Monday, June 18, 2012

Major Airlines - HACKED

 Hello, world.

Major Airlines are affected by a major exploit. Among those affected include:

American Airlines
United Airlines
Vietnam Airlines
Sabre Airlines

Here's what I have access to:

=>Internal Access to both airports.
=>Booking Flights, Ticketing Info, Hotel Booking, etc.
=>Card Swaps.
=>Employee Info, etc
=>Flight Info, Passenger info, etc.
=>Multiple vulnerabilities among the software they're running.

The vulnerability was simple. Amongst those vulnerable, all were exploited. How did I do this? Simple:

=> We found an exploit which enabled the right for us to download all the attachments on the site.
=> Amongst the things we found was an Application system used for the Airports.
=> We tested the software for vulnerabilities.
=> Pew! We got past the Employee-Log in.

Furthermore, the piece of software was mildly outdated. I setup a file to pull any file it can get to. I got some coffee and came back. It pulled tons of information. I found this important to an extent as nobody else has ever been there.

I couldn't do much in the beginning as everything was local. I then got access to a configuration system which mildly accepted the file type, ".properties" - I found around four files pertaining to it, these being:,,, and I had the ability to switch the key system from !local to !remote. Meaning, I could have logged card swaps, passenger info, and much, much more.


Protocol: DNS
American Airlines (h00lyshit)
taconfig.key = XSTBCKA001
Host Name - sabre:hssup:uii_host
Line IATA: 000000

This will be getting reported to all major airlines very soon. 
I'm just addressing the public first so they know what happened.