Monday, June 18, 2012

Major Airlines - HACKED


 Hello, world.


Major Airlines are affected by a major exploit. Among those affected include:


American Airlines
United Airlines
Vietnam Airlines
Sabre Airlines


Here's what I have access to:


=>Internal Access to both airports.
=>Booking Flights, Ticketing Info, Hotel Booking, etc.
=>Card Swaps.
=>Employee Info, etc
=>Flight Info, Passenger info, etc.
=>Multiple vulnerabilities among the software they're running.


The vulnerability was simple. Amongst those vulnerable, all were exploited. How did I do this? Simple:


=> We found an exploit which enabled the right for us to download all the attachments on the site.
=> Amongst the things we found was an Application system used for the Airports.
=> We tested the software for vulnerabilities.
=> Pew! We got past the Employee-Log in.


Furthermore, the piece of software was mildly outdated. I setup a file to pull any file it can get to. I got some coffee and came back. It pulled tons of information. I found this important to an extent as nobody else has ever been there.




I couldn't do much in the beginning as everything was local. I then got access to a configuration system which mildly accepted the file type, ".properties" - I found around four files pertaining to it, these being: editor.properties, pm.properties, qik.properties, and taconfig.properties. I had the ability to switch the key system from !local to !remote. Meaning, I could have logged card swaps, passenger info, and much, much more.


Insight:

Protocol: DNS
=> hsspconfig.sabre.com
=> ACCESS.SABRE.COM
=======================
151.193.141.254:54483
American Airlines (h00lyshit)
taconfig.key = XSTBCKA001
=======================
Host Name - sabre:hssup:uii_host
Line IATA: 000000
Pool Name: VNOCCNBA
=======================

This will be getting reported to all major airlines very soon. 
I'm just addressing the public first so they know what happened.