Hacking those lame kiosks & computer stations
by Evil1 (very old)
Ok, who here hasnt seen them these days? They are everywhere. At the mall, at the library, at school, at walmart, sears, target, etc. If your like me, your curious and want a way past them. This could be for a number of reasons ie; checking ones email, leaving your mark, showing off to friends and so on. Ok, so now what? Well first off you have to pick your target well. Pick something easy like one of those computers where you can apply for a job, or file a compilaint or leave a sugguestion. Pick something that has a visible computer, or atleast a real keybaord. If it doesnt have a keyboard, then forget it, it aint worth the time. Now its onward to section 1 - tools of the trade. You will get an idea of what you need to get the job done there.

Section 1: tools of the trade
When "hacking" those computer stations & kiosks, a few tools come in handy. they are as follow:
1. An attention span
2. A good excuse
3. A blank disk (or AOL disk if your that poor)
4. A usb thumb drive (borrow one you poor bastard)
5. A live version of linux
6. A computer at home
7. Some sort of password cracker

Great, so what do you do with them? That will be explained in section 3 - Tips and Tricks. First We'll discuss how to do this without tools.

Section 2: no tools, no problem
This section is for those random encounters with these computers, when your unprepared. Oncontraire`, your always prepared. The first step to hacking one of these machines is to get to the root of the computer (not root access...yet). Typically these machines run an NT version of windows, like nt 4 windows2k or xp. Most of the time, these machines are displays for the company displaying lame products, and allowing you to send complaints. They also have that lame windows restricted user feature where which you cant right click, or close the browser. That may stop the standard idiot, but not you. Try a combination of shift keys and alt keys. For example in internet explorer (including the nt 4 version) holding shift and clicking on a link will open a new window free from the full screened restrictiveness (is that a word?). Well so what, another window opened, big deal right? You betcha. You can now access more than you could before. Chances are good that if you typed "c:\" into the browser or "file://c:\" a browser alert message said "error, resource disallowed". With the new window opened, what can we do? Plenty. We can get access to notepad by viewing the source. We can attempt to add a bookmark or favorite place via the toolbar. We can browse the net via search. Yes we can...now what? Exploits my boy. We can get info on the computers. Many of these machines are for display only and never access the outside world known as the internet. It is this reason that they are rarely updated. These exploits and bugs can be used to access the rest of the machine. Which exploits and or bugs do you use? Thats up to you. Say for example i want to close internet explorer because its fullscreened and blocking the rest of the computers resources. I'd use the IE img bug. You make an image really bug using the html img tag's width and height properties thus causing IE to crash. Or the infamous javascript bug, where you add to an html doc and once again IE closes. If you cannot find an example page of the bugs, simply make one and host it on some free site. Its not actually with you, so its not a tool. Its good to be prepared. Ok, so lets assume we got internet explorer down. We have access to the drive. This means we can use all the programs windows comes with. Telnet, ftp, command prompt, and others. This can be used for accessing outside resources and gathering info on your target for later. Once we know what the computer has on it, then we can exploit it. One last tip, help works. Hold the windows key and press F1, or just press F1. From there, you can access outside resources to do your dirty work. Now, onward to section 3, were we learn about tips and tricks with our tools.

Section 3: Tips and Tricks
Wow, we can do alot without tools, think of what we can do with them. Lets take a look at the blank disk/AOL disk. Whats so great about that? Ever hear of a thing called autorun? Oh yeah, that thing that happens whenever i put in my favorite game. This is an awsome feature that can be used on our side. If you can code, great, if not, it aint that hard. Here is the basic rundown of an autorun file: An autorun file is a file named autorun.inf and is a file written to the root of a data CD. If a user's PC autorun has not been disabled (trust me, they rarely do), then the commands in autorun.inf will be executed when the CD is inserted. These commands include but are not limited to, running a setup.exe file on the disk, running exe's on the computer(like notepad and cmd), and much more. If you are a programmer, sweet. Now you can code a nice little program that will be executed once the disk is inserted. If not, oh well. Heres what a typical autorun file looks like:

[autorun]
OPEN=setup.exe

Thats it. 2 lines of code. OPEN=nameofexeondisk. Note: is HAS to be an exe. If i were to use the following:

[autorun]
OPEN=lol.txt

nothing would happen. The exe doesnt have to be on the disk either. It can be anywhere on the computer, provided you know the path to it. We know (hopefully) command prompt(cmd) is in the path 'C:\windows\system32\cmd.exe'. This can be placed into the autorun file. Example:

