Public Access
by Insert Name Here
By now I'm sure almost everyone has seen public computers that can be used to access the Internet for a fee.
Most times they're in a mall or a PX (if on a military installation) and allow you free access to a certain website (like the ones found in Best Buy and the like).
Well, I'm here to tell you about a little exploit that can be used to gain access to a regular Internet Explorer window that will allow you to enter your own URL thereby allowing you to surf to any site you choose, not just the one(s) the company wants you to see.
In order to execute this properly, you'll need some kind of media file that is available on the free-to-view website.
In my case it was a ringtone sample from a cell phone ad. When you click the link to the media file, Windows Media Player opens up to play the file.
Immediately click "Stop" (not like you really care about the ringtone anyways). Then expand Windows Media Player so you can see the "File" menu up on top.
Click on "Tools" then select "Plug-ins" and another little file menu window will pop up on the side. Select "Download Additional Plug-ins" and lo and behold, a nice IE window should pop up.
Now, depending on how well (in)secured the system is, a number of things could happen.
In my case the computer allowed almost full use of IE, however the actual "File" part of the file menu was hidden, so you couldn't use it to open files on the hard drive or open any more IE windows.
Alt+N was disabled as well, so no new IE windows that way.
Alt+Tab was disabled, so no switching between running applications.
In fact, it seemed that most every Alt+[key] and [Windows Key]+[key] combination were disabled.
Also, they disallowed IE access to the hard drive, so typing something like file://c:/ in the URL box just popped up a message stating that access to that was not allowed or something to that effect.
One nice thing was that AIM and Yahoo! instant messengers both put icons on the IE toolbar, so I could launch those apps without any trouble at all.
This just goes to show that no matter how locked down a computer system is, something is always missed.
The system admins took care to lock down just about everything I could think of, but they forgot Windows Media Player because presumably there was no way for any user to access it, authorized or not. They didn't take into account, however, the fact that maybe another program might launch it, like Internet Explorer did for me.
Sadly, us hackers seem to be better at their jobs than they are. Take for example the computer I'm on now. Every computer in the room is down because of a bad patch that was applied in the middle of the night, apart from this one.
But the keyboard wasn't working. The tech came in to look at it, couldn't figure it out, and then left. A few minutes back there yielded a bad keyboard extension cable. Sometimes things are so painfully obvious it makes me wonder how they ever got their jobs...
O.K., enough of my ranting.
Good luck on your hacking adventures, fellow technology enthusiasts.