lktniloc

Pentest – Kiosk Penetration Test

Published by

lktniloc

on

Disclaimer: The following content is strictly for educational purposes. Please do not attempt the following on any public Kiosk without ownership consent.

The first step to any Kiosk Penetration test is to escape from the lock-in mode. The following are some interesting ways that we can potentially achieve this outcome.

  1. Interrupting Boot Process

It is usually rare that we will be able to witness the OS booting up, however we can easily trigger it by performing a hard reboot such as disconnecting it by pulling out the plug.

Through this, we can discover the OS of the kiosk and through the boot screen we may be able to gather more information.

  • What is the operating system that the kiosk is running on?
  • Does the boot process allows a user to perform keyboard input?
  • Are we able to enter BIOS mode?
  • Can we boot from a chosen media such as DVD or USB drive using the BIOS mode
  • Does the kiosk log in to a user account automatically?

2. USB

There are cases of kiosks having all their USB ports exposed. If an attacker were exposed with an USB port, there is a possibility that BadUSB can be performed on the Kiosk.

BadUSB is a security flaw where it allows attackers to smuggle malware on the devices effectively undetected.

Reference: https://www.theverge.com/2014/10/2/6896095/this-published-hack-could-be-the-beginning-of-the-end-for-usb

3. Keystrokes

Some keystrokes may allow interesting observations such as:

  • System Shortcuts: Ctrl-Alt-Del, Alt-Tab, Alt-F4, etc
  • Hardware Shortcuts: Intel Video Drivers Control Panel – Ctrl-Alt-F12
  • Windows Accessibility Shortcuts: Sticky Keys (Shift 5 times), High Contrast Mode (Left Alt Left Shift Print Screen)

4. Applications and Dialog Windows

Some cases of interactions such as the following may potentially allow the user to gain elevated access to the file system

  • Clicking on a email link
  • Clicking on a phone number
  • Clicking on a PDF document
  • Shortcuts specific to the Kiosk

5. Kiosk Web Browser

In the event that you have access to a kiosk web browser, these are some things that you can attempt.

  • Browsing to local file system (i.e. “C:…”)
  • Browsing to other websites
  • Clicking on links for email addresses, phone numbers and PDF documents
  • Trigger error on Web application
  • SQL injection

Leave a comment



Hello Visitor,

Welcome to my cozy corner featuring sharing of cybersecurity matters. I am an industry practictioner with several years of experiences in Offensive, GRC, Incident Response and Auditing. Join me on my journey!

Recent posts