Post on 15-Apr-2017
Give me a stable point and i’ll hack the planet
whoami
Hacker : A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context. #RFC1392
What's this is
NOTABOUT
What's this is
ABOUT
Focus:
Why?
Not something “standard”
Bad airport connections :((lots of time spent in airports)
Curiosity
Challenge
Rules :
Escape the Luser jail || get cmd
Leave everything as found
Hands. No tools.(or less as possible / no highly technical stuff)
HowInputs:
Techniques:
⁍ Keyboard⁍ Mouse⁍ Touch screen⁍ Caméras…
⁍ Race condition⁍ Crash⁍ “Touchy touchy”⁍ URIs⁍ XSS, SQLi⁍ “Murphy” - Knock, knock.
+ Race condition.- Who's there?
A bad joke about “race condition”
An
d s
om
e m
ore
...:
)
Runs results
Disclamer : Evil is evil, so be good
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique:?????XSS
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique: XSS
Bardo <input type="file" class="upload">
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique: XSS
%windir%%appdata%%fnord%[…]%tmp%
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique: XSS
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique: XSS
Shodan to the rescue ;)
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique: XSS
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique: URIs
⁍ Location: FR ⁍ Device: Kiosk
⁍ Technique: URIs
⁍ Location: FR ⁍ Device: Internet kiosk⁍ Technique: If you wanna boot, boot into this.
⁍ Location: FR ⁍ Device: Museum gadget⁍ Technique: L.A.C.E.
⁍ Location: FR ⁍ Device: Museum gadget⁍ Technique: L.A.C.E.
L337 And Cool Equipment
⁍ Location: FR ⁍ Device: Museum gadget⁍ Technique: L.A.C.E.
⁍ Location: FR ⁍ Device: Museum gadget⁍ Technique: L.A.C.E.
⁍ Location: FR ⁍ Device: Renting
⁍ Technique: “Kevin Mitnick© style”
⁍ Location: FR ⁍ Device: Renting
⁍ Technique: “Kevin Mitnick© style”
⁍ Location: NL ⁍ Device: Elevator
⁍ Technique: Hidden menu
⁍ Location: FR ⁍ Device: Tickets
⁍ Technique: “Hidden” Keyboard
⁍ Location: FR ⁍ Device: Tickets
⁍ Technique: “Hidden” Keyboard
⁍ Location: FR ⁍ Device: Tickets
⁍ Technique: “Hidden” Keyboard
⁍ Location: FR ⁍ Device: Tickets
⁍ Technique: “Hidden” Keyboard
⁍ Location: FR ⁍ Device: Left 4 dead ?
⁍ Technique:
⁍ Location: FR ⁍ Device: « Display » screen
⁍ Technique: Pick and choose…
⁍ Location: FR ⁍ Device: Amex kiosk
⁍ Technique: “Hidden” Keyboard
⁍ Location: FR ⁍ Device: « Display screen »
⁍ Technique: Bluetooth
⁍ Location: FR ⁍ Device: « Display screen »
⁍ Technique: Bluetooth
⁍ Location: FR ⁍ Device: Shopper aid
⁍ Technique: “Human fuzzer”
⁍ Location: FR ⁍ Device: Shopper aid
⁍ Technique: “Human fuzzer”
⁍ Location: FR ⁍ Device: Shopper aid
⁍ Technique: “Human fuzzer”
Huh ?
⁍ Location: FR ⁍ Device: Shopper aid
⁍ Technique: “Human fuzzer”
⁍ Location: FR ⁍ Device: Shopper aid
⁍ Technique: “Human fuzzer”
~900$
⁍ Location: FR ⁍ Device: Ads
⁍ Technique: “Murphy law” / Shell happens
⁍ Location: RU ⁍ Device: Kiosk
⁍ Technique: “Murphy law” / Shell happens
⁍ Location: FR ⁍ Device: ATM
⁍ Technique: Wait for it
⁍ Location: FR ⁍ Device: ATM
⁍ Technique: Wait for it
⁍ Location: ES
⁍ Device: Banking change machine
⁍ Technique: Race condition
⁍ Location: FR ⁍ Device: ATM
⁍ Technique: “Murphy law”
« State of the art »(protections)
« State of the art »(protections)
Let’s summarize: ⁍ It was EASY
⁍ Internet access is often available
⁍ Many devices lacked updates, proper segmentation, antivirus
⁍ People supposed to supervise are clueless
⁍ Devices are CRITICAL or at least INTERESTING
Environment / RisksAirport networks:
⁍ “Standard” computers (Check-in, boarding controls...)
⁍ SCADA systems?
Money related devices:⁍ Free tickets :D
⁍ Banking information?
Critical devices:⁍ Lifts⁍ Smart grids, gas station near mail.ru office
What about…?
The cavalry is coming
I am the cavalry
Q&A
Finished already ?