iKAT – Interactive Kiosk Attack Tool v3

The New Acunetix V12 Engine


iKAT was designed to aid security consultants with the task of auditing the security of a Windows based internet Kiosk terminal. iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionality. This tool should be (and is) used by Kiosk vendors/developers/suppliers to test the security of their own Kiosk products.

Designed as a SaaS, iKAT features many methods of escaping out of a browser jailed environment and gaining command execution. iKAT is a website you visit from a Kiosk, its quick, free, and aims to please. iKAT is solely developed by myself (Paul Craig) a Kiosk hacking enthusiast from New Zealand.

Whats New in iKAT v3

Signed Code
All iKAT tools, VBScripts, ActiveXs, ClickOnce, SilverLight apps are now signed by a trusted CA! Four months ago i placed a “Donate Now” button on the front page of iKAT, hoping to raise money for a code signing certificate Sadly only two people donated cash (Enrique Exposito Martinez and Gerald Fehringer, you guys rock) Luckily a Kiosk vendor was willing to come to the party and donate the remaining cash. Big thanks to Kioware Kiosks, who kindly donated the remaining money. All iKAT tools are now signed by a trusted CA.

More Tools
iKAT now contains more tools packaged in different containers, file formats, PDFs, and even silent installers. More Java Applets, More VBScript, More WMI!


iKAT ActiveX
A newly developed ActiveX which focuses on Windows Shell hacking and process spawning. The ActiveX is signed and provides a mad amount of functionality.

iKAT OfficeKAT
Thanks to Didier Stevens who donated his “Excel Spawn CMD in Memory” trick to the iKAT project OfficeKAT allows you to pop shell in environments where you can run Excel, what’s more you don’t need to write to the file system.

iKAT SilverLight
SilverLight (and mono) are now supported by iKAT, and provide yet another attack vector for your pleasure

Improved URI + File Handler Enumeration
Vastly improved enumeration code, more URI’s, more instant “One click magic”. I also added support some of the more interesting Microsoft based URI handler vulnerabilities released this year.

Emo Kiosking – Crashing the Kiosk
The fastest way to get out of a browser jail environment is to simply CRASH IT. Oddly enough this is also the easiest thing to do to a browser, and Emo-Kiosking has become a personal favourite trick of mine. iKAT now supports over 60 different methods of crashing a browser, or a browser add-on This allows you to quickly drop back to the desktop, often with only one click required.

To use iKat just visit the following URL in a kiosk system browser:

http://ikat.ha.cked.net

Posted in: Hacking Tools, Hardware Hacking


Latest Posts:


dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.


Comments are closed.