Funbox — Vulnhub Walkthrough

Network Enumeration

nmap -sC -sV -oA nmap/funbox 192.168.242.77
wpscan --url http://funbox.fritz.box/ -eu

Exploitation

login: joe password: 12345
ssh joe@192.168.242.77 -t "bash --noprofile"

Privilege Escalation

-rwxrwxrwx 1 funny funny      143 Apr 27 15:57 .backup.sh

Hi Joe, please tell funny the backupscript is done.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store