web stats
Home
How to Hack a Kiosk

How to Hack a Kiosk

The Stash No Comments

How to Hack a Kiosk

Kiosk Hacking

Ever walked past a kiosk in a store, airport, shopping mall or even in the street? I’ll bet you have. But how many of you have looked deeper than that fullscreen GUI that’s present on most of these kiosks?
Well, now you can.
 

So, what do?

  • Bypass the fullscreen application
  • Exploit the kiosk
  • Leave, and repeat with another kiosk

Bypassing the fullscreen application

That fullscreen application running on the kiosk is just a piece of software. It’s a front end application, but the kiosk is actually running on an operating system, like Windows (usually a really shitty old windows, such as 98).

If you have a keyboard, this may be easier than using a touchscreen, because you can try and use the following hotkeys…

  • Windows Key
  • Windows Key + L
  • Windows Key + D
  • Windows Key +U
  • Shift 5 times (Stickykeys)
  • NumLock 5 Times
  • Alt + F4
  • CTRL + W
  • Shift + Alt + Print Screen
  • CTRL + ALT + DEL
  • CTRL + SHIFT +ESC

If you DON’T have a keyboard, you’re gonna have to work with what you’ve got.

Kiosk got internet on it? Try typing any of these into the address bar…

  • %windir%
  • %systemdrive%
  • %systemroot%
  • %temp%
  • file:/C:/windows/system32
  • file:/C:/windows/system32\
  • file://C:/windows/system32
  • file://C:/?http://
  • file://C:/?https://
  • C:/windows/system32\
  • C:\windows/system32/
  • C:\windows/system32\
  • C:/windows/system32/

If you can browse the hard disk, you can determine the OS, and what’s running. You may also be able to open up a command promt, or even task manager. Then you can disable the fullscreen application.

The internet may also house something which allows you to open any of these dialog boxes…

  • File Print Dialog
  • File ‘Save As’ Dialog
  • Print Preview

These basically act as file browsers, which are fantastic!

What Can I Do After Bypassing the Application?

Well, that’s pretty much up to you, isn’t it. For the purposes of this guide, I suggest the following…

  • Setting the homepage to TOTSE!
  • Changing the desktop background to TOTSE
  • Installing a keylogger
  • Bring up a notepad file, and tell the world that “username pwns kiosks, TOTSE pwns all”

Resources

Finally, I want to bring your attention to this website. Its an online kiosk hacking tool, designed to pop a kiosk in a matter of minutes. You can also download a portable version!

http://ikat.ha.cked.net

Discuss http://www.totse.info/bbs/showthread.php?t=5694

Related Posts

Leave a Reply