border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Tuesday, August 28, 2012

Ikat VI: new version of the popular tool to attack Internet kiosks

Paul Craig officially launched on August 15 and during the conference XCon2012 Beijing revision 2012 or version VI of Ikat (The Interactive Kiosk Attack Tool) , the de-facto standard for penetration testing in restricted environments such as Citrix terminals, and webTVs Kiosks of Internet access services, photo printing, directories airports, museums, etc ... Ikat is very easy to use (we could call it clumsily "graphic hacking"), is 100% free and is presented as a SaaS website (software as a service) that you can visit from any browser in order to exploit the shift kiosk and get a system console. The url is and now we can find versions for Windows, Linux and other called PhotoKAT designed to exploit any system that allows us to insert a USB device or memory card (usually photo printing terminals ).

One of the biggest changes is the implementation of a client-server model which includes an agent in each payload to establish a reverse connection to the server ikat which will handle all post-exploitation tasks. This will try to evade antivirus locks and kiosk manufacturers, as you can imagine, including his tools were already at the top of their blacklists. further highlight is the publication of an SMB read resource sharing containing the agent, his bookstore and various tools. This way we can run the agent simply throwing \ \ \ ikat \ ikat.exe from the command line or by recording your library with regsvr32 \ \ \ ikat \ ikat.dll , very useful when we execute commands but can not download files. Moreover, integration with Metasploit Browser AutoPWN, new techniques, more exploits, tools, browser plug-ins, PDF files / Office and endless "tricks" to commit more such environments. So beware if you print your photos or connect to the Internet at an Internet cafe or at a kiosk in a hotel because, what you see now with different eyes? lol

No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More