Gleb Cherbov - DBO Hacking — arch bugs in BSS

499 views
350 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
499
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Gleb Cherbov - DBO Hacking — arch bugs in BSS

  1. 1. Arch bugs in BSS Gleb Cherbov Security Researcher Digital Security (ERPScan)
  2. 2. Arch bugs in BSS Banking © 2002—2013, Digital Security 2
  3. 3. Arch bugs in BSS Internet banking. Client side © 2002—2013, Digital Security 3
  4. 4. Arch bugs in BSS How it worx WEB Server + App Server DBMS ABS Operator © 2002—2013, Digital Security Operator’s environment 4
  5. 5. Arch bugs in BSS How it worx WEB Server + App Server DBMS ABS Operator © 2002—2013, Digital Security Operator’s environment 5
  6. 6. Arch bugs in BSS How it worx WEB Server + App Server DBMS ABS Operator © 2002—2013, Digital Security Operator’s environment 6
  7. 7. Arch bugs in BSS How it worx WEB Server + App Server DBMS ABS Operator © 2002—2013, Digital Security Operator’s environment 7
  8. 8. Arch bugs in BSS Select a target WEB Server + App Server DBMS ABS Operator © 2002—2013, Digital Security Operator’s environment 8
  9. 9. Arch bugs in BSS Select a target WEB Server + App Server DBMS ABS Operator © 2002—2013, Digital Security Operator’s environment 9
  10. 10. Arch bugs in BSS Select a target WEB Server + App Server DBMS ABS Operator © 2002—2013, Digital Security Operator’s environment 10
  11. 11. Arch bugs in BSS Authentication oper_login oper_pass Operator © 2002—2013, Digital Security dbo_admin Operator’s environment DBMS 11
  12. 12. Arch bugs in BSS Dbo_admin • dbo_admin is the only account at DBMS • dbo_admin has full access • every operator can connect to DBMS directly • oper auth on app side © 2002—2013, Digital Security 12
  13. 13. Arch bugs in BSS Lookin’ for a passwd dbo_admin password is encrypted and stored in a .cfg file near the app © 2002—2013, Digital Security 13
  14. 14. Arch bugs in BSS Quote “it’s impossible to decrypt it” (c) BSS support © 2002—2013, Digital Security 14
  15. 15. Arch bugs in BSS Let’s take a look RSA modulus RSA private exp Unusual base64 alphabet © 2002—2013, Digital Security 15
  16. 16. Arch bugs in BSS Let’s take a look Well… looks like base64? © 2002—2013, Digital Security 16
  17. 17. Arch bugs in BSS Also… Innovative password storage widely used in BSS products With the same hardcoded RSA key © 2002—2013, Digital Security 17
  18. 18. Arch bugs in BSS Malware WEB Server + App Server DBMS ABS Get conf file Decrypt dbo_admin pass Wreak havoc Operator © 2002—2013, Digital Security Operator’s environment 18
  19. 19. Arch bugs in BSS Attack vector? •Insider •Targeted attack •Malware © 2002—2013, Digital Security 19
  20. 20. Arch bugs in BSS Tricky data manipulations © 2002—2013, Digital Security 20
  21. 21. Questions? Digital Security in Moscow: +7 (495) 223-07-86 Digital Security in Saint Petersburg: +7 (812) 703-15-47 www.dsec.ru www.erpscan.com info@dsec.ru

×