Hack the Box (HTB) Machines Walkthrough Series — Bank

Continuing with our series on the Hack the Box (HTB) machines, this article contains the walkthrough of another HTB machine. This one is named “Bank.”

HTB is an excellent platform that hosts machines belonging to multiple OSes. It also hosts some other challenges as well. Individuals have to solve the puzzle (simple enumeration and pentest) in order to log into the platform so you can download the VPN pack to connect to the machines hosted on the HTB platform.

Note: Only writeups of retired HTB machines are allowed. The machine in this article, known as “Bank,” is retired.

Let’s start with this machine.

1. Download the VPN pack for the individual user and use the guidelines to log into the HTB VPN.

2. The Bank machine IP is 10.10.10.29.

3. We will adopt the same methodology of performing penetration testing. Let’s start with enumeration in order to gain as much information for the machine as possible.

4. Below is the output of the nmap scan. As we can see, there are lot of ports opened on this machine, including port 22, 80 and 53. Note that DNS is listening on TCP port 53, so Zone transfer is also possible.
<<nmap -sC -sV -oA nmap 10.10.10.29 >>

5. We’ll start with port 80 enumeration. However, it just points to a standard apache page installation. It looks like that for further enumeration on port 80, it needs a hostname. At this point, the hostname had to be guessed for this machine; this turns out to be bank.htb. This follows the standard convention of HTB machines of the format <machinename>.htb.   

        

6. In order to resolve it, let’s add the entry in /etc/hosts. The screenshot below depicts the same thing.

7. And it (Read more...)