Bankrobber

1235

Comments

  • Idk how people aren't more upset about this box. The process of getting a shell is completely unreliable. Got a shell after repeating the same thing several times and it just finally worked. Then my shell crashed after about 3 minutes. Going back to get a shell again, doesn't work. even after several retries and waiting more than 10 minutes. It's just poorly implemented

  • edited February 9

    Totally stuck on initial foothold. I used dirbuster, found some juicy js-files, but they require user access. I did create a user and used burp proxy with coin transfer and user creation/login to fuzz with the parameters, but have no idea how to enumerate for the user credentials. Could only check other users coin balance with cookie editing. Any help/hint/nudge is much appreciated as this is really frustrating!

    Hack The Box

  • Though the instability / unpredictability can prove to be quite a hurdle this is a very fun and satisfying box in the end. The extra points for it being rated 'insane' are definitely a bonus 😋

    PM is open for nudges!

    ~~~~~
    Hack The Box
    Don't forget that +respect button if I helped you!

  • I am struggling to work out how to approach this. I have done lots of enumeration but not sure if the potential HTTP method that shouldn't be available is something that I have to use to get a username or something that you eat.

  • Wow! Now that was fun. Tu for a very challenging box @Gioo & @Cneeliz. Cheers to @chvancooten for the couple of nudges to get me focused and back on track.

  • Ok. The idea was awsome! Sadly it was quite buggy.

    If you are confident that your payload should work, try it again several times.

    Blaudoom
    Discord: Blaudoom#1254

  • edited February 14

    Loved this box and very recommended for every OSCP student. The idea that it's like breaking into a bank is awesome

  • I'm having a rough time putting all the pieces together to gain initial foothold. Found vulnerabilities in a few different places where I can read files. Found another that lets me "execute" files when something happens. Not sure how to go about using what I have to do anything with b***********.**p and none of my usual tricks on these vulns want to work due to what I believe to be no write permissions.

    Any nudge here or in private is appreciated.

  • And, rooted. Public appreciation once more to @bumika and @g3of0xx for guiding me through this.

    emilkloeden

  • so.... because this box are not running as expect i will let then and start to another box, tried to create a user with random usernames and passwords and its not possible, reset already on luck.... hope the creators taken a look on it.

    there is no place like 127.0.0.1
  • Hi,
    I explored this machine for a while (Last two days). I checked several things starting, as usual, what is open and what is close. For each open I discard, for the moment, most of the "opens" and I dig a lot with one of them. Basically playing with money and figure out how to leverage this. So, if anyone could give some nudges I will appreciate. I am still a noob and my immagination is still place me in hole rabbits. I just need an idea to explore. Unfortunately I can explain my findings here to avoid an spoiler. Thanks guys.

  • Finally root! I had a lot of fun and learned a lot, thanks @Gioo & @Cneeliz!
  • I am having an issue with b************.**p

    Please DM for any nudges

  • I'm stuck with the initial foothold.

    Looking at the message when submitting the form after logging in as a user, I guess there is a vuln that can exploit the admin's browser, but no vuln is found yet.

  • Type your comment> @pinkyghost said:

    I'm stuck with the initial foothold.

    Looking at the message when submitting the form after logging in as a user, I guess there is a vuln that can exploit the admin's browser, but no vuln is found yet.

    I am on the same stage. I tested many things. Even stupid ones. Now, I am evaluating one possibility pointed by some users. But I need to learn a bit. It is something new for me. But for the moment, what I read give some ideas and where to focus. The main idea, usually, is modify the normal behaviour. Easy to say :tired_face:

  • Rooted.

    There was nothing wrong with what I was doing. The reaction was slower and unstable than I had imagined when reading this forum, so I didn't realize I was on the right path.

    The initial foothold does not require complex skills. All you need is patience. If something goes wrong, be patient and keep on the right path.
    Or you may need to reset.

  • Well, after one week tring several things and getting some interesting nudges I got access to the account with ****.tx*.

