Whether it’s a thin client, a windows or a linux pc.
I always find it intriguing to “Jail Break” those machines.
I’m writing this post from a Linux Kiwi parks machine after doing some of the following tricks which I’ll explain shortly, but first.
The following describes how to bypass end point PC’s protection which I’ve found all over NZ.
A communication services for travelers spread throughout New Zealand, Mostly in Base backpackers,
The Free browser, offers a limited number of sites, usually offering deals around the specific area.
What most of those wrapped application tend forgot is to hook the Keyboard shortcuts, From Ctrl+P to Ctrl+O, WIN+R and so.
What if One presses Ctrl+O, then hit the browse button, A Microsoft Open Dialog window appear,
Here’s how to deface it:
1.Press Ctrl+O brings up the dialog.
2.Since the default option is to open file types of .html files and we want to open application files next step is to enter the ‘*’ char and then presses Enter to open all file types.
3.Since we are using a normal Open Dialog window we just navigate to a less restrictive browser, say Internet Explorer path, Right click on Iexplorer.exe and than Open, and… Eureka,
A new, unrestricted browser just opened,and, no internet restriction.
Free but limited as there is a background service that checks for the Idle of the Free browser process and after 3 minutes of Idle time it logs off the user.
What can I Do?
There are 2 ways to bypass this service:
Either manually, every 2 minutes or so click on the Free Browser or just write a small script to do it for you (Duh).
You can boot from a USB or any CD on those stations (I suggests Bart PE, or Ubuntu Live).
Quite safe box, This box uses a 2$ coin machine to operate.
Run by a linux OS, this box offer some desktop launcher shortcuts (Skype, Firefox),
when you try to open those, you’ll get a “limited station – Please login” message box.
Beside those limited launchers, there’s also another launcher icon, called Free – IAC location map & support and that’s our back door.
Here’s how to deface it:
1.Click the Free – IAC location map & support icon, which opens Mozilla’s Firefox 3.0.12 (Very old and exploitable version).
2.Navigate to Tools->Web Search (Or Ctrl+J) which opens the Mozilla Firefox Start Page with google search box showed in it.
Apparently, searching through Google works, though other sites are limited (By proxy).
You can however log into your mail, go through cached versions of sites, And even open any PDF, Doc (Or other supported format) document by pressing Quick View (Google download it directly to your mail so it’s quite easy).
if you’re trying to protect an End Point box:
- Disable the use of Keyboard shortcuts.
- Restrict your Firewall / Proxy only to the sites you provide freely.
- Try to use an updated version for the Browser Engine.
- And as always, Don’t count on Client side.