Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Uniguest bypass


Uniguest bypass

By ghostghost | 24125 Reads |
0     0

I don’t know how often I’ve gone to a motel and saw that accursed 9.95$ for one night of internet and found myself thinking screw that crap. Well after some touring a majority of people in the same situation as me stumbled across the business center and saw free access computers with internet. You immediately check out the system (assuming you remembered that danged room key) and look at the computer wondering what the heck type of system it’s running.

The two most common systems I’ve seen on my travels are the iBahn and Uniguest systems, both are based off of Windows XP and IE 6 from analysis. The one I will deal with in this paper is the Uniguest system.

As a common teenager I felt a compulsive desire to look at my Facebook but much to my annoyance the site was blocked from the login afterwards, but I really have to wonder about the competence of the Uniguest developers after what I found. After attempting to login to facebook it immediately blanked the page and halted loading, so I typed in facebook.com to the address bar and bingo, I was in, easy as that. It’s a miracle I didn’t attract security with the compulsive laughing that followed as simply exiting the popups allowed me to browse freely. It was at this point I wondered what exactly was possible with the system.

I put in a jump drive in attempts to access a few files I had that I needed to finish up for a class to find that the jump drive was inaccessible and conveniently missing from the file browser. Being that the system is seemingly based entirely off of IE 6 I used the browser to open the file, strangely it worked. I got curious again, though attempts to relocate to the C drive were unsuccessful at best, they at least covered that much.

It also seems that executable files are completely blocked on the system, which I can’t say surprised me. The only openable files are the ones that the system had “programs” for.

For whatever reason I hit the escape key while browsing to try and exit a window and found something of extreme interest: Unlock System. You can imagine what could happen from here but alas time was not in my favor on this one.

Past this I didn’t have any time left to experiment but I do have theories as to further exploitations that may be available to use. If anyone tries these I am not responsible for what may happen.

Theory 1: System is completely based off of iFrame or related media inside IE6. Crashing IE6 may generate hole.

Theory 2: Most file navigation is blocked, though some files are still available, possibility that filter is selective rather than all-inclusive, possible hole.

Theory 3: Possibility that not all extensions are blocked, seeing as IE6 is vulnerable to multiple exploitations already as well as WinXP it is plausible that ActiveX or other common holes can be used to install programs and bypass kiosk software.

Theory 4: If theory 3 holds true installation of basic keylogger or other viral program may be possible allowing complete manipulation of system. Also could allow installation of FireFox or other browser which would likely be unrestricted.

Theory 5: Aurora may be usable if willing to pay for Internet access or T3 holds true and shell exploitation software is installed.

Have fun and remember I’m not responsible for anything that may happen as a result of using anything in this tutorial.

Comments
ghost's avatar
ghost 14 years ago

<quote>It’s a miracle I didn’t attract security with the compulsive laughing that followed</quote>

made my day hahaha

korg's avatar
korg 14 years ago

Not actually informative, lack of good content IMO.

ghost's avatar
ghost 14 years ago

What was supposed to be the point of this post? All you succeeded in doing was accessing Facebook. Doesn't seem like much of an accomplishment. You could've done that with a proxy site. Sure IE6 is vulnerable, but I doubt that they are only using IE6 to protect the machine. It's probably wrapped in the shell of another program which makes it much harder to circumvent.

Here's the information you presented to us:

  1. You got to Facebook when apparently it blocked you at first

  2. Nothing else

As far as your theories are concerned, you've not given us much to think about. As I said earlier, if you wen't able to ctrl+alt+del out of the program, then it's not simply IE6 by itself. File navigation is most likely a whitelist and not a blacklist. Can't circumvent that. You're also overlooking a huge thing here: this system is probably being run in a user account. Even if you succeeded in getting out of the program and back to the login screen, you still don't know an administrator user/pass.

Bottom line - you didn't figure anything out.

ellipsis's avatar
ellipsis 14 years ago

I would have checked hot keys first. Can you use file:///C:/ to access the computer's hard disk? I remember seeing multiple machines like that during my stay in Nevada at a BPA Nationals competition. The ones in my hotel required that you either swipe a card given by an issuer or put in a $1 bill per 1 minute . I'm sure if you had more time with the subject, you could have written a much better article. Et cetera.

ghost's avatar
ghost 13 years ago

Why didnt you at least put the default password (thats almost never changed in my experience) in the article. tv4shawn

idlecomet's avatar
idlecomet 13 years ago

I thought it was a very nice article :-D But I hate facebook. And people. And places. And things.