Full Disclosure mailing list archives
iKAT 2013 Release - Interactive Kiosk Attack Tool
From: Paul Craig <paul () ha cked net>
Date: Mon, 18 Mar 2013 21:12:34 +0800
iKAT - Interactive Kiosk Attack Tool v2013 Paul Craig - Paul () ha cked net ------------------------------------------------------------- It is with my greatest of pleasure that i would like to announce the availability of iKAT v2013! iKAT (The Interactive Kiosk Attack Tool) has become the worlds de-facto standard security tool when conducting penetration testing of controlled browser environments, such as : Citrix Sessions, WebTVs, In-Flight Entertainment Systems and Internet Kiosk platforms. iKAT has grown from a simple SaaS website in 2006, to a complete client/server infrastructure used world-wide. v2013 includes new features and advancements, and the release of iKAT Desktop - formally known as iKAT Standalone. iKAT is a website you can visit at http://*.ha.cked.net (commonly accessed at http://ikat.ha.cked.net) The website will try to use a variety of browser technologies to gain access to the browser environment you are surfing from. In essence - iKAT will allow you to hack yourself, giving you an assortment of unrestricted command shells from wherever you are. Much to my delight, this technology has become globally accepted - its use is taught in SANS security training courses, and used by penetration testers world-wide. I am also proud to say that since the release of iKAT in 2006, iKAT has had a dramatic impact on the security stance of many Kiosk software vendors. We made a difference! New Additions: ---------------------------------------- iKAT 2013 is generally a refinement of the iKAT software, with a smoother exploitation path - more exploits, and better compatibility. New Features: The iKAT Girl is back!! New Download Methods for each of the iKAT Tools Smoother / Faster exploitation Many resolved bugs and issues Refined and updated tools iKAT Desktop: ---------------------------------------- Two years ago i suspended the development of iKAT Standalone (A downloadable version of the iKAT server), due to the architectural change of iKAT from a simple package of HTML/JS files. I received over 250 emails from iKAT users asking when i would be making it available again, my users screamed that they needed to have their own instance of iKAT available internally. Your calls for help did not go unheard, and thank you for showing your support. Thanks to a sponsorship agreement from Offensive Security (you guys seriously rock), iKAT Desktop is now available for download and supports Windows, Linux x86/x64 and Linux ARM. It is also now a part of Kali Linux (http://www.kali.org/) iKAT Desktop is easy to use and only requires an installation of Metasploit. Once installed, iKAT will start its own web server and a back-end Metasploit server instance. It should be noted that the Desktop version of iKAT has several restrictions, but is otherwise fully functional and will give you the same experience as the online version of iKAT. iKAT PwnMap: ---------------------------------------- At the start of 2013 i began recording where in the world iKAT was successfully getting shell, the level of access gained and the OS in use on the remote host. This information has proven interesting, as it demonstrates where iKAT is being used globally and the success rate of the technologies employed. At the time of writing this email, iKAT has spawned 151 shells on unique remote hosts around the world, with 72 of those being SYSTEM accounts.
From Vietnam to Beijing, Israel to Azerbaijan, Algeria to Chelyabinsk
- iKAT seems to have a very wide user base, and is being used primarily against Windows XP and Windows 7 hosts. By far the most use of iKAT comes from West Europe, with the West Coast USA close behind. East Coast USA - you guys are lagging.. The iKAT PWNMap is available at http://ikat.ha.cked.net/pwnmap I would like to note that only the remote IP address, account gained and OS are logged by iKAT. The plotted locations only represent the ISP of the IP address, no further detailed information has been recorded. iKAT Pro / iKAT Live: ---------------------------------------- iKAT Desktop and the iKAT Website now feature the infamous 'iKAT Girl' - a half-naked girl who acts as a hacking deterrent. I have often been asked why i use a provocative image on iKAT - and if i can remove her. The WHY is simple. iKAT makes hacking public access terminals too easy, and there is no way i can stop the tool from being used maliciously. To combat this, if you want to hack in a public place - you need to have a half-naked girl on screen. This simple deterrent has worked, and many hackers have told me that they love iKAT - but will not use it in public for fear of being seen as surfing porn. However, i also understand that iKAT needs to be used in corporate environments such as banks, or on a client site where a NSWF image is unacceptable. With this in mind i have developed two additional products that will soon be available. iKAT Professional and iKAT Live. iKAT Professional is a discreet version of iKAT Desktop, featuring more technological advancements, more exploits, more browser add-on's and a completely discreet professional look. If you want to be using iKAT on a client site, you need iKAT Professional. iKAT Live is a subscription based model to an online version of iKAT Professional, for those who do not need their own iKAT Professional instance locally - but still require the technological advancements, and the discreet design. Currently both products are in pre-release, and you can register your interest at http://ikat.ha.cked.net/store to receive a discount when they become available. Thanks to those who made this possible: ---------------------------------------- iKAT is a labor of love, and would only be possible by the support of the security community and those around me. I would like to say a huge thanks to Offensive Security for the belief in iKAT, and the support and assistance to create iKAT Desktop. and to Adam Sebolka Jonathan Cran Paul Klinger Grange Yannick Thaddeus Bogner Each of you donated money towards the iKAT Project in the last 12 months. Thank you so much, every cent went towards fighting the good fight. Paul Craig - paul () ha cked net "The King of Kiosk Hacking" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- iKAT 2013 Release - Interactive Kiosk Attack Tool Paul Craig (Mar 18)