Hack a Bank | TryHackMe

Hacking your first machine.

Here we are going to hack a bank and have access as an Administrator. If successful, we should comfortably answer the questions in this room as well as transfer a couple of dollars from one of the bank user into our own bank account.

step 1.

We will use a command-line application called “GoBuster” to brute-force FakeBank’s website to find hidden directories and pages. GoBuster will take a list of potential page or directory names and tries accessing a website with each of them; if the page exists, it tells you

an overview of our bank balance before the hack

Navigate to the terminal and execute a command to view the hidden information using wordlist and try locating the sensitive information the bank does not want normal users to see

Looking at the information below the section /bank-transfer looks sensitive. Lets visit

In the command above, -u is used to state the website we're scanning, -w takes a list of words to iterate through to find hidden pages.

After visiting the fakebank.com/bank-transfer we are now inside the Admin portal.

lets go ahead and make a transfer of $2000 from the bank account 2276, to our account (account number 8881).

Enter the senders account, your account and the amount you are looking to tranfer

transfer is made succesfully

Conclusion

As a pentester, it is your duty to test for these vulnerabilities and finding hidden pages that could be potentially used against the bank.