Hack The Box : Bank

Bank write-up

This is another old BOX.

I have been having troubles with gobuster to find directories of website.

You need a good wordlist to have a better result.

When wordlist is long, greater the chance we find more directories, but it takes loooong time.

I have been using kali linux default wordlist, but not happy with the result.

So I decided to update wordlist.

For this BOX, I used a new wordlist from seclists that was newly installed.

You need a good wordlist to get this flag.

LinEnum.sh is powerful tool to find vulnerabilities on linux.

$ ls /usr/share/seclists
Discovery  Fuzzing  IOCs  Miscellaneous  Passwords  Pattern-Matching  Payloads  README.md  Usernames  Web-Shells

ls /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
ls /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt

Hack the Box, Bank

need a good wordlist for gobuster (or other similar app) to find a certain directory!00:05 nmap00:16 check BIND s...

www.youtube.com

References

seclists | Kali Linux Tools

SecLists Usage Examples root@kali:~# ls -lh /usr/share/seclists/ total 40K drwxr-xr-x 6 root root 4.0K Mar 23 09:56 Discovery drwxr-xr-x 3 root root 4.0K Mar 23...

www.kali.org

https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh

github.com