Funbox : Rookie,520/


  • FTP server allows anonymous login
  • Use John to crack each zipfile
  • Able to crack 2 users with private keys.
  • Only one of the user can be accessed
  • Search hidden history files to find for clues


Run nmap scan to find for open ports.

Port 80

Run a gobuster scan to find for hidden directories.

/logs/ gives us not found.

FTP login

Found some clues.

A base64 code that is same as the @users msg

Let’s use john to crack the zip files.

Only two users can be cracked.

The zip files contain the private keys.


We are able to gain access via the rsa key to the tom user.

We have a restricted shell , let’s use a python shell.

Look through the folder and search the history files.

We are able to find a password in the mysql_history

Check sudo permisiions.

Privilege escalation

Since we can run all sudo commands we can just switch to the root user.

Flag is found.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s