[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] iKAT - The Interactive Kiosk Attack Tool v2.0 Released - http://ikat.ha.cked.net
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>, "pen-test@xxxxxxxxxxxxxxxxx" <pen-test@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] iKAT - The Interactive Kiosk Attack Tool v2.0 Released - http://ikat.ha.cked.net
- From: Paul Craig <paul.craig@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 27 May 2009 21:01:33 +1200
Last year at Defcon 16 I released iKAT v1.0, the Interactive Kiosk Attack tool.
Those who went to Defcon and saw the hacked kiosks at the riverra, may realize
just how effective iKAT was on the day.
(http://www.mr337.com/blog/wp-content/uploads/2008/08/terminalhacking.jpg)
The concept is very simple, iKAT is a website you visit from a Kiosk terminal.
iKAT's sole purpose is to pop shell on the Kiosk, using every possible
technology.
What you do with the shell, is up to you...
It works, it works really well, and it works very fast.
I have been developing a new version of iKAT (v2) which I plan to demo at
ShakaCon next month!
However I have released it publically today at : http://ikat.ha.cked.net
Multiple Kiosk vendors have taken to directly blocking the iKAT URL in new
versions of their software.
To combat this I have also setup the alias domain: http://ikat2.ha.cked.net
iKAT v2.0 is now multi-platform, and supports Linux, Windows and some OSX based
Kiosks.
It also supports FireFox and Safari based Kiosks (not just IE anymore!)
I have been busy writing tools, and more Kiosk specific exploitation tricks.
V2.0 represents a much faster and smoother Kiosk hacking experience.
If you are coming to ShakaCon 2k9 make sure you come see my talk, or at least
buy me a beer.
On a final note, the 'iKAT Girl' as some people call her ( the iKAT logo) , is
a common point of contention people like to email me about.
Apparently a "half naked girl plucking a thong out of her ass" is not
acceptable when your hacking a Kiosk in public (or an airport)..
I would just like to remind everyone that iKAT was not designed to hack public
Kiosks, or Kiosks in hotels.
Thanks,
Paul Craig
Principal Security Consultant
Security-Assessment.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/