Designed as a SaaS, iKAT features many methods of escaping out of a browser jailed environment and gaining command execution. iKAT is a website you visit from a Kiosk, its quick, free, and aims to please.
Defcon 18 Edition:
———————
iKAT and Defcon seem to go hand in hand, and when the con is on Kiosks get ‘visited’ by iKAT. Traffic to the iKAT website increased by 10x last year during Defcon 17! To celebrate this, the author has released iKAT v3, and included a limited edition Defcon skin.
Whats New in iKAT v3:
———————-
* Signed Code
All iKAT tools, VBScripts, ActiveXs, ClickOnce, SilverLight apps are now signed by a trusted CA!
Four months ago i placed a “Donate Now” button on the front page of iKAT, hoping to raise money for a code signing certificate
Sadly only two people donated cash (Enrique Exposito Martinez and Gerald Fehringer, you guys rock)
Luckily a Kiosk vendor was willing to come to the party and donate the remaining cash, so iKAT can get signed.
Big thanks to Kioware Kiosks, who kindly donated the remaining money.
All iKAT tools are now signed by a trusted CA
* More Tools
iKAT now contains more tools packaged in different containers, file formats, PDFs, and even silent installers.
More Java Applets, More VBScript, More WMI!
* iKAT ActiveX
A newly developed ActiveX which focuses on Windows Shell hacking and process spawning.
The ActiveX is signed and provides a mad amount of functionality.
* iKAT OfficeKAT
Thanks to Didier Stevens who donated his “Excel Spawn CMD in Memory” trick to the iKAT project
OfficeKAT allows you to pop shell in environments where you can run Excel, what’s more you don’t need to write to the file system.
* iKAT SilverLight
SilverLight (and mono) are now supported by iKAT, and provide yet another attack vector for your pleasure
* Improved URI + File Handler Enumeration
Vastly improved enumeration code, more URI’s, more instant “One click magic”. I also added support some of the more interesting Microsoft based URI handler vulnerabilities released this year.
* Emo Kiosking – Crashing the Kiosk
The fastest way to get out of a browser jail environment is to simply CRASH IT.
Oddly enough this is also the easiest thing to do to a browser, and Emo-Kiosking has become a personal favourite trick of mine.
iKAT now supports over 60 different methods of crashing a browser, or a browser add-on
This allows you to quickly drop back to the desktop, often with only one click required.
We are in the testing phase of iKat so cannot comment much on this tool. We will keep you posted.
Download iKAT version 3 here
Searches leading to this post:how to do ikat methods, ikat kiosk tools, ikat v3 defcon, ikat windows, interactive kiosk attack tool, interactive kiosk attacking tool, kiosk attack, silverlight for kiosks
