coming to ShakaCon 2k9 make sure you come see my talk, or at least 
buy me a beer.

On a final note, the 'iKAT Girl' as some people call her ( the iKAT logo) , is 
a common point of contention people like to email me about.
Apparently a "half naked girl plucking a thong out of her ass" is not 
acceptable when your hacking a Kiosk in public (or an airport)..
I would just like to remind everyone that iKAT was not designed to hack public 
Kiosks, or Kiosks in hotels.


Thanks,


Paul Craig
Principal Security Consultant
Security-Assessment.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/