Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


Zombifying infiokiosks and public terminals filter_list
Author
Message
unknownAttacker Offline
Senior Member
Twelve Years of Service
Posts: 333
Threads: 24
Reputation: 0

Points: 0NSP
Zombifying infiokiosks and public terminals 10-18-2012, 04:27 PM #1
Introduction

Infokiosks and public terminals make great zombies for your botnet. If exploited correctly, they'll be the most stable parts of your botnet, lastin not for weeks or months but for years.

Why?

It's simple: you can access them physically, they have constant internet access and they are rarely checked manually or formatted.

What to attack

Any infokiosk/interactive kiosk/intelligent kiosk (seriously, why so many names for this?) with access to wide internet through a web browser or with a USB port. Any public terminal or other publically available device that fufills those criteria (usually - any that can be operated with a touchscreen).

Preparation

Information gathering

Check what OS is in use on the victim machine. Prepare accordingly.

Disguise

This is a hack that you conduct in a public place, possibly watched by cameras. That's why you'll need a little bit of disguise. I don't mean anything fancy, just so that you'll be difficult to recognize through the low-quality security camera pictures. You know, wear clothing style you don't usually wear, different hairstyle (maybe wig or fake beard if you have a convincing one), hat/cap and glasses to cover yourself a bit. It's not an international spying mission, you'll just need to look a bit not like yourself. Also, be sure not to look conspiciously or out of place.

Timing

Kiosks and terminals are usually placed in crowded places so go after dark if possible. If not, just make sure there is no line of people waiting for their turn and watching you hack. Also, avoid security and police.

Software

If USB access possible, put a RAT, local OS exploit codes, wget and ncat (in case you can't run an RAT) on a pendrive. In all cases, make an iKAT Portable server, place a RAT and ncat somewhere that allows it to be downloaded easily with wget.

Attack

Open browser. If browser inaccessible and it's a touchscreen, try touching various corners (different combinations may work), swiping from corners etc. (might bring up start menu). Go to ikat.ha.cked.net. If it doesn't work, [anything].ha.cked.net, and if it doesn't work go to your ikat portable server. Now, ikat is very easy to use and in most cases will get you some system shells (fiddle around with it at home to learn). Simply use the tools provided.

If USB is available, put pendrive in. If couldn't use ikat, run priv-esc exploits from USB.

When privs escalated, temporarily disable the antivirus (enable it when leaving as disabled antivir is suspicious!). Get your RAT from server or USB, place somewhere on the system and run. Then add to antivir exceptions and turn the antivir on.

If can't run RAT, use ncat as described here: http://www.hackcommunity.com/Thread-Back...the-inside . You'll then need IP for ncat so go to http://www.whatsmyip.org/ .

What now?

If everything went right, you'll have a zombie. Kiosks, terminals etc. are good for botnets and good for keyloggers as a lot of people log in to different websites through them. They are also nice footholds into their LANs - and their LANs are often very interesting Cool

Reply

unknownAttacker Offline
Senior Member
Twelve Years of Service
Posts: 333
Threads: 24
Reputation: 0

Points: 0NSP
Zombifying infiokiosks and public terminals 10-18-2012, 04:27 PM #2
Introduction

Infokiosks and public terminals make great zombies for your botnet. If exploited correctly, they'll be the most stable parts of your botnet, lastin not for weeks or months but for years.

Why?

It's simple: you can access them physically, they have constant internet access and they are rarely checked manually or formatted.

What to attack

Any infokiosk/interactive kiosk/intelligent kiosk (seriously, why so many names for this?) with access to wide internet through a web browser or with a USB port. Any public terminal or other publically available device that fufills those criteria (usually - any that can be operated with a touchscreen).

Preparation

Information gathering

Check what OS is in use on the victim machine. Prepare accordingly.

Disguise

This is a hack that you conduct in a public place, possibly watched by cameras. That's why you'll need a little bit of disguise. I don't mean anything fancy, just so that you'll be difficult to recognize through the low-quality security camera pictures. You know, wear clothing style you don't usually wear, different hairstyle (maybe wig or fake beard if you have a convincing one), hat/cap and glasses to cover yourself a bit. It's not an international spying mission, you'll just need to look a bit not like yourself. Also, be sure not to look conspiciously or out of place.

Timing

Kiosks and terminals are usually placed in crowded places so go after dark if possible. If not, just make sure there is no line of people waiting for their turn and watching you hack. Also, avoid security and police.

Software

If USB access possible, put a RAT, local OS exploit codes, wget and ncat (in case you can't run an RAT) on a pendrive. In all cases, make an iKAT Portable server, place a RAT and ncat somewhere that allows it to be downloaded easily with wget.

Attack

Open browser. If browser inaccessible and it's a touchscreen, try touching various corners (different combinations may work), swiping from corners etc. (might bring up start menu). Go to ikat.ha.cked.net. If it doesn't work, [anything].ha.cked.net, and if it doesn't work go to your ikat portable server. Now, ikat is very easy to use and in most cases will get you some system shells (fiddle around with it at home to learn). Simply use the tools provided.

If USB is available, put pendrive in. If couldn't use ikat, run priv-esc exploits from USB.

When privs escalated, temporarily disable the antivirus (enable it when leaving as disabled antivir is suspicious!). Get your RAT from server or USB, place somewhere on the system and run. Then add to antivir exceptions and turn the antivir on.

If can't run RAT, use ncat as described here: http://www.hackcommunity.com/Thread-Back...the-inside . You'll then need IP for ncat so go to http://www.whatsmyip.org/ .

What now?

If everything went right, you'll have a zombie. Kiosks, terminals etc. are good for botnets and good for keyloggers as a lot of people log in to different websites through them. They are also nice footholds into their LANs - and their LANs are often very interesting Cool

Reply







Users browsing this thread: 1 Guest(s)