The New Freedom

You’ve probably seen a kiosk at some point in your life. They’re the standalone computers you see in malls and lobbies all over the place. They’re typically just a browser and some software to stop you from doing anything else on the computer. This makes me sad. All that computing power just being used for reading email? These computers are yearning to unleashing their full potential. Plus, as we shall see, these computers are inherently untrustable, so you may need to get out of kiosk mode to make sure you aren’t being keylogged, or so you can install Firefox and Tor and browse anonymously, or you may just need terminal access.

A recent presentation at DefCon announced the release of iKat a suite of tools for experimenting with kiosk browsers. Before this, 0×000000 had some really good scripts for breaking broswers with javascript and the like. Unfortunately, most of these tools are geared towards Windows kiosks, and the ones near me run OSX. So.

I get an hour lunch break. I am bored. But, I have enough time to figure out how to crash our local macs running wKiosk, and to blog about how I did it. With time to get a banana and yoghurt.


First, reboot the computer by holding/spamming Command + Control + Eject (Top right button). (If that doesn't do it, run this Flash overflow exploit to crash wKiosk and then spam reboot.)

During startup, hold down shift to boot into safe mode, which should let you pick a user.

As you log in, hold down Command + D to force the dock.

Then, open up finder and terminal and have your fun. wKiosk might still pop up, but if you've got the finder running you should just be able to force it into the background.

Tada!

Update!:

This article had an interesting response in the comments here and on reddit. I wrote this article with the intention that somebody at a Mac kiosk would want to use a different program and type “hacking mac kiosks” into google and come here. But some of the readers have been unsatisfied by this as a ‘hack’ as, and I will admit, it is pretty tame as safe-mode doesn’t provide complete access to the operating system, although it will give access to the terminal, which was the point of the article. I left it alone there, but apparently some people need it spelled out for them. There are things called ‘rootkits’ which provide privilege escalation and the rest of the nasty goodness you might require. This is veering into script-kiddie territory which I’m not going to talk about explicitly in this post, but this is why consider physical access to terminal on any machine the same as ‘owned.’ It’s only one simple step farther.

Also!: Paul Craig, author of iKat, posted a comment down below, which is really cool. He’s promising a new version of iKat in the next few months with some more non-Windows specific sploits so hopefully we can just skip the emokiosking listed above. Will update when that happens!

Rich

---

Stumble! | Save This Page! |

6 Comments

Filed under Misc, hack