Main:advertisement
Exploiting the Uniguest kiosk system
I don’t know how often I’ve gone to a motel and saw that accursed 9.95$ for one night of internet and found myself thinking screw that crap. Well after some touring a majority of people in the same situation as me stumbled across the business center and saw free access computers with internet. You immediately check out the system (assuming you remembered that danged room key) and look at the computer wondering what the heck type of system it’s running.
The two most common systems I’ve seen on my travels are the iBahn and Uniguest systems, both are based off of Windows XP and IE 6 from analysis. The one I will deal with in this paper is the Uniguest system.
As a common teenager I felt a compulsive desire to look at my Facebook but much to my annoyance the site was blocked from the login afterwards, but I really have to wonder about the competence of the Uniguest developers after what I found. After attempting to login to facebook it immediately blanked the page and halted loading, so I typed in facebook.com to the address bar and bingo, I was in, easy as that. It’s a miracle I didn’t attract security with the compulsive laughing that followed as simply exiting the popups allowed me to browse freely. It was at this point I wondered what exactly was possible with the system.
I put in a jump drive in attempts to access a few files I had that I needed to finish up for a class to find that the jump drive was inaccessible and conveniently missing from the file browser. Being that the system is seemingly based entirely off of IE 6 I used the browser to open the file, strangely it worked. I got curious again, though attempts to relocate to the C drive were unsuccessful at best, they at least covered that much.
It also seems that executable files are completely blocked on the system, which I can’t say surprised me. The only openable files are the ones that the system had “programs” for.
For whatever reason I hit the escape key while browsing to try and exit a window and found something of extreme interest: Unlock System. You can imagine what could happen from here but alas time was not in my favor on this one.
Past this I didn’t have any time left to experiment but I do have theories as to further exploitations that may be available to use. If anyone tries these I am not responsible for what may happen.
Theory 1: System is completely based off of iFrame or related media inside IE6. Crashing IE6 may generate hole.
Theory 2: Most file navigation is blocked, though some files are still available, possibility that filter is selective rather than all-inclusive, possible hole.
Theory 3: Possibility that not all extensions are blocked, seeing as IE6 is vulnerable to multiple exploitations already as well as WinXP it is plausible that ActiveX or other common holes can be used to install programs and bypass kiosk software.
Theory 4: If theory 3 holds true installation of basic keylogger or other viral program may be possible allowing complete manipulation of system. Also could allow installation of FireFox or other browser which would likely be unrestricted.
Theory 5: Aurora may be usable if willing to pay for Internet access or T3 holds true and shell exploitation software is installed.
Have fun and remember I’m not responsible for anything that may happen as a result of using anything in this tutorial.
The two most common systems I’ve seen on my travels are the iBahn and Uniguest systems, both are based off of Windows XP and IE 6 from analysis. The one I will deal with in this paper is the Uniguest system.
As a common teenager I felt a compulsive desire to look at my Facebook but much to my annoyance the site was blocked from the login afterwards, but I really have to wonder about the competence of the Uniguest developers after what I found. After attempting to login to facebook it immediately blanked the page and halted loading, so I typed in facebook.com to the address bar and bingo, I was in, easy as that. It’s a miracle I didn’t attract security with the compulsive laughing that followed as simply exiting the popups allowed me to browse freely. It was at this point I wondered what exactly was possible with the system.
I put in a jump drive in attempts to access a few files I had that I needed to finish up for a class to find that the jump drive was inaccessible and conveniently missing from the file browser. Being that the system is seemingly based entirely off of IE 6 I used the browser to open the file, strangely it worked. I got curious again, though attempts to relocate to the C drive were unsuccessful at best, they at least covered that much.
It also seems that executable files are completely blocked on the system, which I can’t say surprised me. The only openable files are the ones that the system had “programs” for.
For whatever reason I hit the escape key while browsing to try and exit a window and found something of extreme interest: Unlock System. You can imagine what could happen from here but alas time was not in my favor on this one.
Past this I didn’t have any time left to experiment but I do have theories as to further exploitations that may be available to use. If anyone tries these I am not responsible for what may happen.
Theory 1: System is completely based off of iFrame or related media inside IE6. Crashing IE6 may generate hole.
Theory 2: Most file navigation is blocked, though some files are still available, possibility that filter is selective rather than all-inclusive, possible hole.
Theory 3: Possibility that not all extensions are blocked, seeing as IE6 is vulnerable to multiple exploitations already as well as WinXP it is plausible that ActiveX or other common holes can be used to install programs and bypass kiosk software.
Theory 4: If theory 3 holds true installation of basic keylogger or other viral program may be possible allowing complete manipulation of system. Also could allow installation of FireFox or other browser which would likely be unrestricted.
Theory 5: Aurora may be usable if willing to pay for Internet access or T3 holds true and shell exploitation software is installed.
Have fun and remember I’m not responsible for anything that may happen as a result of using anything in this tutorial.
Posted by 
