Hey folks, hope everyone doing well and fine. In this post we are simple going through the funbox easy vulnhub machine walkthrough. It’s an easy level ctf, and also available on offensive security playground with the same name funbox easy vulnhub.
Check it on https://portal.offensive-security.com/proving-grounds/play or you can download it from vulnhub – click here
During the challenge we are going to learn different things like port scanning, dir fuzzing, shell uploading and privilege escalation. Remember that if you are solving any ctf focus more on enumeration.
nmap -sV 192.168.1.6
In the nmap scan we found that, there are two open ports, ssh, and http. do some recon like dir fuzzing on port number 80.
dirb http://192.168.1.6
got path /store/admin.php and check for default admin:admin credential.
tried function add new book and it shows upload a file so can upload shell too.!!
can able to add data and add shell too, download shell from pentestmonkey https://pentestmonkey.net/tools/web-shells/php-reverse-shell and update it with IP and port.
Now the point is where we can find that shell file, try a basic trick open any book and open image in a new tab will get path /store/bootstrap/img
run netcat and then open the shell file.
user
for user check /home/tony (tony is a user) and got password.txt, it includes ssh password.
do ssh and login as a user, yeah we got user.
root
To gain access root user, try some basic privilege escalation techniques.
for time check https://gtfobins.github.io/ which is really good resource for privilege escalation and also time saver.
run time command as sudo and that’s it..!! Successfully got root 🙂
If you found this post helpful then please share it with your co-workers and friends. Please provide your valuable comment and let us know if there is any suggestion. Now you can also collab with us please check our collaboration page, thank you!
