Penetration Testing mailing list archives

Re: pen-testing an information kiosk (breaking out of the application)


From: Mark Reardon <riscorp () mindspring com>
Date: Fri, 25 Apr 2003 08:35:46 -0400 (GMT)

I broke into a banking kiosk last week by accident ;-). I changed the URI on the browser by having a configured exit 
URI in the banking application. The bank's firewall prompted for a password and I just clicked cancel since I don't 
have one. It then connected me to the external location and let be browse. 

I then discovered I could ignore all the warning messages and the browser still worked. I then tried poking around on 
the 10.0.0.0 address space and found a link to the corporate internal home page. 

I asked for the branch manager and showed them the browser, and explained that the information should be in their logs. 
I gave them my name and left.

Was there a method to my madness? No. I just started poking around because it did something I didn't expect. However, 
it points to two items of interest. Any field that will accept input is a possible point of intrusion. Don't assume 
that security challenges will control things.

Good luck,

Mark
-------Original Message-------
From: bugtraq () oechslin net
Sent: 04/23/03 05:16 AM
To: pen-test () securityfocus com
Subject: pen-testing an information kiosk (breaking out of the application)





I have to pen-test information kiosk 

It is a networked PC with an application which is supposed to run all the 
time and from which it is not possible to exit (other than shuting down 
the machine). The application starts when an operator logs in with a 
given username and password. I haven't been able to put my hands on the 
machine but I'm looking for information to prepare the pen-test.

Except the standard networked-based pen-testing I have to find out if it 
is possible to break out of the application and access other applications.

I will also try to boot from another device, but the bios is supposed to 
be password protected.

Does anybody know of tools and vulnerabilities specific to this scenario?

 thanks,

  Philippe



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  

The two-day Briefings on May 14-15 features 24 top speakers with no vendor 

sales pitches.  Deadline for the best rates is April 25.  Register today
to 
ensure your place.  <a target=_blank
href="http://www.securityfocus.com/BlackHat-pen-test";>http://www.securityfocus.com/BlackHat-pen-test</a>

----------------------------------------------------------------------------



----
Mark Reardon
Reardon Information Security Corporation
156 Blue Sky Drive
Marietta, GA 30068
(770) 565-0544
(404) 444-0041 cell

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-pen-test 
----------------------------------------------------------------------------


Current thread: