HackTheBox - BankRobber


00:59 - Begin of nmap, discover XAMPP
05:51 - Running GoBuster while we poke at the website
06:30 - Registering an account then seeing what new functions are avaialble
08:10 - Attempting to transfer money and discovering XSS
10:00 - Basic Cross Site Scripting worked, check cookies to see HttpOnly is false then do a basic XSS to steal cookies
15:33 - Doing the OnError payload to steal administrative cookie
17:38 - Logging in as the administrative user, checking out the new pages. Search which is SQL Injectable and BackDoorChecker which can execute code from localhost
19:10 - Playing with the SQL Injection in Search, confirming it is union then sending it to SQLMap to dump the database
25:30 - Using SQL Injection to read the source code via LOAD_FILE in a Union Injection.
31:30 - Creating a XSS Payload that can send a Post Request (XMLHttpRequest)
40:45 - Reverse shell returned
46:20 - Manually poking around the box, discover port 910 is open but our nmap didn't show it
48:10 - Using Chisel to forward the port back to our box, and discover it's a telnet interace to perform transfers
52:20 - Using PwnTools to bruteforce the PIN Code on port 910
56:10 - Send it 100 A's to see if the program crashes, instead it executesa payload after 32 bytes
1:01:00 - Failing to run netcat froma UNC Path
1:08:26 - Running netcat from C:\ to get a reverse shell

HackTheBox - BankRobber HackTheBox - BankRobber Reviewed by Anonymous on March 07, 2020 Rating: 5