Create a symlink to a sensitive file (like /root/root.txt or /etc/shadow ) or a directory. Compress the symlink using the --symlinks flag in zip . Upload it back to the server.
Depending on the version of the VM you are running, it may be vulnerable to recent Linux kernel exploits.
Scanning the web server (Port 80) usually reveals a directory like /backups/ where this same zip file might be hosted or referenced. 2. Exploiting FUNHXX17.zip FUNHXX17.zip
Some versions of this challenge require you to crack the password of FUNHXX17.zip using fcrackzip or john with the rockyou.txt wordlist. The password is often found to be "p@ssword" or similar simple variations. 3. Initial Access Once unzipped by the system:
Most write-ups note that FTP allows Anonymous login . Inside the FTP directory, you will find FUNHXX17.zip among other files. Create a symlink to a sensitive file (like /root/root
FUNHXX17.zip is a target file associated with the (sometimes referred to as Funbox 11 or UnderTheGround) Capture The Flag (CTF) machine, available on platforms like Vulnhub and OffSec's Proving Grounds. Write-up: Funbox UnderTheGround (FUNHXX17.zip)
The core "trick" of this machine involves how the system handles this specific zip file. Depending on the version of the VM you
Look for writable scripts in /etc/crontab that are executed by root.