靶机地址:https://www.hackthebox.eu/home/machines/profile/209 靶机难度:初级(3.2/10) 靶机发布日期:2020年2月19日 靶机描述: Bankrobber is an Insane difficulty Windows machine featuring a web server that is vulnerable to XSS. This is exploited to steal the administrator’s cookies, which are used to gain access to the admin panel. The panel is found to contain additional functionality, which can be exploited to read files as well as execute code and gain foothold. An unknown service running on the box is found to be vulnerable to a buffer overflow, which can be exploited to execute arbitrary commands as SYSTEM.