Wells Fargo – Online Banking Authentication Weakness / “Feature”

Try as I might to contact Wells Fargo regarding an almighty issue of issues regarding their authentication logic.

Probably equally secure

So let’s say your password that you set purposely to “SuperDuperPassword” or better yet your actual password if you use Wells Fargo you can try this at home. Back to the monologue; so you want a secure password for your account? Who wouldn’t? So you add lower cases and upper case into the mix. Try to make your password all sexy and shit right?

 

Now imagine this, none of the complexity that you created means anything. Login to your account with all upper case, lower case or mixed case it doesn’t matter.

Click here to Read More

New Forum!

So I have been for the life of me been trying to introduce a way to get this group of individual hackers to grow into a community. Well, look no farther friend!

Plus! Just like this website, https://forums.thegh0stship.com is always utilizing HTTPS with a Trusted Root CA

(Cough, it wasn’t that hard for me to do it, why can’t some of my clients?)

 

Happy HTTPS Everywhere + Only Day!

Well, I finally tackled the whole HTTPS SSL Certificate thing and boy did I mess up the first go around 😀

Accidentally purchased and generated a SSL certificate for the wrong domain name and didn’t even realize until I went to go assign it and it’s screaming at me about name mismatch.

Welp, moment of discovery… a while later… Finally got the other certificate revoked and removed, got the new cert in place and enabled some fancy browser side security headers (not a challenge to break please).

Anyways, I’ll be posting another post here in a minute announcing a new forum I’ve setup for folks.

Meltdown Write-up (Old News)

This is a write up I did, after reading the white paper and investigating the workings of speculative execution. I was genuinely interested in how it all played out and how this seems like the year for exploits and vulns.

I’m legitimately wondering if this ever did get weaponized yet. I’ve often thought about trying to implement it with BEeF as a post module of sorts as a JavaScript payload.

Also take note, that I really didn’t have the energy to try to read through Spectre even though its probably the worst one.

A non-technical synopsis of the microprocessor and kernel flaws.
Meltdown (CVE-2017-5754)

Read More

 

Welcome!

Welcome to the new domain for anything any everything unrelated to what you were probably looking for.

Lets go explore this rotting mess we call the internet on our trusty Gh0stship =J

 

The Evil SVG Project

The Evil SVG Project

The purpose of this article is to provide a repeatable means to performing cross-site scripting attacks via a SVG file. SVG, otherwise known as “scalable vector graphics” in which a XML document used to build an image.


The above code generates the following image:

However, by introducing JavaScript or HTML within the SVG, it is possible to in effect store XSS payloads that execute whenever the SVG is loaded into the page’s dynamic content.

However, let’s tweak it to add in some JavaScript and officially “weaponized” the SVG.

Which after loading the SVG within a browser results in XSS.

 

By simply adding a pair of script tags, an attacker can include any JavaScript functions, actions or even in a worst-case scenario remotely include a JavaScript file whenever the SVG is loaded.

In our case, we are using BeEF (Browser Exploitation Framework) to attack users of an application by including the BeEF JavaScript file within the page allows attackers to carry out attacks and get Beef Shells all from this SVG.

Take for example the following code:

With all of this in mind, seriously consider limiting or blocking SVGs from being uploaded. More often than not, developers have overlooked SVG as a potential threat vector and allow profile picture upload of malicious SVG files.

Additionally, if you are familiar with XXE attacks, this can also be used for that attack vector in some circumstances. If you aren’t already scanning uploads regardless of their extension or mime type, it might be time to change that.

Long story short, if you can pop XSS within a SVG you can do pretty much anything up to and including store malicious JS, malicious XML or malicious HTML in-line.