Beta Bank and Beta Fast

GUI

Using Snoop, you can see that the admin functionality is currently disabled. Quick click of the mouse changes this.

We now have access to the admin GUI functions, however, the app would need to lack authorisation checks for it to be a vulnerability.

The checkout price is also confirmed client side, meaning it can be edited with Snoop.

Viewing the traffic in Wireshark when registering a user. The password is encryped, but the rest of the traffic is not.

Digging into the traffic more shows the user GUID aka sessionID is viewable.

When trying to withdraw money from BetaBank, the 'withdraw' button is disbaled. Snoop to the resuce again.

Attempt to withdraw some money and capture the traffic with EchoMirage.

You can edit the SQL statement , but cannot change the length of the packet. Make sure to comment the rest of the SQL statement out.

We now have a list of all the users and their encrypted passwords.

Set a filter in Procmon and then carry out the functions in the application.

Using the remember me function.

Observe the registry keys that were created.

Although, these registry keys are somewhat locked down.

Saving payment details.

File with the card details is created and everyone can read the file. Details are also sotred in plaintext.

Checking PE security

Connection string viewable in config file.

Hardcoded password.

Hardcoded key.

Create a memory dump to check for any active credentials in memory.

Last updated 1 year ago