HackTheBox - BankRobber

00:59 - Begin of nmap, discover XAMPP 05:51 - Running GoBuster while we poke at the website 06:30 - Registering an account then seeing what new functions are avaialble 08:10 - Attempting to transfer money and discovering XSS 10:00 - Basic Cross Site Scripting worked, check cookies to see HttpOnly is false then do a basic XSS to steal cookies 15:33 - Doing the OnError payload to steal administrative cookie 17:38 - Logging in as the administrative user, checking out the new pages. Search which is SQL Injectable and BackDoorChecker which can execute code from localhost 19:10 - Playing with the SQL Injection in Search, confirming it is union then sending it to SQLMap to dump the database 25:30 - Using SQL Injection to read the source code via LOAD_FILE in a Union Injection. 31:30 - Creating a XSS Payload that can send a Post Request (XMLHttpRequest) 40:45 - Reverse shell returned 46:20 - Manually poking around the box, discover port 910 is open but our nmap didn't show it 48:10 - Using Chisel to forward the port back to our box, and discover it's a telnet interace to perform transfers 52:20 - Using PwnTools to bruteforce the PIN Code on port 910 56:10 - Send it 100 A's to see if the program crashes, instead it executesa payload after 32 bytes 1:01:00 - Failing to run netcat froma UNC Path 1:08:26 - Running netcat from C:\ to get a reverse shell