Having recently invested in a retail store, I had to go through the unenviable process of choosing a Point of Sale software. Doing this is NOT fun. The software is expensive, and if you don’t like it 6 months later its not exactly trivial to switch to another POS software. Once your inventory is loaded in, you really don’t want to have to switch.
Anyway I ended up choosing XSilva Lightspeed. For the most part we are very happy with it so far. The only thing I don’t like is that it doesn’t have a way to automatically email out reports. I’d like to see what kind of sales the store is doing on a daily basis. Since the whole thing is based on OpenBase/SQL, I figured it would be trivial to write some tools to generate and email my own reports. I did a quick search, and came to find out that XSilva keeps the database password a secret. Lame. Granted, I didn’t try to call their tech support and insist that I wanted it but it seems like from responses on their forum that they won’t give it up.
So here’s how to hack it:
On the machine that has Lightspeed and the server, fire up Lightspeed but don’t login. Open up a terminal, and I’m assuming you already have tcpdump installed.
/usr/sbin/tcpdump -i lo0 -s0 -c 1000 -x -w dump
Run that tcpdump, and then login to lightspeed. Once LS has logged in, you can Ctl-C the tcpdump.
Now use ngrep to pull out the login information from the dump file:
ngrep -wi "dbpassword" -I dump
The output of this looks like:
input: dump
match: ((^dbpassword\W)|(\Wdbpassword$)|(\Wdbpassword\W))
##################################
######################
#########################
T 127.0.0.1:56526 -> 127.0.0.1:20223 [AP]
….|dict|….action….call_register….usersAllowed….1000
….dblogin….lightspeed….dbpassword….adminXXXXX….userlogin….light
speed….hostName….192.168.3.180….databaseName.
…xsilva_db_217demo….softwareId….Lig
htSpeed:REALbasicCM….processId….0016CB08
4925_21777781….
########################
See the adminXXXXX? That’s the db admin password. I redacted the actual string. I’m HOPING that they actually use a random string for every LS install. I didn’t verify on another install that its different. If not, I don’t really want to publish the password for every LS SQL database. However, they are retards if they don’t use a random secret.
Now you can go nuts on the database.
Update: I’ve verified on 2 installs that the admin password for the SQL is the same. Lesson here: firewall off your POS or anyone can modify your store database.