Some versions of this challenge require you to crack the password of FUNHXX17.zip using fcrackzip or john with the rockyou.txt wordlist. The password is often found to be "p@ssword" or similar simple variations. 3. Initial Access Once unzipped by the system:
FUNHXX17.zip is a target file associated with the (sometimes referred to as Funbox 11 or UnderTheGround) Capture The Flag (CTF) machine, available on platforms like Vulnhub and OffSec's Proving Grounds. Write-up: Funbox UnderTheGround (FUNHXX17.zip) FUNHXX17.zip
If you used a symlink, you can now read the linked file through the web server. Some versions of this challenge require you to
The machine runs a background cron job or script that automatically processes/unzips files placed in certain directories (like /var/www/html/uploads or the FTP upload folder). Initial Access Once unzipped by the system: FUNHXX17
If the zip contained a , you simply navigate to the location where the script was extracted to trigger a connection back to your listener ( nc -lvnp 4444 ). 4. Privilege Escalation
