Bankrobber

I am onto root, I can see the odd process, but i canā€™t execute it, download it or dump it. Is there some other way to interact with it, that iā€™m missing?

Edit: Found what to do with it (thanks to @keyos1 ), but i canā€™t forward anything to me, as some have suggested in the post. Any nudges?

rooted! did not enjoy it as other Windows boxes! message me if you need help

On average, how much did you guys wait for the initial foothold to trigger?
Iā€™m havinā€™ trouble triggering just the expected behaviour from the applicationā€¦

I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.

Type your comment> @shah316 said:

I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.

Google:
nishang
powershell reverseshell ippsec

Rooted.

I spent far too much time on Priv Esc due to a missing character white space character in my script, assumed it didnt work and went back into enumeration phase :frowning:

My hint for rooting is that after you find the thing to exploit, take the instructions it gives you literally ā€¦ its not a riddle.

I think also, I took a non standard path to user as I did not need to use ā€œb**************.**pā€ to get the reverse shell.

Thanks @gioo & @cneeliz

Type your comment> @tang0 said:

Type your comment> @shah316 said:

I can get a ping back. No other command executes, trying to encode the commands but having difficulty in encoding all those quotes in a reverse shell. Any advise.

Google:
nishang
powershell reverseshell ippsec

Thanks got user.

Ohā€¦ @#($*& ā€¦ FINALLY! Root. Cripes. įƒš(ą² ē›Šą² įƒš)

Learned a lot and finally rooted.

This was an absolute challenge for my skills, and sometimes beyond. Thank you for the nudges to @Adam2019 and @kareem. Thank you to @gioo and cneeliz; very nice work!

The slight instability of the box is - somehow - reflecting a real life situation. You are sending a payload and nothing happens. Is it a mistake in the payload or the wrong payload at all ā€¦ or do you have to calm down and wait a bit.

Am stucked in root. need hint please

i understand what the creator is trying to emphasize in bankrobber and also how the attack works, but it is not normal, that you have to wait for the payload to come or not come back for so long timeā€¦ I am giving up on this, same payload is not returning anything even it did previous day :smiley: I am talking about the backd******** script. Sorry really frustrating, it is bingo or lottery.

Type your comment> @baubau said:

i understand what the creator is trying to emphasize in bankrobber and also how the attack works, but it is not normal, that you have to wait for the payload to come or not come back for so long timeā€¦ I am giving up on this, same payload is not returning anything even it did previous day :smiley: I am talking about the backd******** script. Sorry really frustrating, it is bingo or lottery.

I agree, I think the initial part should be patched - borderline unplayable even after revert.

iā€™m in the initial foothold and the box isnā€™t sending to me the data i wantā€¦ anyone to talk about?

If anyone want to hint me too please DM. I can get files onto the box, just canā€™t world out how to make them execute.

Sadly, I quote all complains regarding the client-side. Please next time allow at least to write into outfile (letā€™s say I am an user and I escalate to root > now I can into outfile) so I can run my rce without waiting fourinfinite ....... minutes.

/edit
I think also, I took a non standard path to user as I did not need to use "b**************.**p" to get the reverse shell.

ā– ā– ā– ā– ā– ā–  ā– ā– ā– ā–  I fell like a noob againā€¦

Got Root ā€¦ Good box !!

Excellent box I really enjoyed.

My Hints

User: enumerate application and fuzze the forms. You will find some useful things. Capture creds and then try to modify the attack and get more softistcations to get a shell

Root: Enumerate as usual and try to exploit the bank.

This machine remember me the OSCP. Awesome

Iā€™m in as user. Anyone for hints about privesc?

Can someone PM me for a nudgeā€¦ Ive found a few vulns for user but the exploit I have crafted doesnā€™t seem to be working. Cheers

root: Please tell me that itā€™s brute, not RE with bankā€¦exe
rooted
buggy, laggy, but still AWESOME machine. Thanks @Gioo!