Bank Video by IppSec

Going to start posting links to my videos on the forums. For the ones that I do, I’ll also index the video to make it easier for people to see what methods i used.

Index (Go to the YT Page if you want times to be links):
00:39 - Nmap Results
01:15 - DNS Enumeration
04:08 - HTTP VirtualHost Routing
05:28 - DirSearch (Web Enumeration)
08:50 - HTTP Redirect Vulnerability
13:23 - PW in Balance-Transfer
18:00 - File Upload, WebShell
21:48 - First Shell
30:10 - First Privesc Method (SUID)
31:38 - Second Privesc Method (passwd)

Always a treat … thanks again Ipp

Great video as always. :smiley:

I am big fan of ippsec. I watchd just 2 videos but really very informative. IPPSEC sir can you please show me path like you learned. Well by the way i have one question how you know we have to use cronos.htb instead of ip address. I am bit stuck here. Now i am practicing on Bank machine without watching solution so that i check my skill

@CodeNinja said:
sir can you please show me path like you learned.

Not sure what you mean by this. Most of these boxes didn’t take much time as they are similar to things I’ve done in the past. Unfortunately, I only remember attack paths and not where I learned it.

If you get lost, I would recommend starting from the first HackTheBox machine I uploaded (Popcorn) and working your way through. As the first time I explain something, I try to be much more thorough. If I went in depth every topic every video, I don’t think it would be as enjoyable for the experienced/recurring viewer.

cronos.htb instead of ip address

Assuming you mean bank.htb - This is what I was talking about when I said unfortunately it’s just one of those things that you need to guess.

If you meant CronOS.htb, that attack path from DNS didn’t require guessing. You do a DNS request for the boxes IP against the box and it returns cronos.htb. Then you do a ZoneTransfer using Cronos.HTB to get subdomains.

After understanding dns enumeration part i got bank.htb and opened it. i also used dirbuster and got many links like index.php but all are redirecting to login.php so i used noredirect addon and i saw plain index.php,support.php i also saw a commaned in support.php which had .htb extension so i rename my shell to .htb and uploaded now i don’t know get path to execute my shell. I saw /uploads but that showing forbidden message. Now how i get my shell ?

Nice video … keep going !

That horizontal terminal split. Bravo sir

This… This helped me see some things I have not seen before. Please keep making these! Great job!