Terminal in a savings bank
Of course, the security issue has been driven far and wide, 
therefore, such situations do not surprise me. So this post will be only a drop in the sea. On how to hack the terminal Savings Bank - under the cut!
I will tell you a story that happened to me today in a savings bank. The first time went to pay for a home phone through the terminal. Since apparently not very many people are doing this, there are only three people in the queue. Plus an employee of Sberbank, which shows everyone how to use the terminal. However, there are a lot of people in the office itself (most of the branches in our town are being repaired), so she runs around, trying to help different people. In front of me was a woman who had some problems with payment, the Sberbank employee went to solve the problem, and they let me go ahead. Since such a terminal was seen for the first time, I began to dig into the categories of payments, trying to find the right company that provides communication services. But after half a minute all the same aunt came up. I showed her the receipt, she replied that the payment could also not pass, so I decided to restart the terminal.
This is where the fun begins. She enters 138138138138 on the keyboard in the main menu, then presses input, a user number input window appears (enters a three-digit number), and the password ****** (there was a very simple password, familiar situation, didn't it?), Then I didn’t have time to get a good look at it, but there definitely was a shutdown of the terminal and a reboot (which she did). Surely there are more fun features.
It turned out that the terminal is running Windows XP, and restarts in 3-4 minutes, because after loading Windows, the console opens and several times the lines like “Waiting for 10000 msec” are displayed, and then the path to some exe-file.
Apparently, Sberbank does not care much about the security of its terminals :)
')
Edit: removed username and password, apparently, they are not in the same terminal
therefore, such situations do not surprise me. So this post will be only a drop in the sea. On how to hack the terminal Savings Bank - under the cut!I will tell you a story that happened to me today in a savings bank. The first time went to pay for a home phone through the terminal. Since apparently not very many people are doing this, there are only three people in the queue. Plus an employee of Sberbank, which shows everyone how to use the terminal. However, there are a lot of people in the office itself (most of the branches in our town are being repaired), so she runs around, trying to help different people. In front of me was a woman who had some problems with payment, the Sberbank employee went to solve the problem, and they let me go ahead. Since such a terminal was seen for the first time, I began to dig into the categories of payments, trying to find the right company that provides communication services. But after half a minute all the same aunt came up. I showed her the receipt, she replied that the payment could also not pass, so I decided to restart the terminal.
This is where the fun begins. She enters 138138138138 on the keyboard in the main menu, then presses input, a user number input window appears (enters a three-digit number), and the password ****** (there was a very simple password, familiar situation, didn't it?), Then I didn’t have time to get a good look at it, but there definitely was a shutdown of the terminal and a reboot (which she did). Surely there are more fun features.
It turned out that the terminal is running Windows XP, and restarts in 3-4 minutes, because after loading Windows, the console opens and several times the lines like “Waiting for 10000 msec” are displayed, and then the path to some exe-file.
Apparently, Sberbank does not care much about the security of its terminals :)
')
Edit: removed username and password, apparently, they are not in the same terminal
Source: https://habr.com/ru/post/99455/
All Articles