Search K
Appearance
Escaping from KIOSKs โ
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the ๐ฌ Discord group or the telegram group or follow us on Twitter ๐ฆ @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
WhiteIntel โ
.DpJ-1xPd.png)
WhiteIntel is a dark-web fueled search engine that offers free functionalities to check if a company or its customers have been compromised by stealer malwares.
Their primary goal of WhiteIntel is to combat account takeovers and ransomware attacks resulting from information-stealing malware.
You can check their website and try their engine for free at:
โ๏ธ External Link
Check physical device โ
| Component | Action |
|---|---|
| Power button | Turning the device off and on again may expose the start screen |
| Power cable | Check whether the device reboots when the power is cut off briefly |
| USB ports | Connect physical keyboard with more shortcuts |
| Ethernet | Network scan or sniffing may enable further exploitation |
Check for possible actions inside the GUI application โ
Common Dialogs are those options of saving a file, opening a file, selecting a font, a color... Most of them will offer a full Explorer functionality. This means that you will be able to access Explorer functionalities if you can access these options:
- Close/Close as
- Open/Open with
- Export/Import
- Search
- Scan
You should check if you can:
- Modify or create new files
- Create symbolic links
- Get access to restricted areas
- Execute other apps
Command Execution โ
Maybe using a Open with option** you can open/execute some kind of shell.
Windows โ
For example cmd.exe, command.com, Powershell/Powershell ISE, mmc.exe, at.exe, taskschd.msc... find more binaries that can be used to execute commands (and perform unexpected actions) here: https://lolbas-project.github.io/
*NIX __ โ
bash, sh, zsh... More here: https://gtfobins.github.io/
Windows โ
Bypassing path restrictions โ
- Environment variables: There are a lot of environment variables that are pointing to some path
- Other protocols: about:, data:, ftp:, file:, mailto:, news:, res:, telnet:, view-source:
- Symbolic links
- Shortcuts: CTRL+N (open new session), CTRL+R (Execute Commands), CTRL+SHIFT+ESC (Task Manager), Windows+E (open explorer), CTRL-B, CTRL-I (Favourites), CTRL-H (History), CTRL-L, CTRL-O (File/Open Dialog), CTRL-P (Print Dialog), CTRL-S (Save As)
- Hidden Administrative menu: CTRL-ALT-F8, CTRL-ESC-F9
- Shell URIs: shell:Administrative Tools, shell:DocumentsLibrary, shell:Librariesshell:UserProfiles, shell:Personal, shell:SearchHomeFolder, shell:Systemshell:NetworkPlacesFolder, shell:SendTo, shell:UsersProfiles, shell:Common Administrative Tools, shell:MyComputerFolder, shell:InternetFolder
- UNC paths: Paths to connect to shared folders. You should try to connect to the C$ of the local machine ("\\127.0.0.1\c$\Windows\System32")
- More UNC paths:
| UNC | UNC | UNC |
|---|---|---|
| %ALLUSERSPROFILE% | %APPDATA% | %CommonProgramFiles% |
| %COMMONPROGRAMFILES(x86)% | %COMPUTERNAME% | %COMSPEC% |
| %HOMEDRIVE% | %HOMEPATH% | %LOCALAPPDATA% |
| %LOGONSERVER% | %PATH% | %PATHEXT% |
| %ProgramData% | %ProgramFiles% | %ProgramFiles(x86)% |
| %PROMPT% | %PSModulePath% | %Public% |
| %SYSTEMDRIVE% | %SYSTEMROOT% | %TEMP% |
| %TMP% | %USERDOMAIN% | %USERNAME% |
| %USERPROFILE% | %WINDIR% |
Download Your Binaries โ
Console: https://sourceforge.net/projects/console/
Explorer: https://sourceforge.net/projects/explorerplus/files/Explorer%2B%2B/
Registry editor: https://sourceforge.net/projects/uberregedit/
Accessing filesystem from the browser โ
| PATH | PATH | PATH | PATH |
|---|---|---|---|
| File:/C:/windows | File:/C:/windows/ | File:/C:/windows\ | File:/C:\windows |
| File:/C:\windows\ | File:/C:\windows/ | File://C:/windows | File://C:/windows/ |
| File://C:/windows\ | File://C:\windows | File://C:\windows/ | File://C:\windows\ |
| C:/windows | C:/windows/ | C:/windows\ | C:\windows |
| C:\windows\ | C:\windows/ | %WINDIR% | %TMP% |
