Arch bugs in BSS Gleb Cherbov Security Researcher Digital Security (ERPScan) - презентация

1 Arch bugs in BSS Gleb Cherbov Security Researcher Digital Security (ERPScan)

2 © , Digital Security Banking 2 Arch bugs in BSS

3 © , Digital Security 3 Arch bugs in BSS Internet banking. Client side

4 © , Digital Security How it worx 4 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment

5 © , Digital Security How it worx 5 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment

6 © , Digital Security How it worx 6 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment

7 © , Digital Security How it worx 7 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment

8 © , Digital Security Select a target 8 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment SQL injection Insider attack

9 © , Digital Security Select a target 9 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment

10 © , Digital Security Select a target 10 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment

11 © , Digital Security 11 Arch bugs in BSS Operators environment OperatorDBMS oper_login oper_pass dbo_admin Authentication

12 © , Digital Security 12 Arch bugs in BSS dbo_admin is the only account at DBMS dbo_admin has full access every operator can connect to DBMS directly oper auth on app side Dbo_admin

13 © , Digital Security 13 Arch bugs in BSS dbo_admin password is encrypted Lookin for a passwd and stored in a.cfg file near the app

14 © , Digital Security 14 Arch bugs in BSS Quote its impossible to decrypt it (c) BSS support

15 © , Digital Security 15 Arch bugs in BSS Lets take a look RSA modulus RSA private exp Unusual base64 alphabet

16 © , Digital Security 16 Arch bugs in BSS Lets take a look Well… looks like base64?

17 © , Digital Security 17 Arch bugs in BSS Also… Innovative password storage widely used in BSS products With the same hardcoded RSA key

18 © , Digital Security Malware 18 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment Get conf file Decrypt dbo_admin pass Wreak havoc

19 © , Digital Security 19 Arch bugs in BSS Attack vector? Insider Targeted attack Malware

20 © , Digital Security 20 Arch bugs in BSS Tricky data manipulations

21 Digital Security in Moscow: +7 (495) Digital Security in Saint Petersburg: +7 (812) Questions?