More Kiosk Hacking - Getting a remote shell on a kiosk
Here's a little idea I just came up with. Let's say that for example, there's a help-kiosk situated somewhere in your local town center. Kiosks are usually hooked up to the internet (for remote access by whoever maintains them) and some may even have an accessible web browser on them. If you can't find a browser, pop yourself into the regular Windows GUI and open up Internet Explorer 
When you're in a web environment, you should browse to a website which you created earlier, hosting some kind of exploit on. This may be a Java exploit, the classic aurora exploit or basically anything you want to try. The important thing to remember is that kiosks aren't usually all up to date with the latest patches, because let's face it - the company who sets them up probably has better things to do and they just don't expect them to get hacked. Once you've browsed to the website hosting your exploit, you'll notice that you'll get a session on your laptop running Backtrack and Meterpreter (you see where this is going...)
You've got your session, now pop the kiosk back into it's regular mode and go back to your Backtrack session. You now have a remote shell, do whatever the fuck you want;
Install a backdoor for later access.
Keylog people using the kiosk
Snoop through files, etc etc etc.
When you're in a web environment, you should browse to a website which you created earlier, hosting some kind of exploit on. This may be a Java exploit, the classic aurora exploit or basically anything you want to try. The important thing to remember is that kiosks aren't usually all up to date with the latest patches, because let's face it - the company who sets them up probably has better things to do and they just don't expect them to get hacked. Once you've browsed to the website hosting your exploit, you'll notice that you'll get a session on your laptop running Backtrack and Meterpreter (you see where this is going...)
You've got your session, now pop the kiosk back into it's regular mode and go back to your Backtrack session. You now have a remote shell, do whatever the fuck you want;
Install a backdoor for later access.
Keylog people using the kiosk
Snoop through files, etc etc etc.