| %TEMP% | %SYSTEMDRIVE% | %SYSTEMROOT% | %APPDATA% |
| %HOMEDRIVE% | %HOMESHARE | <p> </p> |
ShortCuts โ
- Sticky Keys โ Press SHIFT 5 times
- Mouse Keys โ SHIFT+ALT+NUMLOCK
- High Contrast โ SHIFT+ALT+PRINTSCN
- Toggle Keys โ Hold NUMLOCK for 5 seconds
- Filter Keys โ Hold right SHIFT for 12 seconds
- WINDOWS+F1 โ Windows Search
- WINDOWS+D โ Show Desktop
- WINDOWS+E โ Launch Windows Explorer
- WINDOWS+R โ Run
- WINDOWS+U โ Ease of Access Centre
- WINDOWS+F โ Search
- SHIFT+F10 โ Context Menu
- CTRL+SHIFT+ESC โ Task Manager
- CTRL+ALT+DEL โ Splash screen on newer Windows versions
- F1 โ Help F3 โ Search
- F6 โ Address Bar
- F11 โ Toggle full screen within Internet Explorer
- CTRL+H โ Internet Explorer History
- CTRL+T โ Internet Explorer โ New Tab
- CTRL+N โ Internet Explorer โ New Page
- CTRL+O โ Open File
- CTRL+S โ Save CTRL+N โ New RDP / Citrix
Swipes โ
- Swipe from the left side to the right to see all open Windows, minimizing the KIOSK app and accessing the whole OS directly;
- Swipe from the right side to the left to open Action Center, minimizing the KIOSK app and accessing the whole OS directly;
- Swipe in from the top edge to make the title bar visible for an app opened in full screen mode;
- Swipe up from the bottom to show the taskbar in a full screen app.
Internet Explorer Tricks โ
'Image Toolbar' โ
It's a toolbar that appears on the top-left of image when it's clicked. You will be able to Save, Print, Mailto, Open "My Pictures" in Explorer. The Kiosk needs to be using Internet Explorer.
Shell Protocol โ
Type this URLs to obtain an Explorer view:
shell:Administrative Toolsshell:DocumentsLibraryshell:Librariesshell:UserProfilesshell:Personalshell:SearchHomeFoldershell:NetworkPlacesFoldershell:SendToshell:UserProfilesshell:Common Administrative Toolsshell:MyComputerFoldershell:InternetFolderShell:ProfileShell:ProgramFilesShell:SystemShell:ControlPanelFolderShell:Windowsshell:::{21EC2020-3AEA-1069-A2DD-08002B30309D}--> Control Panelshell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}--> My Computershell:::{{208D2C60-3AEA-1069-A2D7-08002B30309D}}--> My Network Placesshell:::{871C5380-42A0-1069-A2EA-08002B30309D}--> Internet Explorer
Show File Extensions โ
Check this page for more information: https://www.howtohaven.com/system/show-file-extensions-in-windows-explorer.shtml
Browsers tricks โ
Backup iKat versions:
http://swin.es/k/
http://www.ikat.kronicd.net/\
Create a common dialog using JavaScript and access file explorer: document.write('<input/type=file>')
Source: https://medium.com/@Rend\_/give-me-a-browser-ill-give-you-a-shell-de19811defa0
iPad โ
Gestures and bottoms โ
- Swipe up with four (or five) fingers / Double-tap Home button: To view the multitask view and change App
- Swipe one way or another with four or five fingers: In order to change to the next/last App
- Pinch the screen with five fingers / Touch Home button / Swipe up with 1 finger from the bottom of the screen in a quick motion to the up: To access Home
- Swipe one finger from the bottom of the screen just 1-2 inches (slow): The dock will appear
- Swipe down from the top of the display with 1 finger: To view your notifications
- Swipe down with 1 finger the top-right corner of the screen: To see iPad Pro's control centre
- Swipe 1 finger from the left of the screen 1-2 inches: To see Today view
- Swipe fast 1 finger from the centre of the screen to the right or left: To change to next/last App
- Press and hold the On/Off/Sleep button at the upper-right corner of the iPad + Move the Slide to power off slider all the way to the right: To power off
- Press the On/Off/Sleep button at the upper-right corner of the iPad and the Home button for a few second: To force a hard power off
- Press the On/Off/Sleep button at the upper-right corner of the iPad and the Home button quickly: To take a screenshot that will pop up in the lower left of the display. Press both buttons at the same time very briefly as if you hold them a few seconds a hard power off will be performed.
