aperfectcircle1

Wireless Registers?

18 posts in this topic

if you're talking about POS (point of sale) systems common in stores & restaurants, all the ones i've seen are windows, and simply run a POS program on them that does all the hard work behind making a purchase. if you want to look at them, i'd recommend finding some way into the network and scanning them to see what kind of network services they're running. from there and some screensurfing you might be able to find out what POS they're using and research that.

1

Share this post


Link to post
Share on other sites

if you're talking about POS (point of sale) systems common in stores & restaurants, all the ones i've seen are windows, and simply run a POS program on them that does all the hard work behind making a purchase. if you want to look at them, i'd recommend finding some way into the network and scanning them to see what kind of network services they're running. from there and some screensurfing you might be able to find out what POS they're using and research that.

oooo thx :D in order to extract information, would you use a sniffer or try to establish a shell in the system? I heard you cant sniff WPA/WPA2 traffic in monitor mode because of client keys :S

0

Share this post


Link to post
Share on other sites

if you're talking about POS (point of sale) systems common in stores & restaurants, all the ones i've seen are windows, and simply run a POS program on them that does all the hard work behind making a purchase. if you want to look at them, i'd recommend finding some way into the network and scanning them to see what kind of network services they're running. from there and some screensurfing you might be able to find out what POS they're using and research that.

oooo thx :D in order to extract information, would you use a sniffer or try to establish a shell in the system? I heard you cant sniff WPA/WPA2 traffic in monitor mode because of client keys :S

Whether or not you would use a sniffer or get a shell on the system is really dependent. Sniffing the traffic will probably be a lot easier and if it gives you all the information you're looking for then that is great. Getting a shell on the system would be a lot harder because you need to find some vulnerability that lets you exploit your way on to the system. If you need control of the system to achieve your ends, a sniffer really isn't going to do much for you (unless you can sniff a username and password for the system).

Even though you mightn't be able to passively sniff in monitor mode, that doesn't mean that all is lost. There still might be ways to sniff the traffic such as ARP poisoning (or if you're feeling adventurous, a physical tap).

1

Share this post


Link to post
Share on other sites

Most run Windows POS (Point of Sale) or Windows Piece Of Shit as its commonly known to anyone that has had the unpleasantness of working with it. Some also use Windows XP for embedded systems. Traffic is run through a VPN.

Edited by m3747r0n
1

Share this post


Link to post
Share on other sites

Most run Windows POS (Point of Sale) or Windows Piece Of Shit as its commonly known to anyone that has had the unpleasantness of working with it. Some also use Windows XP for embedded systems. Traffic is run through a VPN.

so if I were to try to intercept and unencrypt traffic... what would one do :o

0

Share this post


Link to post
Share on other sites

Most run Windows POS (Point of Sale) or Windows Piece Of Shit as its commonly known to anyone that has had the unpleasantness of working with it. Some also use Windows XP for embedded systems. Traffic is run through a VPN.

so if I were to try to intercept and unencrypt traffic... what would one do :o

You could look into vpn man in the middle attacks.

0

Share this post


Link to post
Share on other sites

In somewhere like walmart,there price scanners run windows CE and the scanner is a program that auto runs.If you unplug the price scanner and plug it back in it will reboot.You could attempt to stop the program before it runs and then run something like Wireless Keyview from nirsoft.net to see the stored WPA key that goes to the walmart wireless network.Then you would have direct access to the walmart wireless network where all the POS systems send their traffic.

1

Share this post


Link to post
Share on other sites

In somewhere like walmart,there price scanners run windows CE and the scanner is a program that auto runs.If you unplug the price scanner and plug it back in it will reboot.You could attempt to stop the program before it runs and then run something like Wireless Keyview from nirsoft.net to see the stored WPA key that goes to the walmart wireless network.Then you would have direct access to the walmart wireless network where all the POS systems send their traffic.

Where is the sql database with payment information located?

0

Share this post


Link to post
Share on other sites

I'm not sure where the sql database is,but once your in the network you could just scan for open ports with nmap and investigate from there and you would probably get some of that info anyway by running a man in the middle attack.

0

Share this post


Link to post
Share on other sites

In somewhere like walmart,there price scanners run windows CE and the scanner is a program that auto runs.If you unplug the price scanner and plug it back in it will reboot.You could attempt to stop the program before it runs and then run something like Wireless Keyview from nirsoft.net to see the stored WPA key that goes to the walmart wireless network.Then you would have direct access to the walmart wireless network where all the POS systems send their traffic.

Where is the sql database with payment information located?

maybe here: http://www.joplinglobe.com/local/x212015747/Wal-Marts-data-center-remains-mystery

0

Share this post


Link to post
Share on other sites

now that is some scary shit... and i thought that google was the one violating everyones privacy....

O_O

http://www.peopleofwalmart.com/ They would most likely just give you their data if you asked ;)

Edited by m3747r0n
1

Share this post


Link to post
Share on other sites

Yea,lulz,if you don't tell anyone about that picture of me on peopleofwalmart.com i'll break into walmart and steal their data. :rolleyes:

0

Share this post


Link to post
Share on other sites

what about using netcat to connect to a SQL port and executing SQL commands and injection. Like ms-sql 1433 1434. Im not sure of the syntax to use :( but maybe do like user: SA password: 1=1 >.>

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now