I Hacked a Bank?!!

Calm Down, no I didn’t, LOL.

I solved my first machine on TryHackMe, yaaaay!
So I’m here to brag about my simple understanding of the tool used in this machine.

GO BUSTER!

So, gobuster is a brute-forcing tool used to discover hidden paths, files, and directories on a target web server.

In that machine, TryHackMe gave us a command to discover the fake bank’s hidden page on its URL.

How? By iterating through a word list text file containing a list of possible directory or file names to try and find hidden paths on the web server and access these pages!

What happens when we run that command? It iterates through the word list and outputs the found paths, in the website and matched in the list, with a status code! Now the status codes tell us something, depending on the status code we can know if that page/path is accessible or inaccessible, or redirects to something.

The command found the /bank-transfer with status code 200, 200 means that this path exists and accessible. We put the full URL on the search bar, enter and BAM! You can access the sneaky hidden page and can transfer money!

Wanna see my victory?

Nah-uh-uh, don’t peek into the solution, I covered it, cyberling! I want you to enjoy the challenge and feel proud of yourself!

So yups, hope you found anything useful reading this absolutely simple write-up, and stay tuned!

Have a great day!