IRLDOSSAYWHA? |
So this is why you just can't take me anywhere in public.
I get bored, stare at something electronic, and have this urge to see if I can break it. I call this, IRLDOS. At first glance, the term may remind you of "In Real Life Disk Operating System," which would send shivers down anyone's spine. Not to worry, as this is not the case. This is just a little fun down at the local Target store.
This is instead me trying to see if I can break it, and if I can, see what else I can do with it.
Clear and enter? Sounds like access control. |
You may notice the buttons on the side: 1-9, 0, Clear, and Enter.
For something that doesn't need the user to physically touch the device, that sure is a lot of buttons
Sure, Trent. |
So here you can see that there a four more buttons: A, B, C, D. No, I didn't remove the B.
Try not to look obvious. |
Holding down A and D at the same time gives you this, a password prompt.
All numbers AND letters. |
Oh look, all the buttons are used for password entry.
ERROR |
Three wrong guesses and it goes to this screen for a few seconds, and
then passes to the home screen. This might mean that it has a failed
login attempt list. This could mean that it has storage on the device,
or it phones home to a server.
Hint: You'd find more info on your target. No pun intended. |
Now what would happen if I put "uniComp" into the Google Machine?
It even tells me what terminal on the switch! |
I found this at another Target in the area.
NONE SHALL....oh ok...go ahead. |
It was well guarded by clothes.
I was able to confirm that the unit loses power when unplugging the
ethernet. Thus that suggests it is POE. The password? Well, I don't
know, I haven't actually tried Googling "uniComp" or
"uniComp+User+Manual" or "uniComp+Default+Password." Hell, social
engineering might work, try a general manager or something. Why not try
the store number?
Now who said you can't hack things when you are poor, use the world around you!
So... now what?
Well, this machine's behavior is much like that of a computer. Most of these devices are run by computers that are much like the one you are reading this on. They are connected in a network of computers that control other things too. Like the cash registers. (Don't do that)
So what if we hypothetically get the password right, we explore the device, learn to make it do my bidding (pop a shell, preferably as a super user, or as some default name like root, admin, or even a back door account with default password still being used like "UniComp") ((This kind of stuff really happens, but like I said, that's as far as I have explored above))
That being said here's a scenario:
This type of machine checks pricing. This means that it is database driven. It is highly possible that there is other data on the same database server, like: sales records specific to that store, sales records for that area, maybe even sales records for the entire chain of stores. How do I make these conclusions? Easy, these types of things are connected to inventory control databases, to check pricing and inventory. Even if i couldn't get to that data (due to a password I can't crack) I can still write my own program to analyze what is being bought, maybe even across their network. I can then use either pricing info (checking every conceivable item in the database), or maybe even access to how often they need to order back stock. You know those wireless things the store managers wield? Think of those as something else that queries the same database (or another possible attack vector). If you can get that info, you can get a pretty great idea of the kind of info competitors would want.
That little device right there, bought by the company to help customers could possibly be used for straight up corporate espionage. Nifty, eh? Don't you just love our technology driven world?
So... now what?
Well, this machine's behavior is much like that of a computer. Most of these devices are run by computers that are much like the one you are reading this on. They are connected in a network of computers that control other things too. Like the cash registers. (Don't do that)
So what if we hypothetically get the password right, we explore the device, learn to make it do my bidding (pop a shell, preferably as a super user, or as some default name like root, admin, or even a back door account with default password still being used like "UniComp") ((This kind of stuff really happens, but like I said, that's as far as I have explored above))
That being said here's a scenario:
This type of machine checks pricing. This means that it is database driven. It is highly possible that there is other data on the same database server, like: sales records specific to that store, sales records for that area, maybe even sales records for the entire chain of stores. How do I make these conclusions? Easy, these types of things are connected to inventory control databases, to check pricing and inventory. Even if i couldn't get to that data (due to a password I can't crack) I can still write my own program to analyze what is being bought, maybe even across their network. I can then use either pricing info (checking every conceivable item in the database), or maybe even access to how often they need to order back stock. You know those wireless things the store managers wield? Think of those as something else that queries the same database (or another possible attack vector). If you can get that info, you can get a pretty great idea of the kind of info competitors would want.
That little device right there, bought by the company to help customers could possibly be used for straight up corporate espionage. Nifty, eh? Don't you just love our technology driven world?
I'm guessing that password would be fairly easy to crack. Probably the store number or something. Unless they have IT guys like us. :D
ReplyDeleteI want to break things......Break, Crack, crunch, snap.....oh wait.....Hack, yeah that's the one.
ReplyDeletehttp://www.ebay.com/itm/Unicomp-PCT2-Price-Verification-Terminal-with-One-Year-Warranty-/151012608164
ReplyDeletehttp://geekhack.org/index.php?topic=10985.0
http://www.barcodemuseum.com/UniComp/SpecSheets/unicomppct2.pdf
ReplyDeleteDefault Password is “DDBAC”
ReplyDelete