API tools faq
paste
Hex00010

Social Security Admin+ SSAB - Exploit - Hex00010

Hex00010
Jun 21st, 2012
1,307
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.17 KB | None | 0 0
raw download clone embed print report
  1. Social Security Administration + Social Security Advisory Board Internal Database Leak
  2.  
  3.  
  4. Below is my notes i wrote when auditing SSA + SSAB
  5.  
  6.  
  7. This is one of the exploit information i sent to @Ihazcandy in hope he could get it fixed
  8.  
  9. unless he came at me like i was some skid
  10.  
  11.  
  12. With that said due to his actions and showing me the reality of how White Hat hackers act and that there is truly indeed no one willing to help another person in this world when it comes to this
  13.  
  14. With that said Ihazcandy has shown me the light
  15.  
  16.  
  17. That apparently there just is not people that wants to help one another and even the greatest threats of all ( National Security ) can still not put people together
  18.  
  19. Yet they come at you like your some dipshit and have no idea what your talking about
  20.  
  21.  
  22. But when it hits them in the face they decide to freak out - such as the 2,000 SCADA leak
  23.  
  24.  
  25. Well thankyou ihazcandy i truly want to thank you for inspiring me how white hat hackers truly are
  26.  
  27. You are pathetic , and a disgrace to the Hacking Community
  28.  
  29.  
  30.  
  31.  
  32. ---------------------------------------------------------------------------------------------------------
  33.  
  34. Social Security Administration + Social Security Administration Advisory Board
  35.  
  36.  
  37.  
  38. SSA.gov
  39.  
  40.  
  41. Uses a Security Set - Providers Referr info * Note to self dont fucking type in shit in google dumbass *
  42.  
  43.  
  44. http://70.245.174.181/ - Social Security Office IP
  45.  
  46.  
  47. PORt - 3011 Admin-J511-5873 - What fucking JACE is it
  48.  
  49.  
  50. Social Security Administration Switch - Nigaera
  51.  
  52.  
  53. switches uses LonWork possibly - LonWork - I have exploit on them hmmmm
  54.  
  55.  
  56. http://70.245.174.181/ - moving on
  57.  
  58.  
  59.  
  60. Network Map Matrix USA States
  61.  
  62. Arizona
  63.  
  64.  
  65. Arizona Architecture is using SSL for Security
  66.  
  67. Using Oracle10g for Database Software
  68.  
  69.  
  70. Oracle Application Server
  71.  
  72.  
  73.  
  74.  
  75. Arizona SSA System info
  76.  
  77.  
  78. 1U Quad-Core Dual Core Xon3200 3000 Series ZSuper server Brandname Super micor model super server 60158 T+V
  79.  
  80. Using Linux as OS
  81.  
  82.  
  83. Possible Social Engineering INfo:
  84.  
  85.  
  86. Admin
  87.  
  88. Deb Hemstra
  89.  
  90. 602-364-1261
  91.  
  92. 1818 W Adams Phoenix AZ 85007
  93.  
  94.  
  95.  
  96.  
  97.  
  98.  
  99.  
  100.  
  101. California
  102.  
  103. Is using SSL for Security
  104.  
  105. Using Oracle 9i for Database software
  106. using J2EE for Java Application Server
  107.  
  108. Server type = IBM xSeries 365
  109.  
  110.  
  111. OS : Linux Redhat Linux Enterprise
  112.  
  113.  
  114.  
  115. Social Engineering Info
  116.  
  117. David Fisher
  118. 916-552-9213
  119.  
  120. 1501 Capitol Ave Sacramento Co 95899
  121.  
  122. Dfisher2@dhs.ca.gov
  123.  
  124.  
  125.  
  126.  
  127.  
  128. JCE_5x1 Uses ASCII ENcryption E89
  129.  
  130.  
  131.  
  132. Bureau of Vital Statistics BVS
  133.  
  134. find fire4wall
  135.  
  136.  
  137. Try and see if i can pull GET request from the XMl's off the server
  138.  
  139.  
  140. Jace_51x
  141.  
  142.  
  143.  
  144. tridium niagara (( sample default user name / pass - still need to find the rest ))
  145.  
  146.  
  147.  
  148.  
  149.  
  150.  
  151.  
  152.  
  153.  
  154.  
  155.  
  156.  
  157.  
  158. How to hack the Social Security Administration
  159.  
  160.  
  161.  
  162. you will be targeting the niagara Tridium JACE_51x Controller / Electronic Data Records/ Electronic Death Records/ SSN# etc etc
  163.  
  164.  
  165. port scan ip 70.245.174.181
  166.  
  167.  
  168. ull get port 3011
  169.  
  170.  
  171. 3011 = Jace 51_x
  172.  
  173.  
  174. U can connect either GUI or via Website
  175.  
  176. The Jace 51_x uses 2 options for Security
  177.  
  178.  
  179. 1. SSL
  180.  
  181. 2. VPN
  182.  
  183.  
  184. Lucky you i will provide you with a list of all the systems in each state of the United states of america detailing which system
  185.  
  186. uses SSL or VPN + what operating system they are using + what Database Software and other random info
  187.  
  188.  
  189.  
  190. Things to note:
  191.  
  192.  
  193. WHen you connect to the ip address and start Sniffing the network
  194.  
  195.  
  196. You will have to focus on the HEADER information
  197.  
  198.  
  199.  
  200. When a Staff logins to the Electronic Death Records/ Jace_51x Website it requires a Top Secret PIN + Username + password
  201.  
  202.  
  203. Well the dumbass moron that coded this shit is a complete fucking moron that needs to be fired
  204.  
  205. So what happens is
  206.  
  207.  
  208.  
  209. U send request
  210.  
  211. Firewalll Kicks in
  212. user Logs in
  213. Sends Header information
  214. encrypt via Base64
  215.  
  216.  
  217.  
  218. ---- Where is the fail?
  219.  
  220.  
  221. well for one the dumbass sets up the firewall before the user log's into the application + fuck tard decided to encrypt the data with Base 64 so the whole Firewall is fucking pointless now due to the fact
  222.  
  223. We know what systems use SSL and VPN - Obviously to get the SSL u will have to Sniff - etc etc im going to assume u know how to do that
  224.  
  225.  
  226.  
  227. When ever u get that cert start to sniff
  228.  
  229. pull Base4 Encoder information
  230.  
  231. Decrypt
  232.  
  233. Login
  234.  
  235.  
  236. You now have 100% access to the United States Social Security Administration
  237.  
  238. -------------------------------------------------------------------------------------
  239.  
  240.  
  241.  
  242.  
  243.  
  244.  
  245. Social Security Administration Advisory Board
  246.  
  247.  
  248. I reported this vuln back in 2006 and it has been active ever since then
  249.  
  250.  
  251. Just drop the db's tis just a SQLI
  252.  
  253.  
  254. http://www.ssab.gov/PublicationViewOptions.aspx?ssab_pub=-104%27
  255.  
  256.  
  257.  
  258.  
  259.  
  260.  
  261. ----------------------------------------------------------------------------------------
  262.  
  263.  
  264.  
  265. You can thank ihazcandy everyone for showing us the reality of the facts of hacking
  266.  
  267. there is truly no one willing to help
  268.  
  269. with that said everyone give a big fuck you to ihazcandy
  270.  
  271.  
  272.  
  273. By: Hex00010
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!