loading...
loading...

Bicodev team was able to Exploit Bank website

We were able to explore the. We will keep trying because they said they can’t hire us since we don’t have a degree.

Hi, our team is Bicodev. Thank you so much for staying with us. We hope you remember that last time we wrote an article about how we bypassed bank security.

We will continue this mission until we can achieve recognition because we are tired of the limitations we face. Last night, we conducted another scan and successfully found some other information.

We keep asking the bank about the development at Target and all the banks in our country regarding securities, and we will not mention any of the names. We all know that banks are sensitive areas, and every attack can disturb many things.

We have uploaded a complete article about the banking system and how the Axis banking system works. For this purpose, we used several tools and our return script.

How do we know the bank has an active firewall? We detected that on the first point while using Nuclei. When we scanned the bank’s website through Nuclei, we realized they were using F5 equipment. If you don’t know about F5 equipment, it is used in Cisco and CCNA routers. It works as a load balancer in many places and is installed inside the firewall. The firewall is also configured.

Because we were using the Windows operating system, we had many limitations. We decided to use available online resources and some of our own.

Thanks to some penetration testing tools:

  • Wpscan
  • Fuzz
  • Shodan (if you have the key)
  • Dnsdumpster
  • Nuclei

What was the output

  1. The team identified the database was Oracle Access Manager
  2. All the directory was open of bank application
  3. A leading portal where users login login.example.com
  4. Multiple Xss (Cross site script) were in the website portal