Shortcuts โ
You should have an iPad keyboard or a USB keyboard adaptor. Only shortcuts that could help escaping from the application will be shown here.
| Key | Name |
|---|---|
| โ | Command |
| โฅ | Option (Alt) |
| โง | Shift |
| โฉ | Return |
| โฅ | Tab |
| ^ | Control |
| โ | Left Arrow |
| โ | Right Arrow |
| โ | Up Arrow |
| โ | Down Arrow |
System shortcuts โ
These shortcuts are for the visual settings and sound settings, depending on the use of the iPad.
| Shortcut | Action |
|---|---|
| F1 | Dim Sscreen |
| F2 | Brighten screen |
| F7 | Back one song |
| F8 | Play/pause |
| F9 | Skip song |
| F10 | Mute |
| F11 | Decrease volume |
| F12 | Increase volume |
| โ Space | Display a list of available languages; to choose one, tap the space bar again. |
iPad navigation โ
| Shortcut | Action |
|---|---|
| โH | Go to Home |
| โโงH (Command-Shift-H) | Go to Home |
| โ (Space) | Open Spotlight |
| โโฅ (Command-Tab) | List last ten used apps |
| โ~ | Go t the last App |
| โโง3 (Command-Shift-3) | Screenshot (hovers in bottom left to save or act on it) |
| โโง4 | Screenshot and open it in the editor |
| Press and hold โ | List of shortcuts available for the App |
| โโฅD (Command-Option/Alt-D) | Brings up the dock |
| ^โฅH (Control-Option-H) | Home button |
| ^โฅH H (Control-Option-H-H) | Show multitask bar |
| ^โฅI (Control-Option-i) | Item chooser |
| Escape | Back button |
| โ (Right arrow) | Next item |
| โ (Left arrow) | Previous item |
| โโ (Up arrow, Down arrow) | Simultaneously tap selected item |
| โฅ โ (Option-Down arrow) | Scroll down |
| โฅโ (Option-Up arrow) | Scroll up |
| โฅโ or โฅโ (Option-Left arrow or Option-Right arrow) | Scroll left or right |
| ^โฅS (Control-Option-S) | Turn VoiceOver speech on or off |
| โโงโฅ (Command-Shift-Tab) | Switch to the previous app |
| โโฅ (Command-Tab) | Switch back to the original app |
| โ+โ, then Option + โ or Option+โ | Navigate through Dock |
Safari shortcuts โ
| Shortcut | Action |
|---|---|
| โL (Command-L) | Open Location |
| โT | Open a new tab |
| โW | Close the current tab |
| โR | Refresh the current tab |
| โ. | Stop loading the current tab |
| ^โฅ | Switch to the next tab |
| ^โงโฅ (Control-Shift-Tab) | Move to the previous tab |
| โL | Select the text input/URL field to modify it |
| โโงT (Command-Shift-T) | Open last closed tab (can be used several times) |
| โ[ | Goes back one page in your browsing history |
| โ] | Goes forward one page in your browsing history |
| โโงR | Activate Reader Mode |
Mail shortcuts โ
| Shortcut | Action |
|---|---|
| โL | Open Location |
| โT | Open a new tab |
| โW | Close the current tab |
| โR | Refresh the current tab |
| โ. | Stop loading the current tab |
| โโฅF (Command-Option/Alt-F) | Search in your mailbox |
References โ
- https://www.macworld.com/article/2975857/6-only-for-ipad-gestures-you-need-to-know.html
- https://www.tomsguide.com/us/ipad-shortcuts,news-18205.html
- https://thesweetsetup.com/best-ipad-keyboard-shortcuts/
- http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html
WhiteIntel โ
WhiteIntel is a dark-web fueled search engine that offers free functionalities to check if a company or its customers have been compromised by stealer malwares.
Their primary goal of WhiteIntel is to combat account takeovers and ransomware attacks resulting from information-stealing malware.
You can check their website and try their engine for free at:
โ๏ธ External Link
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the ๐ฌ Discord group or the telegram group or follow us on Twitter ๐ฆ @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.