VulnHub: Funbox 11
This is an easy box from VulnHub which can be found at the following location:
Starting off with a NMAP scan we can see that there are a few ports open
Whenever I see port 21 or 139/445 open I always run NMAP on them to see if A) anonymous login is allowed and B) what version is being ran
As soon as I noticed that 21 was on 1.3.3c I knew the way up, this is a known vulnerable version with FTPD. I did a quick searchsploit just to make sure:
Now it is time to fire up Metasploit and run it against FTP
We get in as root, however I was not able to look at other directories. From here I made a quick shell.elf file utilizing msfvenom, made it executable and had a reverse shell back to me to allow for more functionality:
After running the shell.elf with ./shell.elf and having a netcat listener running we get a call back:
Now we are able to grab the root.txt flag from the /root directory.
Thanks for reading and I hope you enjoyed the writeup.