daily pastebin goal
15%
SHARE
TWEET

Major Airlines - HACKED

a guest Jun 13th, 2012 5,936 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // c0mrade
  2. // 6-13-12
  3.  
  4. Hello, world.
  5.  
  6. I'm officially a white-hat.  
  7.  
  8. Major Airlines are affected by a major exploit. Among those affected include:
  9.  
  10. American Airlines
  11. United Airlines
  12. Vietnam Airlines
  13. Sabre Airlines
  14.  
  15. Here's what I have access to:
  16.  
  17. =>Internal Access to both airports.
  18. =>Booking Flights, Ticketing Info, Hotel Booking, etc.
  19. =>Card Swaps.
  20. =>Employee Info, etc
  21. =>Flight Info, Passenger info, etc.
  22. =>Multiple vulnerabilities among the software they're running.
  23.  
  24. The vulnerability was simple. Amongst those vulnerable, all were exploited. How did I do this? Simple:
  25.  
  26. => We found an exploit which enabled the right for us to download all the attachments on the site.
  27. => Amongst the things we found was an Application system used for the Airports.
  28. => We tested the software for vulnerabilities.
  29. => Pew! We got past the Employee-Log in.
  30.  
  31. Furthermore, the piece of software was mildly outdated. I setup a file to pull any file it can get to. I got some coffee and came back. It pulled tons of information. I found this important to an extent as nobody else has ever been there.
  32.  
  33. Picture 1:
  34.  
  35. http://i50.tinypic.com/ev73fs.png
  36.  
  37. Picture 2:
  38.  
  39. http://i47.tinypic.com/ofo5rp.png
  40.  
  41. Picture 3:
  42.  
  43. http://i48.tinypic.com/ibicmv.png
  44.  
  45. I couldn't do much in the beginning as everything was local. I then got access to a configuration system which mildly accepted the file type, ".properties" - I found around four files pertaining to it, these being: editor.properties, pm.properties, qik.properties, and taconfig.properties. I had the ability to switch the key system from !local to !remote. Meaning, I could have logged card swaps, passenger info, and much, much more.
  46.  
  47. Insight:
  48.  
  49. Protocol: DNS
  50. => hsspconfig.sabre.com
  51. => ACCESS.SABRE.COM
  52. =======================
  53. !  151.193.141.254:54483
  54. !  American Airlines (h00lyshit)
  55. !  taconfig.key = XSTBCKA001
  56. =======================
  57. Host Name - sabre:hssup:uii_host
  58. Line IATA: 000000
  59. Pool Name: VNOCCNBA
  60. =======================
  61.  
  62. This will be getting reported to all major airlines very soon. I'm just addressing the public first so they know what happened.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top