Persecure : my learning archive

Funbox : Rookie

https://www.vulnhub.com/entry/funbox-rookie,520/

Review

  • FTP server allows anonymous login
  • Use John to crack each zipfile
  • Able to crack 2 users with private keys.
  • Only one of the user can be accessed
  • Search hidden history files to find for clues

Enumeration

Run nmap scan to find for open ports.

Port 80

Run a gobuster scan to find for hidden directories.

/logs/ gives us not found.

FTP login

Found some clues.

A base64 code that is same as the @users msg

Let’s use john to crack the zip files.

Only two users can be cracked.

The zip files contain the private keys.

Foothold

We are able to gain access via the rsa key to the tom user.

We have a restricted shell , let’s use a python shell.

Look through the folder and search the history files.

We are able to find a password in the mysql_history

Check sudo permisiions.

Privilege escalation

Since we can run all sudo commands we can just switch to the root user.

Flag is found.

Create a website or blog at WordPress.com