    I exploring it using s*** function and b******* function. From the GUI and directly using bu***. Unsuccesful. I tried to switch to other ennumeration methods using the credentials I found here but again unsuccesful. I dont' think it is about ip spoofing. But if someone could give a clue, I will appreciate it. Did I forgot any step? Maybe the text information is an important clue?

    thank you

  • I have the same problem as you. Only other balances can be enumerated after user login is created. Don't know how to proceed, have you bypassed? Ask for hints. Just want you to give me a hint?

  • Been stuck on the ::1 for hours now, tried changing origin etc with burp but to no avail. Any nudges on how to proceed are welcome!

    Hack The Box

  • edited March 1

    this box is not stable. x** doesn't always get triggered, user shell disconnects without any reason, b****2.e dies while trying to exploit and it wont recover so you have to reset and wait for x again... I felt like i was doing a side quest in a game.

    Edit: also there is a chance that you can get an error page with my**l password visible if you are fast enough after reset.

    badge

  • edited March 2

    I am stuck with getting shell. any help please DM. I got to the a**** page and try x**. sometimes I get responses and sometimes not.

  • Got response from the box twice this morning in a 5 minute period. Been trying with the same method since and not getting any response at all. Machine has been reset. Seemed to work for a short period yesterday evening too. Very frustrating to make progress when there is no consistency in response times.

  • This is the first box I solved, thank you all.

  • Rooted ... very nice machine. Machine is stable in contrast to what others say. Yes, the exe will crash if you put in too much, and yes you will have to reboot. Big deal, it's your own fault and then you immediately know what to do (almost real live) ;-) And yes it takes about a minute before the event in your X.. is kicked off. Take some coffee and setup your second listner, create your msfv... e.. and your smbse.... in the mean time. This machine would not look out of place in the OSCP lab as a hard machine. Lot's of fun....Well done (goed gedaan) @Gioo & @Cneeliz!

  • edited March 4
    .
  • Type your comment> @HESL said:

    This machine would not look out of place in the OSCP lab as a hard machine.

    The foothold is literally in the PWK course :)

  • Type your comment> @HESL said:

    Rooted ... very nice machine. Machine is stable in contrast to what others say. Yes, the exe will crash if you put in too much, and yes you will have to reboot. Big deal, it's your own fault and then you immediately know what to do (almost real live) ;-) And yes it takes about a minute before the event in your X.. is kicked off. Take some coffee and setup your second listner, create your msfv... e.. and your smbse.... in the mean time. This machine would not look out of place in the OSCP lab as a hard machine. Lot's of fun....Well done (goed gedaan) @Gioo & @Cneeliz!

    And what happens if someone left the machine with that exe crashed and you find it at that state? I will tell you what, hours of enumeration without finding anything before you finally decide to reset.

    I know it is my fault to crash it but my point was it should recover.

    badge

  • Can someone give me a push in the right direction? on the s**** i could read the sourcecodes of all the h files in the webroot and checked the source of the b*************.

    I changed what ever i (think) i can in the requests and for the love of god i can't get it to do what i want.. Am i on the right track ?

  • edited March 6

    Type your comment> @onurshin said:

    Type your comment> @HESL said:

    Rooted ... very nice machine. Machine is stable in contrast to what others say. Yes, the exe will crash if you put in too much, and yes you will have to reboot. Big deal, it's your own fault and then you immediately know what to do (almost real live) ;-) And yes it takes about a minute before the event in your X.. is kicked off. Take some coffee and setup your second listner, create your msfv... e.. and your smbse.... in the mean time. This machine would not look out of place in the OSCP lab as a hard machine. Lot's of fun....Well done (goed gedaan) @Gioo & @Cneeliz!

    And what happens if someone left the machine with that exe crashed and you find it at that state? I will tell you what, hours of enumeration without finding anything before you finally decide to reset.

    I know it is my fault to crash it but my point was it should recover.

    I guess it try to show possible real scenario where some app are not well designed. You can call to the company and tell them: Hey dudes, I am trying to hack you and your fucking exe is hang. please could you inform your developer to do better his job. I am an important hacker and I cannot waste time with this kind of issues :D :D #joke.

    I also experienced this many times. Breath.

Sign In to comment.