Persecure : my learning archive

Funbox: Scriptkiddie

Download the machine:

https://www.vulnhub.com/entry/funbox-scriptkiddie,725/

Overview

  • Enumeration will lead to an old version of FTP server
  • Use the metasploit ftp server exploit to gain root access

Enumeration

Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Port 80

Set the etc/hosts to funbox11.

The website is under WordPress.

Let’s use WPscan to enumerate more information.

Found the admin user but unable to bruteforce the password.

In the nmap scan we can see a FTP server that has an old version of Proftpd. Learch search an exploit on it.

Start up metasploit and search for the exploit.

Set the payload.

Run the exploit.

Foothold

Root user will be gained.

Privilege escalation

The final flag will be in the root folder.

Create a website or blog at WordPress.com