[autorun]
OPEN=C:\windows\system32\cmd.exe

The autorun.inf file can be made in notepad, as long as you name it autorun.inf and save it as 'all files' on a blank disk. Now i Can vouch for the poor hackers out there. I've been there. If you cant afford a blank CD, or dont have a burner (you poor bastard), use an AOL disk. These things are everywhere and already have an autorun file inside that lanches its lame ass setup prog. With the setup, you can use it access other commands, but it takes more work. Another thing, USB thumb drives can be used to autorun things too. They are quite useful as they can hold an array of tools, and be hotswapped. I love them and sugguest you get one if you dont already have one. The format for an autorun file on a usb drive is the same as above for a blank cd. Great, now you can execute programs and exploits. Thats find and dandy, but what if the exploits dont work? Well, you could always do the old live linux sam crack trick. It still works. You'll need a live linux distro like whax, knoppix, whoppix or slax. I perfer that you get one with a GUI as it looks less suspicious. You'll also need a thumb drive for this one. Your trying to get more than the sam file. You want the system file too as it contains the system encryption key. Having this drastically reduces your time for cracking the password at home. For those who don't know where the sam file is, its typically located in 'C:\windows\system32\config' and is locked from use while the computer is running. Hence the reason why we are using a live linux distro. First things first when copying files on a live linux distro to a thumb drive - setting drive properties. When you first run the linux distro, the harddrives properties are set as read only. Change this by right clicking on the drive and going into permissions. Now we can copy files. Mount the thumb drive (right click the drive and goto properties) and copy the sam and system files. The sam file is usually like 256k while the system file is anywhere from 1.5 to 4 megs in size. This is one reason why a floppy disk is useless. Once you have the sam and system files go ahead and reset the computer. It'll look like nothing had ever happened. Go ahead and head home to your box and start cracking. There are several good sam crackers out there like lophtcrack, but those suck compared to SamInside. Its 20 bucks for the full version, but the demo is free. If you need the full version *wink* email me. My email is at the bottom of the tut. The password usually isnt very big, so set the properties to about 7-8 chars. lower case + alpha numeric. It shouldnt take more than a day (usually justan hour or 2). Once the password is cracked, you can start having fun.

Section 4: now what?
Now what? This is the part where you become creative. You can do whatever you want. You own the computer (and prolly many other machines in the area. I list of ideas include: setting up a fake employee login page that sends you passwords (remember, they cant see the url under normal running circumstances). This can get you further into the company, but increases you chances of getting caught. You could show off to your friends that you are "1337" when you deciede to go to some store. You could impress the ladies with your tech sk1llz...yeah right. Its up to you.

Section 5: oh shit, busted
Things go really smooth if you follow my instructions, but what if theres an outside interference? By this I mean some asshole employee who thinks hes all that, or some manager whos been suspicious of you? Remeber the first and second tools of the trade? An attention span helps as you become self aware of whats going on around you. Rarely do people bug me when I do my business on these machines, but once in a while i get caught. What do i do? I use one of my lame excuses like "i was just checking my email". It works. Saying nothing, freaking out and running is the wrong thing to do. Try this in some store like Best Buy and chances are, they will tackle your ass thinking your a thief - that would suck. If you absolutely have to run, then BEFORE you goto the kiosk/computer station, have a plan of where your going to run or a general idea of the area. You dont have to run as you have done nothing wrong (especially if you reset the computer), you can ignore whos talking to you and walk away. If you think you can get away with running (meaning there are no cops or security, but your freaking out), go for it. The crazy approach works. Do you know what pocket sand is? Its sand you get from those ashtrays at hotels and fancy esturants that you carry in your pocket for protection. How in the hell is sand supposed to protect you? Its cheaper than mace, and faster than a gun. Be sure to yell "POCKET SAND!!!" before projecting the coarse material into the eyes of your assailant for the full effect. This gives you a nice 30 second window to run away. Thats a personal move of mine, but you'll prolly never use it. Be smart, be aware, and you'll be fine.

Section 6: Conclusion
Well thats all for now. You have the tools and the tricks to take out those lame kiosks and computer stations they have everywhere. You can own them and show off to your friends. I suck at endings as you can see. If you have any tips, questions, comments, or concerns, feel free to email me: Iamtheevil1@gmail.com