pen-testing an information kiosk (breaking out of the application)
From: bugtraq@oechslin.net
Date: 04/23/03
- Previous message: Christopher W. Morris: "RE: LC4 (L0phtCrack) error "Couldn't open SAM\Domains\Account\Users in SAM file. Possibly improper format.""
- Next in thread: Mark Reardon: "Re: pen-testing an information kiosk (breaking out of the application)"
- Maybe reply: Mark Reardon: "Re: pen-testing an information kiosk (breaking out of the application)"
- Maybe reply: alaric_at_alaricsecurity.com: "Re: pen-testing an information kiosk (breaking out of the application)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Apr 2003 09:16:01 -0000 From: <bugtraq@oechslin.net> To: pen-test@securityfocus.com('binary' encoding is not supported, stored as-is)
I have to pen-test information kiosk
It is a networked PC with an application which is supposed to run all the
time and from which it is not possible to exit (other than shuting down
the machine). The application starts when an operator logs in with a
given username and password. I haven't been able to put my hands on the
machine but I'm looking for information to prepare the pen-test.
Except the standard networked-based pen-testing I have to find out if it
is possible to break out of the application and access other applications.
I will also try to boot from another device, but the bios is supposed to
be password protected.
Does anybody know of tools and vulnerabilities specific to this scenario?
thanks,
Philippe
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-pen-test
----------------------------------------------------------------------------
- Previous message: Christopher W. Morris: "RE: LC4 (L0phtCrack) error "Couldn't open SAM\Domains\Account\Users in SAM file. Possibly improper format.""
- Next in thread: Mark Reardon: "Re: pen-testing an information kiosk (breaking out of the application)"
- Maybe reply: Mark Reardon: "Re: pen-testing an information kiosk (breaking out of the application)"
- Maybe reply: alaric_at_alaricsecurity.com: "Re: pen-testing an information kiosk (breaking out of the application)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
