Funhxx17.zip Link

Some versions of this challenge require you to crack the password of FUNHXX17.zip using fcrackzip or john with the rockyou.txt wordlist. The password is often found to be "p@ssword" or similar simple variations. 3. Initial Access Once unzipped by the system:

If the zip contained a , you simply navigate to the location where the script was extracted to trigger a connection back to your listener ( nc -lvnp 4444 ). 4. Privilege Escalation

Because the unzipping process often runs with high privileges (or as a user with write access to the webroot), you can create a malicious zip file containing a symbolic link . FUNHXX17.zip

The core "trick" of this machine involves how the system handles this specific zip file.

If you used a symlink, you can now read the linked file through the web server. Some versions of this challenge require you to

FUNHXX17.zip is a target file associated with the (sometimes referred to as Funbox 11 or UnderTheGround) Capture The Flag (CTF) machine, available on platforms like Vulnhub and OffSec's Proving Grounds. Write-up: Funbox UnderTheGround (FUNHXX17.zip)

Create a symlink to a sensitive file (like /root/root.txt or /etc/shadow ) or a directory. Compress the symlink using the --symlinks flag in zip . Upload it back to the server. Initial Access Once unzipped by the system: If

Running nmap reveals open ports, typically 21 (FTP) , 22 (SSH) , and 80 (HTTP) .