Home on zer0arc4

Bank

Tue, 09 Jun 2026 21:10:28 +0530

VulNyx – BANK Writeup

🎯 Target Information

Platform: VulNyx.com
Machine Name: BANK
Key Vulnerabilities:
- SMB Anonymous Share Access
- Information Disclosure
- JWT Information Leakage
- Weak Administrative Credentials
- File Upload Bypass
- Remote Code Execution (RCE)
- KeePass Credential Exposure
- Docker Group Privilege Escalation

🔍 Network Discovery

First, scan the local network to identify active hosts using arp-scan.

sudo arp-scan --localnet

Result

$ sudo arp-scan --localnet
[sudo] password for arc: 
Sorry, try again.
[sudo] password for arc: 
Sorry, try again.
[sudo] password for arc: 
Interface: eth0, type: EN10MB, MAC: 00:0c:29:8d:a8:e2, IPv4: 172.29.112.76
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
172.29.112.109 fe:f7:e9:58:e3:54 (Unknown: locally administered)
172.29.112.122 62:70:c1:a1:26:26 (Unknown: locally administered)
172.29.112.170 00:0c:29:09:d5:97 VMware, Inc.

3 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.098 seconds (122.02 hosts/sec). 3 responded

The target machine IP address was identified as:

Future Security Tools

Sun, 01 Jun 2025 00:00:00 +0000

A collection of planned security tools including recon automation, payload generators, and lab utilities.

Getting Started with Nmap for Penetration Testing

Thu, 15 May 2025 00:00:00 +0000

Learn essential Nmap scanning techniques for port discovery, service enumeration, and OS detection.

API Security Testing Basics with Postman and Burp Suite

Sun, 20 Apr 2025 00:00:00 +0000

Cover authentication flaws, input validation, rate limiting, and common OWASP API Security Top 10 vulnerabilities.

Linux File Permissions Cheat Sheet

Mon, 10 Mar 2025 00:00:00 +0000

chmod, chown, SUID, SGID, sticky bit reference guide.

Student Database System

Mon, 20 Jan 2025 00:00:00 +0000

Database application for managing student records with search, filter, and export capabilities.

Cybersecurity Analyst Job Simulation

Tue, 05 Nov 2024 00:00:00 +0000

Completed the Tata Cybersecurity Analyst job simulation covering SOC workflows and incident response.

Cryptographic Hash Generator

Tue, 15 Oct 2024 00:00:00 +0000

CLI tool supporting MD5, SHA-1, SHA-256, SHA-512 hash generation with file and string input.

Web Requests

Tue, 10 Sep 2024 00:00:00 +0000

Completed HTB Academy Web Requests covering HTTP protocol analysis and web security.

Pentesting Fundamentals

Thu, 22 Aug 2024 00:00:00 +0000

Completed TryHackMe Pentesting Fundamentals covering reconnaissance and vulnerability assessment.

Introduction to Networking

Mon, 15 Jul 2024 00:00:00 +0000

Completed HTB Academy Introduction to Networking covering TCP/IP and the OSI model.

Linux Fundamentals

Sun, 30 Jun 2024 00:00:00 +0000

Completed HTB Academy Linux Fundamentals covering command-line and file permissions.

Security Principles

Sat, 18 May 2024 00:00:00 +0000

Completed TryHackMe Security Principles covering defense-in-depth and risk management.

Pre Security

Fri, 12 Apr 2024 00:00:00 +0000

Completed TryHackMe Pre Security path covering cybersecurity and networking fundamentals.

API Fundamentals Student Expert

Wed, 20 Mar 2024 00:00:00 +0000

Earned Postman API Fundamentals Student Expert certification for API testing and security fundamentals.

Operating Systems Basics

Sat, 10 Feb 2024 00:00:00 +0000

Completed Cisco Operating Systems Basics covering Linux and Windows fundamentals.

Introduction to Cybersecurity

Mon, 15 Jan 2024 00:00:00 +0000

Completed Cisco’s foundational cybersecurity certification covering threat landscape, security principles, and network defense basics.