Jump to content

Need Your Help Guys


vegettoxp

Recommended Posts

Hello there Guys, as always I need your yours help. I got hired by this Big Communication Company (Wink Wink) for IT Position and this is my first ever IT Position and I got assigned a project. One of other personal created a Win 7 Kisok Image and I was told to poke the Image and look for all the Back Doors that a EU can use to get into the PC. I am not a hacker, but I would like to get a jump start and get some Ideas of what things do I look for.

Please guys, if you can give me some ideas, so I can get this project done. Thank you for all your help Guys.

Fusion

Link to comment
Share on other sites


Haven't seen a Windows 7 in kiosk mode yet, I guess we start with the basics and work from there. First back door of every kiosk is Ctrl+Alt+Delete, see if hitting that allows you to access the Task Manager, from there people can start a new process and that is one "back door". Another way is to hit alt+f4 to close the kiosk application and try to get to the desktop somehow. From their they can possibly get to the file-system. Yet another method is the start menu button on the keyboard, don't really want your kiosk users opening any program other than the kiosk approved programs, right.

These are just to get you started, you can kinda see the theme (hot-key combo's), best bet is to get a list of all known Windows 7 hot-key combos and run through the whole list. Here is a list of the 21 new Windows 7 combo's. We'll get you a list of the older combo's later on (or just google).

http://brandonlive.com/2009/01/10/windows-...ey-cheat-sheet/

Obvious holes in the new list include the Win+Down, Win+Home, Win+Space. You get the idea. Once you have identified a bunch of these known back-doors, then we can work on figuring the easiest way to close them. I guess some of the taskbar modifiers could be problematic if the user can gain access to the desktop/taskbar area. The one that sticks out is the Ctrl+Shift+Click Taskbar Icon, which would spawn the app with administrative access if not locked down.

Link to comment
Share on other sites

whats the kiosk for, how much UI? if it is very limited user interaction there might be very global things you can remove or keys you can bind.... Maybe subbing out the physical keyboard for an osk.

Edited by iamtheky
Link to comment
Share on other sites

Well this Kiosk Image is for EU Customer. They can use this PC to checkout the latest product lineup and our services. The Image is already been made. I am just looking around for the back dorrs, so we can close them before the final version is out. I believe common people don't know whole alot about the Setup, but I am pretty sure there will be some Smart Person, who will try to poke around and mess up the PC.

Link to comment
Share on other sites

Well this Kiosk Image is for EU Customer. They can use this PC to checkout the latest product lineup and our services. The Image is already been made. I am just looking around for the back dorrs, so we can close them before the final version is out. I believe common people don't know whole alot about the Setup, but I am pretty sure there will be some Smart Person, who will try to poke around and mess up the PC.

Check out Windows shortcut keys. Make sure the user can't get access to the system with them or the mouse if it has one. I've done some Kiosk testing in my time... Stuff to look out for:

1. Ability to get to notepad, or any help (CHM) file.

2. Ability to get to the Accessibility Center (Windows + U or L?)

3. Yes ALT+CTRL+DEL of course

4. right-click and option for save as, view source, other browser type options.

5. Access to Sticky-Keys from holding down SHIFT too long.

Now these methods aren't "back doors" they are more like security failures in image development. I am presuming you are just testing for ways to get into the system from the Kiosk itself correct? Are they connected to the internet? Do they have WiFi or Bluetooth enabled? Are there any exposed ports?

Link to comment
Share on other sites

How are they performing this task "checkout the latest product lineup and our services?"

browsing your site, watching a video, controlling a slide show, controlling an app?

--in a small script you can bind away keys or restrict their cursor to your frame, the question is how much interaction does your user need?

imho, it is much easier to start with no control and work forward than vice versa.

other ideas:

*make sure the BIOS is set to only boot from the physical/network disk, and then pw protect that.

*Disable external ports/ usb and such.

Link to comment
Share on other sites

Well this Kiosk Image is for EU Customer. They can use this PC to checkout the latest product lineup and our services. The Image is already been made. I am just looking around for the back dorrs, so we can close them before the final version is out. I believe common people don't know whole alot about the Setup, but I am pretty sure there will be some Smart Person, who will try to poke around and mess up the PC.

Check out Windows shortcut keys. Make sure the user can't get access to the system with them or the mouse if it has one. I've done some Kiosk testing in my time... Stuff to look out for:

1. Ability to get to notepad, or any help (CHM) file.

2. Ability to get to the Accessibility Center (Windows + U or L?)

3. Yes ALT+CTRL+DEL of course

4. right-click and option for save as, view source, other browser type options.

5. Access to Sticky-Keys from holding down SHIFT too long.

Now these methods aren't "back doors" they are more like security failures in image development. I am presuming you are just testing for ways to get into the system from the Kiosk itself correct? Are they connected to the internet? Do they have WiFi or Bluetooth enabled? Are there any exposed ports?

Yup, u are right. I am just tetsing to see if a Well Tech personal can get into the system screw it up. Delete files, Crash system or install Virus or Spyware. I have tested all your recommendation and all is good. None of them work.

However here is what I have found so far. I have Full Access to Notepad, which I read is a BIG NO NO and I also have access to CMD.EXE. I can also Browse the entire C:\Windows and Up. I can't modifty system based stuff. Any Big Issued with these findings?

Thank You for all your Help Guys

Link to comment
Share on other sites

Don't worry, very easy to disable notepad.exe, cmd.exe with a group policy. Follow the method described in the link.

http://www.technipages.com/prevent-users-f...n-programs.html

But instead of only following the prevent method, use a combination of both the prevent method, and the Run only Specified Windows applications, to lock down any random applications we haven't thought of. Read the documentation closely for the limitations of doing so, it is not as cut and dry as it sounds.

runkiost.png

Also note that Task Manager has it's own disable setting.

Edited by MrJinje
Link to comment
Share on other sites

o u guys are awesome. Thank you for all the help. I was playing with the image and there isn't whole alot of applications that are be used on this image. It is more of an Internet Based Access. So I guess our job is to find any back doors that can be to crash or hack into the system. Run unwanted malware. To be honest, the time that I have been there, I have already deployed Win XP Kiosk Image and so far no problems has been reporetd. I guess since this is an New OS Win 7, we just wanted to make sure that nothing is left open.

I will defenitally talk about the Notepad.exe and CMD.EXE Access. I played with both of them and so far no harm done. But then again, I am no Hacker, so my brain doesn't work like a hacker. Not all are bad, just here and there. Again thnaks a lot for the help guys.

Josh

Link to comment
Share on other sites

"Internet Based Access"

are they restricted to your domain/site/webapp or do they have the entirety of the internet?

do they have access to the address bar or other browser properties?

Though if you have an xp kiosk image with cmd and notepad available, I dont think anyone is trying too incredibly hard to gain access.

Edited by iamtheky
Link to comment
Share on other sites

just down shift key on startup to bypass startup items. Try to change the IE proxy. Try to change dns server to bypass any filtering. If locked down try to open windows help, then search for games, you can open notepad that way. There's lots of ways around restrictions.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...