FunboxRookie — Anonymous FTP, Zip-Cracked SSH Keys, and a Password Hidden in MySQL History | OffSec PG FunboxRookie is a beginner-level boot-to-root on OffSec PG Play. The attack surface is wider …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A walkthrough of FunboxRookie, a beginner-level boot-to-root CTF on OffSec Proving Grounds. The attack chain covers anonymous FTP enumeration to download password-protected zip files containing SSH private keys, cracking the zip passwords with zip2john and John the Ripper against rockyou.txt, SSH login as tom using the extracted RSA key, discovering tom's plaintext password in .mysql_history, and escalating to root via an unrestricted sudo configuration. The writeup also covers a rabbit hole (cathrine's key doesn't work), a full attack chain summary, and detailed defense/mitigation recommendations for each vulnerability found.