Defacing Endpoint PC’s Or How did I get free internet all over New Zealand

It’s always a challenge encountering a “protected” machine.
Whether it’s a thin client, a windows or a linux pc.
I always find it intriguing to “Jail Break” those machines.
I’m writing this post from a Linux Kiwi parks machine after doing some of the following tricks which I’ll explain shortly, but first. 

The following describes how to bypass end point PC’s protection which I’ve found all over NZ.

Global Gossip

A communication services for travelers spread throughout New Zealand, Mostly in Base backpackers,

Their machines runs on windows OS, When the OS boots you have the option to enter your credentials (User and password bought from the reception), or the option for Free Browsing.

The Free browser, offers a limited number of sites, usually offering deals around the specific area.

The Free Browser application is a wrapped .net application that build upon Internet Explorer web engine (Trident).
The application contains limited navigation buttons such as Back, Forward, Refresh,Home and no URL Address bar.

What most of those wrapped application tend forgot is to hook the Keyboard shortcuts, From Ctrl+P to Ctrl+O, WIN+R and so.

What if One presses Ctrl+O, then hit the browse button, A Microsoft Open Dialog window appear,

Here’s how to deface it:

1.Press Ctrl+O brings up the dialog.
2.Since the default option is to open file types of .html files and we want to open application files next step is to enter the ‘*’ char and then presses Enter to open all file types.
3.Since we are using a normal Open Dialog window we just navigate to a less restrictive browser, say Internet Explorer path, Right click on Iexplorer.exe and than Open, and… Eureka,
A new, unrestricted browser just opened,and, no internet restriction.

That’s All?

Well… No.

Free but limited as there is a background service that checks for the Idle of the Free browser process and after 3 minutes of  Idle time it logs off the user.

What can I Do?

There are 2 ways to bypass this service:
Either manually, every 2 minutes or so click on the Free Browser or just write a small script to do it for you (Duh).

Another option to bypass it, is to boot your OS from a different device,
You can boot from a USB or any CD on those stations (I suggests Bart PE, or Ubuntu Live).

Kiwi Park linux station

Quite safe box, This box uses a 2$ coin machine to operate.
Run by a linux OS, this box offer some desktop launcher shortcuts (Skype, Firefox),
when you try to open those, you’ll get a “limited station – Please login” message box.

Beside those limited launchers, there’s also another launcher icon, called Free – IAC location map & support and that’s our back door.

Here’s how to deface it:

1.Click the Free – IAC location map & support icon, which opens Mozilla’s Firefox 3.0.12 (Very old and exploitable version).

2.Navigate to Tools->Web Search (Or Ctrl+J) which opens the Mozilla Firefox Start Page with google search box showed in it.

That’s All?

Well… No.

Apparently, searching through Google works, though other sites are limited (By proxy).
You can however log into your mail, go through cached versions of sites, And even open any PDF, Doc (Or other supported format) document by pressing Quick View (Google download it directly to your mail so it’s quite easy).

Final thoughts

if you’re trying to protect an End Point box:

  • Disable the use of Keyboard shortcuts.
  • Restrict your Firewall / Proxy only to the sites you provide freely.
  • Try to use an updated version for the Browser Engine.
  • And as always, Don’t count on Client side.

One thought on “Defacing Endpoint PC’s Or How did I get free internet all over New Zealand

  1. Matthias says:

    Did you get around the Wifi block site for “Global Gossip Communications”? I don’t want to use thoose fucked up pc and type in sensetive data…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s