Which of the following attacks is the tester performing?

A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system.

Which of the following attacks is the tester performing?
A . Kiosk escape
B . Arbitrary code execution
C . Process hollowing
D . Library injection

View Answer

Answer: A

Explanation:

A kiosk escape involves breaking out of a restricted environment, such as a kiosk or a single application interface, to access the underlying operating system.

Here ’ s why option A is correct: Kiosk Escape: This attack targets environments where user access is intentionally limited, such as a kiosk or a dedicated application. The goal is to break out of these restrictions and gain access to the full operating system.

Arbitrary Code Execution: This involves running unauthorized code on the system, but the scenario described is more about escaping a restricted environment.

Process Hollowing: This technique involves injecting code into a legitimate process, making it appear benign while executing malicious activities.

Library Injection: This involves injecting malicious code into a running process by loading a malicious

library, which is not the focus in this scenario.

Reference from Pentest:

Forge HTB: Demonstrates techniques to escape restricted environments and gain broader access to the system.

Horizontall HTB: Shows methods to break out of limited access environments, aligning with the

concept of kiosk escape​.

Conclusion:

Option A, Kiosk escape, accurately describes the type of attack where a tester breaks out of a restricted environment to access the underlying operating system.