Bank write-up
This is another old BOX.
I have been having troubles with gobuster to find directories of website.
You need a good wordlist to have a better result.
When wordlist is long, greater the chance we find more directories, but it takes loooong time.
I have been using kali linux default wordlist, but not happy with the result.
So I decided to update wordlist.
For this BOX, I used a new wordlist from seclists that was newly installed.
You need a good wordlist to get this flag.
LinEnum.sh is powerful tool to find vulnerabilities on linux.
$ ls /usr/share/seclists
Discovery Fuzzing IOCs Miscellaneous Passwords Pattern-Matching Payloads README.md Usernames Web-Shells
ls /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
ls /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt
References
seclists | Kali Linux Tools
SecLists Usage Examples root@kali:~# ls -lh /usr/share/seclists/ total 40K drwxr-xr-x 6 root root 4.0K Mar 23 09:56 Discovery drwxr-xr-x 3 root root 4.0K Mar 23...
https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh