Bankrobber

Pretty good box, but the initial access using the web app is often unresponsive or even takes longer than the stated timeframe

Wasted a lot of time on root because of this:

Hint for root: Once you see the odd thing, forward everything to you. It’s enough to interact with that, no need to see the code.

Hope that helps :slight_smile:

Thank you for the box, she is great. Rooted ! :slight_smile:

Type your comment> @0xskywalker said:

Pretty good box, but the initial access using the web app is often unresponsive or even takes longer than the stated timeframe

+1. Wasted a lot of time because of this. It’s completely unresponsive at the time of writing. My payload worked only 1 time out of 20. And I’m on VIP.

Edit: NVM, I reset the box and got it.

Stuck on the initial foothold. nothing seems to work. i waited , tried different things but still nothing. any hints please?

Rooted ! was very very nice box !!

pretty bad box so far :slight_smile:

NOT INSANE…

This box at initial step is sooo slooooooow. Sometimes even restart didint help. Some tips for players: client side, enumerate, bruteforce and half of “answer to life the universe and everything” :wink:
If you have a problem with init/user/admin just PM’me. I will try help you :wink:

Never mind… I’m just an idiot about being consistent with URLs… /eyeroll

@Kucharskov @1c4re1337 thanks for all the help :+1:

I am chaining vulns for foothold, i can see what can be used for getting shell, but my script not working as i expect.
Edit: if you trying to write your own stuff from the beginning and it is not working, consider using existing things on machine. (not regarding payload, more for vuln structure)
Machine is a bit lagi, so check your testing payloads with already working alongside with them.

PM for hints
kareem

Possible that that box is a lil unstable? Figured out how to basic test a response via a normal user. that worked for few attempts. then stopped. after reset not better.

I found a vulnerability in a point but I cannot exploit it maybe because unstable box. I need some indication

Can someone PM me, I need a nudge on the initial shell. I have the RCE through x** vuln, but can’t seem to get anything working for a shell…

What to do at first? I am stuck for 2 hour thinking what to do. Nmap doesnt show ports and directory enumeration are slow.

Type your comment> @jayjay25 said:

Can someone PM me, I need a nudge on the initial shell. I have the RCE through x** vuln, but can’t seem to get anything working for a shell…
you don’t need a shell YET, try to grab something you could EAT, then use it for something you’ve already been there

Is am writing script to interact in internal service used python and bash scripts to do it, but they both failed. Help?
EDIT: If you writing script with sockets or call and it is not working - consider using telnetlib, simple and efficient.

I used python and it worked just fine.

The box is easy but very unstable as some have pointed out. Wasted a lot of hours during the initial step even though I was on the right path.