Attention Kmart Hackers
From DocDroppers
| Author: | dual_parallel |
|---|---|
| Date Released: | Unknown |
| Added to DD: | 21:56, 3 Dec 2004 (EST) |
Kmart is almost as ubiquitous as Wal-Mart, and every bastion of BlueLight is filled with technology to play with. This article explores that technology.
At the Customer Service counter sits one of two public computers running BlueLight.com, Kmart's online shopping application. These computers (the other residing in Electronics or sometimes at Sporting Goods) run NT 4, have LCD monitors, a keyboard and an enclosed trackball where the right mouse button is trapped under plastic. The BlueLight.com application starts automatically, so logging off or shutting down just brings the application right back up. Ctrl+Shift+Esc for 10 or 15 seconds will open infinite Task Managers and crash the machine, but that's not what we want (plus, sysadmins are actually getting around to applying patches and service packs). We want info and access, like browsing all the nodes on Kmart’s big network. Start with BlueLight.
BlueLight.com (v 1.0.55) is an e-commerce application that features products and a shopping cart, running on publicly available NT computers in undoubtedly every Kmart across the nation. The application is a browser, accessing the Internet to transmit selections from the local Kmart to Kmart.com’s servers (kih.kmart.com). BlueLight takes over the machine, running in the foreground. So the first thing to do is to log off by pressing Ctrl+Alt+Delete and Logoff. The machine will cycle quickly, bringing up the NT desktop and then the BlueLight app. Now, do anything to stop the machine from running the BlueLight app. Hit function keys, click something from the Start button, anything. I was lucky. There were some printer configuration problems that popped up an error window and stopped BlueLight.
I left the printer error window alone and started poking around the desktop. I saw that anything significant that could be accessed from the Start button was missing. Task Manager was disabled. The only thing in the system tray was antivirus and...the clock. I double-clicked the clock and the time was correct. Not for long. Windows apps and temporal anomalies don't mix. So I set the year to 1980, clicked Apply, and OK. Dr. Watson promptly crashed.
What can I leverage here? One of the buttons in the Dr. Watson error window was Help. I messed around in Help until I had the option to search for Windows Help files. This gave me an Open File dialog box.
Should I search the C drive, C:\WINNT? No, I went to Network Neighborhood. Kmart has a lot of computers. I only perused a little, but I saw large nets like kmnorthamerica, kminternational, kih.kmart.com - way more than I could write down without being noticed.
I plan to go back and check out Kmart's network, mainly because I believe Kmart is counting on securing unwanted access from the BlueLight computers (which probably have trusted access) to the rest of their network by locking down these NT boxes.
I'm also going back to play with the phones. Kmart uses a Nortel Norstar phone system, with phones hanging on columns throughout the store. Therefore, I'm sure all customers are more than welcome to access these feature-rich phones (see Table 1).
Table 1: Norstar Features
| Background Music | Feature 8 6 |
| Call Forward | Feature 4 |
| Call Pickup | Feature 7 5 |
| Conference/Transfer | Feature 3 |
| Do Not Disturb | Feature 8 5 |
| Exclusive Hold | Feature Hold |
| Last Number Redial | Feature 5 |
| Link | Feature 7 1 |
| Message - Reply | Feature 6 5 |
| Message - Send | Feature 1 |
| Page | Feature 6 0 |
| Program External Autodial | Feature * 1 |
| Program Feature Autodial | Feature *3 |
| Program Internal Autodial | Feature *2 |
| Ring Again | Feature 2 |
| Speed Dial | Feature 0 |
| Transfer (if equipped) | Feature 7 0 |
| Voice Call | Feature 6 6 |
| Voice Call Deny | Feature 8 8 |
| Cancel Features | Feature + # + code |
Extensions are not the same at every store, but this list (see Table 2) should be useful.
Table 2: Kmart Extensions
| 200 | Garage |
| 211 | Auto |
| 222 | Camera |
| 233 | Cash Cage |
| 244 | Check Out 1 |
| 255 | Check Out 2 |
| 266 | Dressing Rm. |
| 277 | Eatery/Deli |
| 288 | Footwear |
| 299 | Garden Ins |
| 300 | Garden Out |
| 311 | Office |
| 322 | Electronics |
| 333 | Housewares |
| 344 | Jewelry |
| 355 | Ladies |
| 366 | Layaway |
| 377 | Manager |
| 388 | Mens & Boys |
| 399 | Personnel |
| 400 | Pharmacy 1 |
| 411 | Pharmacy 2 |
| 414 | Pharmacy 3 |
| 422 | Processing |
| 433 | Receiving |
| 444 | HBA/Reader |
| 455 | Securities |
| 466 | Service Desk 1 |
| 477 | Service Desk 2 |
| 488 | Sporting |
| 499 | Toys |
| 500 | 605 Area |
The POS system at Kmart is IBM centric with Symbol peripherals. Kmart uses IBM 4683 POS terminals with NCR countertop UPC scanners and Checkmate MICR scanners. The pin pads used are Checkmate model CM 2120's, OS 1.07, version 2.1. Gain access to the pin pad by pressing the four small buttons by the LCD screen, and the two bottom-most buttons, green Enter and red Cancel, simultaneously. You'll get a password prompt, where I've yet to guess the correct code. An incorrect password gets
CM2100 Starting O.S...
On the way to the back of the store (towards Layaway), you’ll notice a Symbol Spectrum 4 network controller adapter (NCA) high up on a column. The NCA connects the 4683 POS computers, the Symbol hand-held terminals, and the IBM 4680 server in the back. The Spectrum 4 allows price-update downloads, remote administration of the 4683 terminals, and storewide communication with the hand-helds.
Once in Layaway, you'll find payphones and two terminals, both Symbol LS 7000 II's with bar code guns plugged into Symbol Link LL320's. The first menu on the LS 7000 II's is the Layaway Application Menu, with the following choices:
1. Layaway 2. Store Functions 3. Layaway Reporting 4. End of Day
Basically, the only time to use the Layaway computers is when Layaway is closed. Unfortunately, the End of Day functions have been performed, and a new day has to be initiated to access any other functions.
On a side note, by the pharmacy sits a Health Monitor Center. It's a Vita-Stat computer that measures blood pressure and heart rate. Three buttons adorn the fake wood-veneered, sit-down cabinet - Start, Erase, and Stop. I'd love to see a hack for this, like artificially high readings.
As one can see, Kmart holds a lot of promise - further access on the BlueLight network, exploring the POS system, spoofing heart conditions - all in the name of hacking fun.
- 1-800-866-0086
- Kmart locator
- 1-800-GO-KMART
- Kmart Mastercard
