Funbox: 2 (Rockie) Walkthrough

Reasonable Doubt

2020-09-05 (Updated: 2020-09-05)

vulnhub

reference	Funbox: 2 (Rockie)
target ip	192.168.1.23

Scan with nmap:

FTP anonymous login:

Enumerate FTP files, zip2john, then crack with john:

SSH as user tom:

Escape from rbash:

Enumerate local file /home/tom/.mysql_history:

Escalate from user tom to user root:

/root/flag.txt: