vegettoxp Posted January 22, 2010 Share Posted January 22, 2010 Hello there Guys, as always I need your yours help. I got hired by this Big Communication Company (Wink Wink) for IT Position and this is my first ever IT Position and I got assigned a project. One of other personal created a Win 7 Kisok Image and I was told to poke the Image and look for all the Back Doors that a EU can use to get into the PC. I am not a hacker, but I would like to get a jump start and get some Ideas of what things do I look for. Please guys, if you can give me some ideas, so I can get this project done. Thank you for all your help Guys.Fusion Link to comment Share on other sites More sharing options...
MrJinje Posted January 22, 2010 Share Posted January 22, 2010 Haven't seen a Windows 7 in kiosk mode yet, I guess we start with the basics and work from there. First back door of every kiosk is Ctrl+Alt+Delete, see if hitting that allows you to access the Task Manager, from there people can start a new process and that is one "back door". Another way is to hit alt+f4 to close the kiosk application and try to get to the desktop somehow. From their they can possibly get to the file-system. Yet another method is the start menu button on the keyboard, don't really want your kiosk users opening any program other than the kiosk approved programs, right.These are just to get you started, you can kinda see the theme (hot-key combo's), best bet is to get a list of all known Windows 7 hot-key combos and run through the whole list. Here is a list of the 21 new Windows 7 combo's. We'll get you a list of the older combo's later on (or just google). http://brandonlive.com/2009/01/10/windows-...ey-cheat-sheet/Obvious holes in the new list include the Win+Down, Win+Home, Win+Space. You get the idea. Once you have identified a bunch of these known back-doors, then we can work on figuring the easiest way to close them. I guess some of the taskbar modifiers could be problematic if the user can gain access to the desktop/taskbar area. The one that sticks out is the Ctrl+Shift+Click Taskbar Icon, which would spawn the app with administrative access if not locked down. Link to comment Share on other sites More sharing options...
cluberti Posted January 22, 2010 Share Posted January 22, 2010 Easy - think of something you don't want an end-user doing on the system, and then try to achieve it. I'm sure you can think of some creative things to try . Link to comment Share on other sites More sharing options...
vegettoxp Posted January 22, 2010 Author Share Posted January 22, 2010 U guys are awesome. This is a good start for me. The Kisok Image was just developed Today and me and couple of my other personal were handed this task. Link to comment Share on other sites More sharing options...
iamtheky Posted January 22, 2010 Share Posted January 22, 2010 (edited) whats the kiosk for, how much UI? if it is very limited user interaction there might be very global things you can remove or keys you can bind.... Maybe subbing out the physical keyboard for an osk. Edited January 22, 2010 by iamtheky Link to comment Share on other sites More sharing options...
vegettoxp Posted January 23, 2010 Author Share Posted January 23, 2010 Well this Kiosk Image is for EU Customer. They can use this PC to checkout the latest product lineup and our services. The Image is already been made. I am just looking around for the back dorrs, so we can close them before the final version is out. I believe common people don't know whole alot about the Setup, but I am pretty sure there will be some Smart Person, who will try to poke around and mess up the PC. Link to comment Share on other sites More sharing options...
Tripredacus Posted January 25, 2010 Share Posted January 25, 2010 Well this Kiosk Image is for EU Customer. They can use this PC to checkout the latest product lineup and our services. The Image is already been made. I am just looking around for the back dorrs, so we can close them before the final version is out. I believe common people don't know whole alot about the Setup, but I am pretty sure there will be some Smart Person, who will try to poke around and mess up the PC.Check out Windows shortcut keys. Make sure the user can't get access to the system with them or the mouse if it has one. I've done some Kiosk testing in my time... Stuff to look out for:1. Ability to get to notepad, or any help (CHM) file.2. Ability to get to the Accessibility Center (Windows + U or L?)3. Yes ALT+CTRL+DEL of course4. right-click and option for save as, view source, other browser type options.5. Access to Sticky-Keys from holding down SHIFT too long.Now these methods aren't "back doors" they are more like security failures in image development. I am presuming you are just testing for ways to get into the system from the Kiosk itself correct? Are they connected to the internet? Do they have WiFi or Bluetooth enabled? Are there any exposed ports? Link to comment Share on other sites More sharing options...
iamtheky Posted January 25, 2010 Share Posted January 25, 2010 How are they performing this task "checkout the latest product lineup and our services?"browsing your site, watching a video, controlling a slide show, controlling an app?--in a small script you can bind away keys or restrict their cursor to your frame, the question is how much interaction does your user need? imho, it is much easier to start with no control and work forward than vice versa.other ideas:*make sure the BIOS is set to only boot from the physical/network disk, and then pw protect that. *Disable external ports/ usb and such. Link to comment Share on other sites More sharing options...
vegettoxp Posted January 25, 2010 Author Share Posted January 25, 2010 Well this Kiosk Image is for EU Customer. They can use this PC to checkout the latest product lineup and our services. The Image is already been made. I am just looking around for the back dorrs, so we can close them before the final version is out. I believe common people don't know whole alot about the Setup, but I am pretty sure there will be some Smart Person, who will try to poke around and mess up the PC.Check out Windows shortcut keys. Make sure the user can't get access to the system with them or the mouse if it has one. I've done some Kiosk testing in my time... Stuff to look out for:1. Ability to get to notepad, or any help (CHM) file.2. Ability to get to the Accessibility Center (Windows + U or L?)3. Yes ALT+CTRL+DEL of course4. right-click and option for save as, view source, other browser type options.5. Access to Sticky-Keys from holding down SHIFT too long.Now these methods aren't "back doors" they are more like security failures in image development. I am presuming you are just testing for ways to get into the system from the Kiosk itself correct? Are they connected to the internet? Do they have WiFi or Bluetooth enabled? Are there any exposed ports?Yup, u are right. I am just tetsing to see if a Well Tech personal can get into the system screw it up. Delete files, Crash system or install Virus or Spyware. I have tested all your recommendation and all is good. None of them work. However here is what I have found so far. I have Full Access to Notepad, which I read is a BIG NO NO and I also have access to CMD.EXE. I can also Browse the entire C:\Windows and Up. I can't modifty system based stuff. Any Big Issued with these findings?Thank You for all your Help Guys Link to comment Share on other sites More sharing options...
cluberti Posted January 26, 2010 Share Posted January 26, 2010 Yeah, because notepad gives you access to explorer, the system32 directory contains the script host (amongst other things). I'd say, bad security already. Link to comment Share on other sites More sharing options...
MrJinje Posted January 26, 2010 Share Posted January 26, 2010 (edited) Don't worry, very easy to disable notepad.exe, cmd.exe with a group policy. Follow the method described in the link.http://www.technipages.com/prevent-users-f...n-programs.htmlBut instead of only following the prevent method, use a combination of both the prevent method, and the Run only Specified Windows applications, to lock down any random applications we haven't thought of. Read the documentation closely for the limitations of doing so, it is not as cut and dry as it sounds. Also note that Task Manager has it's own disable setting. Edited January 26, 2010 by MrJinje Link to comment Share on other sites More sharing options...
cluberti Posted January 26, 2010 Share Posted January 26, 2010 Correct - it would be far better to whitelist applications than to try and lock things down as they pop up. Link to comment Share on other sites More sharing options...
vegettoxp Posted January 26, 2010 Author Share Posted January 26, 2010 o u guys are awesome. Thank you for all the help. I was playing with the image and there isn't whole alot of applications that are be used on this image. It is more of an Internet Based Access. So I guess our job is to find any back doors that can be to crash or hack into the system. Run unwanted malware. To be honest, the time that I have been there, I have already deployed Win XP Kiosk Image and so far no problems has been reporetd. I guess since this is an New OS Win 7, we just wanted to make sure that nothing is left open. I will defenitally talk about the Notepad.exe and CMD.EXE Access. I played with both of them and so far no harm done. But then again, I am no Hacker, so my brain doesn't work like a hacker. Not all are bad, just here and there. Again thnaks a lot for the help guys.Josh Link to comment Share on other sites More sharing options...
iamtheky Posted January 26, 2010 Share Posted January 26, 2010 (edited) "Internet Based Access"are they restricted to your domain/site/webapp or do they have the entirety of the internet?do they have access to the address bar or other browser properties?Though if you have an xp kiosk image with cmd and notepad available, I dont think anyone is trying too incredibly hard to gain access. Edited January 26, 2010 by iamtheky Link to comment Share on other sites More sharing options...
gosh Posted January 27, 2010 Share Posted January 27, 2010 just down shift key on startup to bypass startup items. Try to change the IE proxy. Try to change dns server to bypass any filtering. If locked down try to open windows help, then search for games, you can open notepad that way. There's lots of ways around restrictions. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now