https://zer0arc4.github.io/writeups/vulnyx/Recent content in Vulnyx on zer0arc4Hugoen-ushttps://zer0arc4.github.io/writeups/vulnyx/bank/Tue, 09 Jun 2026 21:10:28 +0530https://zer0arc4.github.io/writeups/vulnyx/bank/<hr> <h1 id="vulnyx--bank-writeup"><a href="https://vulnyx.com/">VulNyx</a> – BANK Writeup</h1> <img width="671" height="426" alt="image" src="https://github.com/user-attachments/assets/9b4db2b3-4119-4c80-83f6-b70d05cde7c8" /> <hr> <h1 id="-target-information">🎯 Target Information</h1> <ul> <li><strong>Platform:</strong> VulNyx.com</li> <li><strong>Machine Name:</strong> BANK</li> <li><strong>Key Vulnerabilities:</strong> <ul> <li>SMB Anonymous Share Access</li> <li>Information Disclosure</li> <li>JWT Information Leakage</li> <li>Weak Administrative Credentials</li> <li>File Upload Bypass</li> <li>Remote Code Execution (RCE)</li> <li>KeePass Credential Exposure</li> <li>Docker Group Privilege Escalation</li> </ul> </li> </ul> <hr> <h1 id="-network-discovery">🔍 Network Discovery</h1> <p>First, scan the local network to identify active hosts using <code>arp-scan</code>.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sudo arp-scan --localnet </span></span></code></pre></div><h2 id="result">Result</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ sudo arp-scan --localnet </span></span><span class="line"><span class="cl">[sudo] password for arc: </span></span><span class="line"><span class="cl">Sorry, try again. </span></span><span class="line"><span class="cl">[sudo] password for arc: </span></span><span class="line"><span class="cl">Sorry, try again. </span></span><span class="line"><span class="cl">[sudo] password for arc: </span></span><span class="line"><span class="cl">Interface: eth0, type: EN10MB, MAC: 00:0c:29:8d:a8:e2, IPv4: 172.29.112.76 </span></span><span class="line"><span class="cl">Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan) </span></span><span class="line"><span class="cl">172.29.112.109 fe:f7:e9:58:e3:54 (Unknown: locally administered) </span></span><span class="line"><span class="cl">172.29.112.122 62:70:c1:a1:26:26 (Unknown: locally administered) </span></span><span class="line"><span class="cl">172.29.112.170 00:0c:29:09:d5:97 VMware, Inc. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">3 packets received by filter, 0 packets dropped by kernel </span></span><span class="line"><span class="cl">Ending arp-scan 1.10.0: 256 hosts scanned in 2.098 seconds (122.02 hosts/sec). 3 responded </span></span></code></pre></div><p>The target machine IP address was identified as:</p>