UnSAFE Bank is a virtual banking suite designed to integrate cybersecurity risks and various testing techniques.
It is designed for developers and security analysts to learn, distinguish and evaluate vulnerabilities by doing penetration testing in web applications, Android and iOS.
This version of the application is only available for iOS devices. An application upgrade that will support Android devices and Web applications will follow shortly
Features of the application
The application currently supports the following features:
- Transfer of funds
- Account information
- Registration and promotion of beneficiaries
Note: New ones possibilities and integration of new vulnerabilities we will have in the future
Vulnerability Coverage
Intentionally or not, they have added a wide range of vulnerabilities, ranging from low-risk to high-risk vulnerabilities.
Setting up the application
Prerequisites:
- Installing it git in our system.
- Installing it docker-compose in our system.
- We must not run any other services on port 80 of our machine.
- Requires Android or iOS phone for penetration testing.
Server setup
- We open a terminal and give the following command git clone https://github.com/lucideus-repo/UnSAFE_Bank.git
- Go to the UnSAFE_Bank / Backend directory with the cd command UnSAFE_Bank / Backend
- We start the docker service by typing sudo service docker start
- We start the docker operations with the docker-compose up -d command
Application installation iOS
- Download and install it Cydia Impactor in our system.
- Connect the iPhone to our system and open the Cydia Impactor.
- We go to the list / iOS.
- Drag and drop it UnSAFE Bank.ipa our file in Cydia Impactor.
- Follow the steps shown by Cydia Impactor until we complete the installation.
- Our application is ready to use.
Note: You can use other methods to install the app on iOS, whichever way suits you.
Connectivity status test
- We are sure that iPhone and our system are connected to the same network.
- We check her address IP of our system as well as the port you are running on (Port 80).
- Open the iOS Application and give our login details in the upper left to enter the application.
- If all goes well, it will display the message on the iPhone that says "You are connected successfully".
- If we get an error message, then we need to check if our application is working properly and if we have entered the valid address and the correct port.
Login Credentials
Customer ID and password are required to login to the app. You can always register as a newbie user.
Upon successful registration:
- You will be given the customer ID that corresponds to your account. Always note your customer ID and keep it SAFE for further use.
- Virtual PIIs and your account information will be generated automatically.
- Default beneficiaries will be added to your account automatically.
- Virtual money ranging from 1 to 5 million will be added to your account
Existing user accounts
The following data can be used to perform actions such as adding a beneficiary, transferring money, etc.
| Account Holder | Account number | IFSC code |
|---|---|---|
| Vipul Malhotra | 003558008876 | IFSC00009 |
| Kevin Winkel | 270365500638 | IFSC00009 |
| Kelly campbell | 533074805951 | IFSC00010 |
| Krystal Langworth | 731258783797 | IFSC00006 |
| Margarita Mann | 359502423130 | IFSC00010 |
| David Mahabir | 795554898923 | IFSC00002 |
| Boris Gerhold | 485064210112 | IFSC00006 |
| Nathaniel Runolfsson | 518569490010 | IFSC00003 |
| Yvette Cooper | 841478410516 | IFSC00007 |
| Orion Glover | 001498029143 | IFSC00003 |
