iKAT - Interactive Kiosk Attack Tool v2013 (Desktop Edition)

iKAT logo

iKAT was designed to aid security consultants with the task of auditing the security of browser controlled environments such as Kiosks, Citrix Terminals and WebTV's by providing methods to access the underlying operating system and automatically escalate local privileges.

This is the Desktop edition of iKAT and is 100% free to use - however, modifications to iKAT, the iKAT Logo, or any of the iKAT tools is explicitly not permitted. iKAT Professional is available from the iKAT Store and allows you to modify the look and feel of iKAT along with a suite of other new tricks and attacks.

Available Versions:

Windows // Linux



  • Auto Exploitation→ x

    Automatic Exploitation of any browser based enviroment.

    iKAT Auto-Hack

    Just click Go and say Yes to any box that pops up on screen, thousands of shells will appear.

    Meta Sploit Browser AutoPWN

    Only Launch the Metasploit Browser AutoPWN utility.

    Choose an option from the menu.

    Automatic Exploitation

    MetaSploit Browser AutoPWN

  • Reconnaissance → x

    Tools for determining information about your target.

    Target Information

    Detect as much as you can about your target and the available attack vectors.

    Remote Server Variables

    Remote server variables will disclose the remote address of the Kiosk and User Agent Value.

    Global Flash Settings

    Offsite link to Adobe's Global Storage Settings panel.

    File Reflection

    File reflection will allow you to use the iKAT server to view local system files, this is handy when you do not have the ability to load an external application such as a file viewer. Upload the file to iKAT, and iKAT will parse and return the files contents back to you. Don't worry, all files are deleted after being uploaded.

    Choose an option from the menu.

    Local Browser Variables

    Remote Server Variables

    File Reflection

    Select a plaintext or binary file and use iKAT to view the file contents through the magic of Reflection.

  • File System Links →x

    Access the local filesystem to reveal useful files and directories.

    Links you Copy/Paste

    Useful URLs to enter into a browser address bar.

    Shell URI Handler Links

    All of the registered Windows Shell URI handlers you can enter into a browser address bar.

    Choose an option from the menu.

    HREF File System Links

    Each of the iFrames below will attempt to access the local filesystem. Remote websites are typically not prohibited to link to the local filesystem, thanks to some additions made to the browser security model (circa 2003).

    Manual Entry File System Links

    Modern browsers disallow any interaction between security zones (Such as the Internet & Local System). Because of this iKAT is unable to reliably provide clickable links into your filesystem, or to local URI handlers. As a user in front of a Kiosk you are capable of accessing all zones, and can access the local file system by typing in URLs yourself.

    The following URLs should be entered into your browsers URL entry bar by hand. This method will only work if you have a URL entry bar.

    Shell Handler Links

    A list of Shell handler URI's, as each URI is unable to be accessed from the internet zone, you will need to copy/paste each URI into the address bar.

    The following URLs should be entered into your browsers URL entry bar by hand. This method will only work if you have a URL entry bar.

  • Common Dialogs→ x

    Spawn Common Dialogs such as File/Open, File/Print, File/Save etc.

    Common Dialogs via HTML

    Spawn Common Dialogs, these Dialogs contain SHELL32/Explorer functionality and can be used to browse the file system.

    Common Dialogs via Flash

    Spawn Common Dialogs via Flash.

    Choose an option from the menu.

    Common Dialogs via HTML

    Common Dialogs via Flash

  • URI Handlers → x

    Tools for determining information about your target.

    Manual Invocation

    Manual links to each known URI handler.

    Automatic Invocation

    Automatically invoke all known URI handlers and thier handling application through JavaScript.

    Choose an option from the menu.

    URI Handlers - Manual

    URI Handlers - Automatic

  • File Handlers → x

    Enumerate all registered File Handlers and spawn the handling application.

    Manual Invocation

    Manual links to each file type.

    Automatic Invocation

    Automatically invoke all known file types and spawn the handling application through JavaScript.

    Choose an option from the menu.

    File Type Handlers - Manual

    File Handlers - Automatic

  • Browser Addons → x

    Browser plugins and addons to aid your exploitation attempts.

    Java Applets

    Got Java? We have shells.

    .NET ClickOnce

    If the .NET CLR v2.0+ is installed there is a good chance you can launch .NET ClickOnce Applications.

    ActiveX Controls

    Install the iKAT ActiveX for an instant win.

    Firefox Addons

    Install the iKAT FireFox XPI, this XPI will deploy an agent and give you the maxium number of shells.

    JavaScript Console

    A full inline JavaScript console

    Choose an option from the menu.

    Java

    .NET ClickOnce Addon

    ActiveX

    iKAT FireFox XPI

    JavaScript Console

  • FireFox Resources→ x

    Tools for determining information about your target.

    FireFox XUL Paths

    Copy/Paste each of these links into the URL field to gain access to the FireFox tools/options and configurations.

    Firefox Addons

    Install the iKAT FireFox XPI, this XPI will deploy an agent and give you the maxium number of shells.

    Choose an option from the menu.

    FireFox URL Paths

    Install iKAT FireFox XPI

  • iKAT Tools→ x

    A complete armory of tools designed to aid your exploitation attempts.

    Test Download Ability

    Try all methods of downloading files to see which method works best.

    Binary Tools

    Native Win32 Binaries for various exploitation tasks.

    Unlocked Binaries

    The following files have been patched to ignore any local security policies such as Local Group Policy. Attempts have also been made to bypass Hash, Certificate and Filename based Software Restriction Policies.

    Microsoft Office Documents

    An assortment of Microsoft Office documents which can be used for a variety of malicious purposes.

    Acrobat Documents

    An assortment of Acrobat files pre-loaded with the iKAT Agent, each file will attempt to exploit Acrobat PDF Reader, connect back to iKAT and produce multiple privledged shells.

    Choose an option from the menu.

    Test Download Ability

    iKAT Tools

    Unlocked Windows Binaries

    iKAT Tools in Microsoft Document Files

    iKAT Tools in Acrobat Documents

  • Crash a Kiosk→ x

    Attempt to Crash the Kiosk and gain access to the underlying OS

    Crash the Kiosk using HTML Syntax Vulnerabilities

    Automatically spawn HTML content in an attempt to crash the Kiosk, crashing a Kiosk will often lead to the Kiosk application closing and underlying OS being exposed.

    Crash the Kiosk using browser addons/plugins.

    Automatically spawn browser addon content such as Flash and PDF files in an attempt to crash the Kiosk's main process.

    Choose an option from the menu.

    Crash the browser enviroment using HTML content.

    Crash the browser enviroment using Flash/PDF content.

  • Donate & Credits→ x

    Donations, Credits and Contact Information

    Donate to iKAT

    iKAT Desktop is 100% donateware. If you have used iKAT Desktop to pop shells, or appreciate the hard work invested in iKAT - Please donate.. Donations go towards the running costs of ikat.ha.cked.net.

    iKAT Credits

    Thanks to those who have made this project possible

    Choose an option from the menu.

    Donate to iKAT

    Credits

    Contact iKAT / Feedback

©2013 Paul Craig // paul at ha.cked.net

Credits
Illustration // Vivien Masters
Website design // Melanie Wilke