Much like CTRL ALT DEL, but skips the step of clicking Task Manager on the security screen. You could also right click on an installed printer and view its help (Method 3, and see F1 section below).ĬTRL SHIFT ESC: Opens Windows Task Manager This way, you may see what is behind the main window.įrom here, you can click the “Find Printer” button, go to help, and break out via file Menu or Right Click “View Source”. From there use File ->New Task (Run…) (Method 1).įrom here you may be able to right click, open, and get an explorer menu (Method 2).įrom the start menu you may be able to get to someplace else, assuming Explorer is even running as the shell.ĬTRL F4: Closes the current Multiple Document Interface (MDI) window The current window may not have a way to escape, but if other software is running in the background you may find an escape there.ĬTRL ALT DEL: Task Manager or Windows Security Screenīrings up a dialog on which one option is to start Task manager. Minimizing or resizing may let you get at what is behind the POS/Kiosk window. Has not been set to run something other than Explorer as the shell.ĭisplays the main window’s System menu as if you clicked on the icon in the top left of the window. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell Killing POS/Kiosk software may drop you to normal desktop. Some of the title descriptions are copied from Microsoft’s knowledge base article. If you can’t right click, try CTRL Left Click as a substitute or dragging an EXE onto cmd.exe to make it run. You could also click somewhere in the file selection pane and hit CTRL N to make a new Explorer window so you don’t have to Right Click->Open. You may have to set the File Name input box to *.* or *.EXE and hit enter to see the files you want to Right Click->Open and run. This method uses the fact that by default if you can get to a File Save/Open dialog, you can right click an EXE, then select Open from the right click drop down menu (Do not click Open or Save on the dialog window itself or you may corrupt a file, only on the menu that comes up from right clicking). Get Task Manager (taskmgr.exe) up and use File ->New Task (Run…) File menu item to run the program you want.īring up Windows Explorer in Windows (if it happens to be to an Internet Explorer window, just type in C:\ in the URL bar), then find an EXE you want to run (C:\Windows\System32\ is a good place to look for CMD.exe, Explorer.exe, Taskmgr.exe, regedt32.exe, etc.) and double click it. To save space, I will continue to refer back to three basic methods of escaping a captive shell like you will encounter on POS systems: If you don’t have any Kiosk/POS software around to test against I recommend setting up Internet Explorer in kiosk mode using the -k option: iexplore -k To that end, I decided to collect and note common Windows keyboard shortcuts you can use to bypass, escape, or kill kiosk/POS software and get at the data goodies. That said, sometimes an attacker will not have time to dismantle a machine and take its hard drive since it would look too suspicious, or the system may need to stay powered on. Opening the case and pulling the drive, or even just booting from your own media can of course get around the shell level software protections of POS/kiosk software. If someone can freely look around the hard drive, all sorts of things that an attacker might find useful can be found, like autologon credentials, private data, backend connection strings, etc. The captive kiosk/POS software is normally meant to only allow users to do a set number of tasks and to limit the data that is viewable. This axiom definitely applies to public kiosks and in some cases point of sale systems (also known as POS, Point Of Interaction, electronic registers, etc.) depending on how much you trust your employees. With enough time, and baring well-implemented cryptography, someone will get to the data on the system eventually. There is an old axiom that goes something like “If an enemy has physical access to your box, it is no longer your box”. By TrustedSec in Penetration Testing, Security Testing
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |